Privacy policy

Introduction and Overview

We have written this privacy policy (version 21.12.2024-112924686) in order to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as the controller – and the processors commissioned by us (e.g. providers) – process, will process in the future and what legal options you have. The terms used are to be considered gender-neutral.
In short: We provide you with comprehensive information about any of your personal data we process.

Privacy policies usually sound very technical and use legal terminology. However, this privacy policy is intended to describe the most important things to you as simply and transparently as possible. So long as it aids transparency, technical terms are explained in a reader-friendly manner, links to further information are provided and graphics are used. We are thus informing in clear and simple language that we only process personal data in the context of our business activities if there is a legal basis for it. This is certainly not possible with brief, unclear and legal-technical statements, as is often standard on the internet when it comes to data protection. I hope you find the following explanations interesting and informative. Maybe you will also find some information that you have not been familiar with.
If you still have questions, we kindly ask you to contact the responsible body named below or in the imprint, follow the existing links and look at further information on third-party sites. You can of course also find our contact details in the imprint.

Scope

This privacy policy applies to all personal data processed by our company and to all personal data processed by companies commissioned by us (processors). With the term personal data, we refer to information within the meaning of Article 4 No. 1 GDPR, such as the name, email address and postal address of a person. The processing of personal data ensures that we can offer and invoice our services and products, be it online or offline. The scope of this privacy policy includes:

• all online presences (websites, online shops) that we operate
• Social media presences and email communication
• mobile apps for smartphones and other devices

In short: This privacy policy applies to all areas in which personal data is processed in a structured manner by the company via the channels mentioned. Should we enter into legal relations with you outside of these channels, we will inform you separately if necessary.

Legal bases

In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data.
Whenever EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can of course access the General Data Protection Regulation of the EU online at EUR-Lex, the gateway to EU law, at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6 Paragraph 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of data you entered into a contact form.
2. Contract (Article 6 Paragraph 1 lit. b GDPR): We process your data in order to fulfill a contract or pre-contractual obligations with you. For example, if we conclude a sales contract with you, we need personal information in advance.
3. Legal obligation (Article 6 Paragraph 1 lit. c GDPR): If we are subject to a legal obligation, we will process your data. For example, we are legally required to keep invoices for our bookkeeping. These usually contain personal data.
4. Legitimate interests (Article 6 Paragraph 1 lit. f GDPR): In the case of legitimate interests that do not restrict your basic rights, we reserve the right to process personal data. For example, we have to process certain data in order to be able to operate our website securely and economically. Therefore, the processing is a legitimate interest.

Other conditions such as making recordings in the interest of the public, the exercise of official authority as well as the protection of vital interests do not usually occur with us. Should such a legal basis be relevant, it will be disclosed in the appropriate place.

In addition to the EU regulation, national laws also apply:

• In Austria this is the Austrian Data Protection Act (Datenschutzgesetz), in short DSG.
• In Germany this is the Federal Data Protection Act (Bundesdatenschutzgesetz), in short BDSG.

Should other regional or national laws apply, we will inform you about them in the following sections.

Storage Period

It is a general criterion for us to store personal data only for as long as is absolutely necessary for the provision of our services and products. This means that we delete personal data as soon as any reason for the data processing no longer exists. In some cases, we are legally obliged to keep certain data stored even after the original purpose no longer exists, such as for accounting purposes.

If you want your data to be deleted or if you want to revoke your consent to data processing, the data will be deleted as soon as possible, provided there is no obligation to continue its storage.

We will inform you below about the specific duration of the respective data processing, provided we have further information.

Rights in accordance with the General Data Protection Regulation

In accordance with Articles 13, 14 of the GDPR, we inform you about the following rights you have to ensure fair and transparent processing of data:

• According to Article 15 DSGVO, you have the right to information about whether we are processing data about you. If this is the case, you have the right to receive a copy of the data and to know the following information:
  • for what purpose we are processing;
  • the categories, i.e. the types of data that are processed;
  • who receives this data and if the data is transferred to third countries, how security can be guaranteed;
  • how long the data will be stored;
  • the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
  • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
  • the origin of the data if we have not collected it from you;
  • Whether profiling is carried out, i.e. whether data is automatically evaluated to arrive at a personal profile of you.
• You have a right to rectification of data according to Article 16 GDPR, which means that we must correct data if you find errors.
• You have the right to erasure (“right to be forgotten”) according to Article 17 GDPR, which specifically means that you may request the deletion of your data.
• According to Article 18 of the GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.
• According to Article 20 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a standard format upon request.
• According to Article 21 DSGVO, you have the right to object, which entails a change in processing after enforcement.
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then check as soon as possible whether we can legally comply with this objection.
  • If data is used to conduct direct advertising, you may object to this type of data processing at any time. We may then no longer use your data for direct marketing.
  • If data is used to conduct profiling, you may object to this type of data processing at any time. We may no longer use your data for profiling thereafter.
• According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (for example, profiling).
• You have the right to lodge a complaint under Article 77 of the GDPR. This means that you can complain to the data protection authority at any time if you believe that the data processing of personal data violates the GDPR.

In short: you have rights – do not hesitate to contact the responsible party listed above with us!

If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the data protection authority, whose website can be found at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Austria Data protection authority

Manager:Dr. Matthias Schmidl
Address: Barichgasse 40-42, 1030 Wien
Phone number.: +43 1 52 152-0
E-mail address: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Security of data processing operations

In order to protect personal data, we have implemented both technical and organisational measures. We encrypt or pseudonymise personal data wherever this is possible. Thus, we make it as difficult as we can for third parties to extract personal information from our data.

Article 25 of the GDPR refers to “data protection by technical design and by data protection-friendly default” which means that both software (e.g. forms) and hardware (e.g. access to server rooms) appropriate safeguards and security measures shall always be placed. If applicable, we will outline the specific measures below.

TLS encryption with https

The terms TLS, encryption and https sound very technical, which they are indeed. We use HTTPS (Hypertext Transfer Protocol Secure) to securely transfer data on the Internet.
This means that the entire transmission of all data from your browser to our web server is secured – nobody can “listen in”.

We have thus introduced an additional layer of security and meet privacy requirements through technology design Article 25 Section 1 GDPR). With the use of TLS (Transport Layer Security), which is an encryption protocol for safe data transfer on the internet, we can ensure the protection of confidential information.
You can recognise the use of this safeguarding tool by the little lock-symbol , which is situated in your browser’s top left corner in the left of the internet address (e.g. examplepage.uk), as well as by the display of the letters https (instead of http) as a part of our web address.
If you want to know more about encryption, we recommend you to do a Google search for “Hypertext Transfer Protocol Secure wiki” to find good links to further information.

Data Processing Agreement (DPA)

In this section, we would like to explain what a Data Processing Agreement is and why it is needed. As the term “Data Processing Agreement” is quite lengthy, we will often only use the acronym DPA here in this text. Like most companies, we do not work alone, but also use the services of other companies or individuals. By involving different companies or service providers, we may pass on personal data for processing. These partners then act as processors with whom we conclude a contract, the so-called Data Processing Agreement (DPA). Most importantly for you to know is that any processing of your personal data takes place exclusively according to our instructions and must be regulated by the DPA.

Who are the processors?

As a company and website owner, we are responsible for any of your data that is processed by us. In addition to the controller, there may also be so-called processors involved. This includes any company or person who processes your personal data. More precisely and according to the GDPR’s definition, this means: Any natural or legal person, authority, institution or other entity that processes your personal data is considered a processor. Processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers or large companies such as Google or Microsoft.

To make the terminology easier to comprehend, here is an overview of the GDPR’s three roles:

Data subject (you as a customer or interested party) → Controller (we as a company and contracting entity) → Processors (service providers such as web hosts or cloud providers)

Contents of a Data Processing Agreement

As mentioned above, we have concluded a DPA with our partners who act as processors. First and foremost, it states that the processor processes the data exclusively in accordance with the GDPR. The contract must be concluded in writing, although an electronic contract completion is also considered a “written contract”. Any processing of personal data only takes place after this contract is concluded. The contract must contain the following:

• indication to us as the controller
• obligations and rights of the controller
• categories of data subjects
• type of personal data
• type and purpose of data processing
• subject and duration of data processing
• location of data processing

Furthermore, the contract contains all obligations of the processor. The most important obligations are:

• ensuring data security measures
• taking possible technical and organisational measures to protect the rights of the data subject
• maintaining a data processing record
• cooperation with the data protection authority upon request
• performing a risk analysis for any received personal data
• subprocessors may only be appointed with the written consent of the controller

You can see an example of what a DPA looks like at https://gdpr.eu/data-processing-agreement/. This link shows a sample contract.

Cookies

What are cookies?

Our website uses HTTP-cookies to store user-specific data.
In the following we explain what cookies are and why they are used, so that you can better understand the following privacy policy.

Whenever you surf the Internet, you are using a browser. Common browsers are for example, Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text-files in your browser. These files are called cookies.

It is important to note that cookies are very useful little helpers. Almost every website uses cookies. More precisely, these are HTTP cookies, as there are also other cookies for other uses. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically placed into the cookie-folder, which is the “brain” of your browser. A cookie consists of a name and a value. Moreover, to define a cookie, one or multiple attributes must be specified.

Cookies store certain user data about you, such as language or personal page settings. When you re-open our website to visit again, your browser submits these “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are familiar to. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in one single file.

The following graphic shows a possible interaction between a web browser such as Chrome and the web server. The web browser requests a website and receives a cookie back from the server. The browser then uses this again as soon as another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner-websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, trojans or other malware. Cookies also cannot access your PC’s information.

This is an example of how cookie-files can look:

Name: _ga
Value: GA1.2.1326744211.152112924686-9
Purpose: Differentiation between website visitors
Expiry date: after 2 years

A browser should support these minimum sizes:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

Which types of cookies are there?

The exact cookies that we use, depend on the used services, which will be outlined in the following sections of this privacy policy. Firstly, we will briefly focus on the different types of HTTP-cookies.

There are 4 different types of cookies:

Essential cookies
These cookies are necessary to ensure the basic functions of a website. They are needed when a user for example puts a product into their shopping cart, then continues surfing on different websites and comes back later in order to proceed to the checkout. These cookies ensure the shopping cart does not get deleted, even if the user closes their browser window.

Purposive cookies
These cookies collect information about user behaviour and whether the user receives any error messages. Furthermore, these cookies record the website’s loading time as well as its behaviour in different browsers.

Target-orientated cookies
These cookies ensure better user-friendliness. Thus, information such as previously entered locations, fonts sizes or data in forms stay stored.

Advertising cookies
These cookies are also known as targeting cookies. They serve the purpose of delivering customised advertisements to the user. This can be very practical, but also rather annoying.

Upon your first visit to a website you are usually asked which of these cookie-types you want to accept. Furthermore, this decision will of course also be stored in a cookie.

If you want to learn more about cookies and do not mind technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.

Purpose of processing via cookies

The purpose ultimately depends on the respective cookie. You can find out more details below or from the software manufacturer that sets the cookie.

Which data are processed?

Cookies are little helpers for a wide variety of tasks. Unfortunately, it is not possible to tell which data is generally stored in cookies, but in the privacy policy below we will inform you on what data is processed or stored.

Storage period of cookies

The storage period depends on the respective cookie and is further specified below. Some cookies are erased after less than an hour, while others can remain on a computer for several years.

You can also influence the storage duration yourself. You can manually erase all cookies at any time in your browser (also see “Right of objection” below). Furthermore, the latest instance cookies based on consent will be erased is after you withdraw your consent. The legality of storage will remain unaffected until then.

Right of objection – how can I erase cookies?

You can decide for yourself how and whether you want to use cookies. Regardless of which service or website the cookies originate from, you always have the option of erasing, deactivating or only partially accepting cookies. You can for example block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, or if you want to change or erase cookie settings, you can find this option in your browser settings:

Chrome: Clear, enable and manage cookies in Chrome

Safari: Manage cookies and website data in Safari

Firefox: Clear cookies and site data in Firefox

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete cookies in Microsoft Edge

If you generally do not want cookies, you can set up your browser in a way to notify you whenever a cookie is about to be set. This gives you the opportunity to manually decide to either permit or deny the placement of every single cookie. This procedure varies depending on the browser. Therefore, it might be best for you to search for the instructions in Google. If you are using Chrome, you could for example put the search term “delete cookies Chrome” or “deactivate cookies Chrome” into Google.

Legal basis

The so-called “cookie directive” has existed since 2009. It states that the storage of cookies requires your consent (Article 6 Paragraph 1 lit. a GDPR). Within countries of the EU, however, the reactions to these guidelines still vary greatly. In Austria, however, this directive was implemented in Section 165 (3) of the Telecommunications Act (2021). In Germany, the cookie guidelines have not been implemented as national law. Instead, this guideline was largely implemented in Section 15 (3) of the Telemedia Act (TMG), which has been replaced by the Digital Services Act (DSA) since May 2024.

For absolutely necessary cookies, even if no consent has been given, there are legitimate interests (Article 6 (1) (f) GDPR), which in most cases are of an economic nature. We want to offer our visitors a pleasant user experience on our website. For this, certain cookies often are absolutely necessary.

This is exclusively done with your consent, unless absolutely necessary cookies are used. The legal basis for this is Article 6 (1) (a) of the GDPR.

In the following sections you will find more detail on the use of cookies, provided the used software does use cookies.

Application Data

What is application data?

You can apply for a job at our company via email, online form, or a recruiting tool. All data we receive and process as part of an application is considered application data. This includes personal data such as name, date of birth, address, and phone number.

Why do we process application data?

We process your data to carry out a proper selection process for the advertised position. Additionally, we may retain your application documents in our applicant archive. Often, we are impressed by a candidate and their application but cannot proceed with collaboration for various reasons. With your consent, we archive your documents so we can easily contact you for future opportunities in our company.

We assure you that we handle your data with the utmost care and always process it within the legal framework. Within our company, your data is only shared with individuals directly involved in your application process. In short: Your data is safe with us!

What data is processed?

For example, when you apply via email, we naturally receive personal data as mentioned above. Even the email address itself is considered personal data. During the application process, only data relevant to deciding whether we would like to welcome you to our team is processed.

The specific data processed depends primarily on the job listing. However, it usually includes your name, date of birth, contact details, and proof of qualifications. If you submit your application via an online form, the data is transmitted to us in encrypted form. If you send your application via email, this encryption does not occur, and we cannot take responsibility for the transmission method. Once the data is on our servers, we are responsible for its lawful handling.

During the application process, information about your health or ethnic origin may also be requested. This helps us comply with legal obligations related to labor law, social security, and social protection. These are considered special category data.

Here is a list of possible data we receive and process:

• Name
• Contact address
• Email address
• Phone number
• Date of birth
• Information from cover letters and resumes
• Proof of qualifications (e.g., certificates)
• Special category data (e.g., ethnic origin, health data, religious beliefs)
• Usage data (visited websites, access data, etc.)
• Metadata (IP address, device information)

How long is the data stored?

If you join our team, your data will be further processed for employment purposes and retained at least until the employment relationship ends. All application documents will then become part of your employee file.

If we do not offer you the position, you decline our offer, or withdraw your application, we may retain your data for up to 6 months after the application process ends under legitimate interest (Art. 6(1)(f) GDPR). After that, both electronic data and physical documents will be fully deleted or destroyed. We retain your data, for example, to answer follow-up questions or to provide evidence of the application in case of legal disputes. If a legal dispute arises and we need the data beyond the 6-month period, we will delete it only when there is no longer any reason to retain it. If there are statutory retention obligations, we must store the data longer than 6 months.

Furthermore, we may retain your data longer if you provide explicit consent. This might be the case if we see potential for future collaboration. In such cases, your data will be included in our applicant pool. Of course, you can withdraw your consent for extended retention at any time. If no withdrawal is made and no new consent is given, your data will be deleted after a maximum of 2 years.

Legal Basis

The legal bases for processing your data are Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract or pre-contractual measures), Art. 6(1)(f) GDPR (legitimate interests), and Art. 9(2)(a) GDPR (processing special categories of data).

If we include you in our applicant tool, it is based on your consent (Art. 6(1)(a) GDPR). We emphasize that your consent to join our applicant pool is voluntary, does not affect the application process, and can be withdrawn at any time. The legality of processing until the point of withdrawal remains unaffected.

In cases where vital interests are at stake, data processing occurs under Art. 9(2)(c) GDPR. For purposes related to healthcare, occupational medicine, medical diagnosis, provision of health or social care, or the management of systems and services in health or social care, data is processed under Art. 9(2)(h) GDPR. If you voluntarily provide special category data, processing is based on Art. 9(2)(a) GDPR.

Customer Data

What is customer data?

In order to be able to offer our services and contractual services, we also process data from our customers and business partners. This data always includes personal data. Customer data is all information that is processed on the basis of contractual or pre-contractual agreements so that the offered services can be provided. Customer data is therefore all the information we collect and process about our customers.

Why do we process customer data?

There are many reasons why we collect and process customer data. The main reason is that we simply need specific data to provide our services. Sometimes for example your email address may be enough. But if you purchase a product or service, we may e. g. also need data such as your name, address, bank details or other contract data. This data will subsequently be used for marketing and sales optimisation so that we can improve our overall service for our customers and clients. Another important reason for data processing is our customer service, which is very important to us. We want you to have the opportunity to contact us at any time with questions about our offers. Thus, we may need certain data such as your email address at the very least.

What data is processed?

Exactly which data is stored can only be shown by putting them in categories. All in all, it always depends on which of our services you receive. In some cases, you may only give us your email address so that we can e. g. contact you or answer your questions. In other instances, you may purchase one of our products or services. Then we may need significantly more information, such as your contact details, payment details and contract details.

Here is a list of potential data we may receive and process:

• Name
• Contact address
• Email address
• Phone number
• Your birthday
• Payment data (invoices, bank details, payment history, etc.)
• Contract data (duration, contents)
• Usage data (websites visited, access data, etc.)
• Metadata (IP address, device information)

How long is the data stored?

We erase corresponding customer data as soon as we no longer need it to fulfill our contractual obligations and purposes, and as soon as the data is also no longer necessary for possible warranty and liability obligations. This can for example be the case when a business contract ends. Thereafter, the limitation period is usually 3 years, although longer periods may be possible in individual cases. Of course, we also comply with the statutory retention requirements. Your customer data will certainly not be passed on to third parties unless you have given your explicit consent.

Legal Basis

The legal basis for the processing of your data is Article 6 Paragraph 1 Letter a GDPR (consent), Article 6 Paragraph 1 Letter b GDPR (contract or pre-contractual measures), Article 6 Paragraph 1 Letter f GDPR (legitimate interests) and in special cases (e. g. medical services) Art. 9 (2) lit. GDPR (processing of special categories).

In the case of protecting vital interests, data processing is carried out in accordance with Article 9 Paragraph 2 Letter c. GDPR. For the purposes of health care, occupational medicine, medical diagnostics, care or treatment in the health or social sectors or for the administration of systems and services in health or social sectors, the processing of personal data takes place in accordance with Art. 9 Para. 2 lit. h. GDPR. If you voluntarily provide data of these special categories, the processing takes place on the basis of Article 9 Paragraph 2 lit. a GDPR.

Web hosting

What is web hosting?

Every time you visit a website nowadays, certain information – including personal data – is automatically created and stored, including on this website. This data should be processed as sparingly as possible, and only with good reason. By website, we mean the entirety of all websites on your domain, i.e. everything from the homepage to the very last subpage (like this one here). By domain we mean example.uk or examplepage.com.

When you want to view a website on a screen, you use a program called a web browser. You probably know the names of some web browsers: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari.

The web browser has to connect to another computer which stores the website’s code: the web server. Operating a web server is complicated and time-consuming, which is why this is usually done by professional providers. They offer web hosting and thus ensure the reliable and flawless storage of website data.

Whenever the browser on your computer establishes a connection (desktop, laptop, smartphone) and whenever data is being transferred to and from the web server, personal data may be processed. After all, your computer stores data, and the web server also has to retain the data for a period of time in order to ensure it can operate properly.

Illustration:

Why do we process personal data?

The purposes of data processing are:

1. Professional hosting of the website and operational security
2. To maintain the operational as well as IT security
3. Anonymous evaluation of access patterns to improve our offer, and if necessary, for prosecution or the pursuit of claims.li>

Which data are processed?

Even while you are visiting our website, our web server, that is the computer on which this website is saved, usually automatically saves data such as

• the full address (URL) of the accessed website (e. g. https://www.examplepage.uk/examplesubpage.html?tid=112924686)
• browser and browser version (e.g. Chrome 87)
• the operating system used (e.g. Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e. g. https://www.examplepage.uk/icamefromhere.html/)
• the host name and the IP address of the device from the website is being accessed from (e.g. COMPUTERNAME and 194.23.43.121)
• date and time
• in so-called web server log files

How long is the data stored?

Generally, the data mentioned above are stored for two weeks and are then automatically deleted. We do not pass these data on to others, but we cannot rule out the possibility that this data may be viewed by the authorities in the event of illegal conduct.

In short: Your visit is logged by our provider (company that runs our website on special computers (servers)), but we do not pass on your data without your consent!

Legal basis

The lawfulness of processing personal data in the context of web hosting is justified in Art. 6 para. 1 lit. f GDPR (safeguarding of legitimate interests), as the use of professional hosting with a provider is necessary to present the company in a safe and user-friendly manner on the internet, as well as to have the ability to track any attacks and claims, if necessary.

Hostinger Privacy Policy

We also use the webhosting service Hostinger for our business. The service provider is the Lithuanian company HOSTINGER, UAB, Švitrigailos Str. 34, LT-03230 Vilnius, Lithuania.

You can find out more about the data processed by using Hostinger in the privacy policy at https://www.hostinger.co.uk/legal/privacy-policy.

Email-Marketing

What is Email-Marketing?

We use email marketing to keep you up to date. If you have agreed to receive our emails or newsletters, your data will be processed and stored. Email marketing is a part of online marketing. In this type of marketing, news or general information about a company, product or service are emailed to a specific group of people who are interested in it.

If you want to participate in our email marketing (usually via newsletter), you usually just have to register with your email address. To do this, you have to fill in and submit an online form. However, we may also ask you for your title and name, so we can address you personally in our emails.

The registration for newsletters generally works with the help of the so-called “double opt-in procedure”. After you have registered for our newsletter on our website, you will receive an email, via which you can confirm the newsletter registration. This ensures that you own the email address you signed up with, and prevents anyone to register with a third-party email address. We or a notification tool we use, will log every single registration. This is necessary so we can ensure and prove, that registration processes are done legally and correctly. In general, the time of registration and registration confirmation are stored, as well as your IP address. Moreover, any change you make to your data that we have on file is also logged.

Why do we use Email-Marketing?

Of course, we want to stay in contact with you and keep you in the loop of the most important news about our company. For this, we use email marketing – often just referred to as “newsletters” – as an essential part of our online marketing. If you agree to this or if it is permitted by law, we will send you newsletters, system emails or other notifications via email. Whenever the term “newsletter” is used in the following text, it mainly refers to emails that are sent regularly. We of course don’t want to bother you with our newsletter in any way. Thus, we genuinely strive to offer only relevant and interesting content. In our emails you can e.g. find out more about our company and our services or products. Since we are continuously improving our offer, our newsletter will always give you the latest news, or special, lucrative promotions. Should we commission a service provider for our email marketing, who offers a professional mailing tool, we do this in order to offer you fast and secure newsletters. The purpose of our email marketing is to inform you about new offers and also to get closer to our business goals.

Which data are processed?

If you subscribe to our newsletter via our website, you then have to confirm your membership in our email list via an email that we will send to you. In addition to your IP and email address, your name, address and telephone number may also be stored. However, this will only be done if you agree to this data retention. Any data marked as such are necessary so you can participate in the offered service. Giving this information is voluntary, but failure to provide it will prevent you from using this service. Moreover, information about your device or the type of content you prefer on our website may also be stored. In the section “Automatic data storage” you can find out more about how your data is stored when you visit a website. We record your informed consent, so we can always prove that it complies with our laws.

Duration of data processing

If you unsubscribe from our e-mail/newsletter distribution list, we may store your address for up to three years on the basis of our legitimate interests, so we can keep proof your consent at the time. We are only allowed to process this data if we have to defend ourselves against any claims.

However, if you confirm that you have given us your consent to subscribe to the newsletter, you can submit an individual request for erasure at any time. Furthermore, if you permanently object to your consent, we reserve the right to store your email address in a blacklist. But as long as you have voluntarily subscribed to our newsletter, we will of course keep your email address on file.

Withdrawal – how can I cancel my subscription?

You have the option to cancel your newsletter subscription at any time. All you have to do is revoke your consent to the newsletter subscription. This usually only takes a few seconds or a few clicks. Most of the time you will find a link at the end of every email, via which you will be able to cancel the subscription. Should you not be able to find the link in the newsletter, you can contact us by email and we will immediately cancel your newsletter subscription for you.

Legal basis

Our newsletter is sent on the basis of your consent (Article 6 (1) (a) GDPR). This means that we are only allowed to send you a newsletter if you have actively registered for it beforehand. Moreover, we may also send you advertising messages on the basis of Section 7 (3) UWG (Unfair Competition Act), provided you have become our customer and have not objected to the use of your email address for direct mail.

If available – you can find information on special email marketing services and how they process personal data, in the following sections.

Mailjet Privacy Policy

What is Mailjet?

We use Mailjet, a service for our email marketing, on our website. The service provider is the German company Mailjet GmbH, Alt-Moabit 2, 10557 Berlin, Germany.

Mailjet was founded in 2010 by Julien Tartarin, Wilfried Durand, and Thibaud Elzière to provide companies with the ability to send, receive, and track emails. Since its inception, the company has continued to grow, offering features such as creating appealing email templates, segmenting target audiences, and measuring campaign performance.

By using Mailjet, personal data such as IP addresses, geographic data, or contact details may be collected, stored, and processed. In this privacy policy, we provide detailed information about data processing by Mailjet to ensure you are well-informed.

Why do we use Mailjet on our website?

Primarily, we use the email marketing service to stay in touch with you and easily convey essential news. For our marketing efforts, we always seek the simplest and best solutions. For this reason, we chose Mailjet’s service. Although the software is straightforward to use, it offers a wide range of helpful features.

With Mailjet, we can customize our newsletters and align them with our company’s design. Mailjet also provides useful analytics capabilities. We can determine whether and when the newsletter was opened, and the software recognizes which links you click. This information helps us tailor our offerings to your interests and preferences, ultimately aiming to provide a service that supports your endeavors.

What data does Mailjet process?

When you become a subscriber to our newsletter through our website, you confirm membership in a Mailjet email list via email. To demonstrate your enrollment in the “list provider,” Mailjet stores the date of registration, time, and your IP address.

Through Mailjet, we can keep you up-to-date firsthand on what’s happening in our company. However, during the newsletter signup process, all data you enter (such as your email address or your first and last name) is stored and managed on our server and at Mailjet. This also involves personal data. During registration, you also consent to receiving the newsletter, with reference to this privacy policy. Additionally, data such as your click behavior in the newsletter can be processed. This information is used to send you emails and enable certain other Mailjet features (such as newsletter analysis).

How long and where are the data stored?

In general, Mailjet deletes data when it is no longer needed for its purposes. There are exceptions, especially if legal obligations require longer retention of data. Web server logs containing your IP address and technical data are deleted by Mailjet even if you unsubscribe from our newsletter. According to Mailjet’s privacy policy, personal data is deleted within a maximum of 90 days after the deletion request.

Right to object

You have the option to unsubscribe from our newsletter at any time. To do so, you only need to revoke your consent to newsletter registration. This typically takes only a few seconds or one or two clicks. In most cases, you will find a link directly at the end of each email to cancel the newsletter subscription. If the link is not found in the newsletter, please contact us by email, and we will promptly cancel your newsletter subscription. After unsubscribing, personal data is deleted from our server and the Mailjet servers. You have the right to free information about your stored data and, if applicable, the right to deletion, blocking, or correction.

Legal basis

If you have consented to the use of Mailjet, the legal basis for the corresponding data processing is this consent. According to Art. 6 (1) lit. a GDPR (Consent), this consent is the legal basis for the processing of personal data that may occur during data collection by Mailjet.

Moreover, from our perspective, there is a legitimate interest in using Mailjet to optimize our online service and create beautiful and informative newsletters for you. The corresponding legal basis for this is Art. 6 (1) lit. f GDPR (Legitimate interests). If consent is not required, newsletter dispatch is based on the legitimate interest in direct marketing (Article 6 (1) lit. f), provided this is legally permissible. We record your registration process to always be able to demonstrate that it complies with our laws.

Learn more about the data processed by using Mailjet in the Privacy Policy at https://www.mailjet.com/legal/privacy-policy/.

Blogs and Publication Media Introduction

What are blogs and publishing media?

We use blogs or other means of communication on our website through which we can communicate with you – and through which you can communicate with us. Your data may also be stored and processed by us. This may be necessary in order for us to display content appropriately, make communication work smoothly and increase security. In this privacy policy, we will show you general information on which of your data may be processed. The exact information on data processing, however, always depends on the tools and functions used. You will find detailed information about data processing in the privacy policies of the individual providers.

Why do we use blogs and publication media?

Our greatest motivation for our website is to offer you interesting and exciting content. At the same time, your opinions and your content are important to us. That’s why we want to create a good interactive exchange between you and ourselves. With various blogs and publication options, we can achieve exactly that. You can e. g. post comments about our content, reply to others’ comments or, in some cases, make posts yourself.

Which data is processed?

Exactly which data is processed always depends on the communication functions we use. Very often IP address, username and published content are stored. This is done primarily to ensure security protection, prevent spam, and for us to be able to take action against any illegal content. What is more, cookies may also be used for data retention. They are small text files that are stored as information in your browser. You can find more details about the collected and stored data in our individual sections and in the privacy policies of the respective providers.

Duration of data processing

We will inform you below about the duration of data processing, provided we have further information on this. For example, post and comment functions store data until you revoke data storage. In general, personal data is only stored for as long as is absolutely necessary for us to provide you with our services.

Right to object

You also have the right and the option to revoke your consent to the use of cookies or third-party communication tools at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating or erasing the cookies in your browser.

Since cookies can also be used in publication media, we also recommend you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Legal Basis

We use this means of communication mainly on the basis of our legitimate interests (Art. 6 Para. 1 lit. f GDPR) in fast and good communication with you or other customers, business partners and visitors. Provided the use serves to process or initiate contractual relationships, the legal basis also extends to Article 6 Paragraph 1 Sentence 1 lit. b. GDPR.

Certain types of processing require your consent – in particular the use of cookies and comment or message functions. Provided you have consented to your data being processed and stored by integrated publication media, this consent is the legal basis for any data processing (Article 6 (1) (a) GDPR). Most communication features we use set cookies in your browser to store data. We therefore recommend you read our privacy policy on cookies carefully and consult the privacy policy or cookie policy of the relevant service provider.

Information on specific tools – if available – can be found in the following sections.

Blog Posts and Comment Functions Privacy Policy

There are various online communication tools that we may use on our website. For example, we use blog posts and comment functions. This gives you the possibility to comment on our content or to write articles. If you make use of this function, your IP address may be stored for security reasons. This is how we protect ourselves from illegal content such as insults, unauthorised advertising or prohibited political propaganda. In order to recognise whether any comments are spam, we can also store and process user information on the basis of our legitimate interests. If we start a survey, we will also store your IP address for the duration of the survey so we can be sure that everyone who takes part only votes once. Moreover, cookies may also be used for storage purposes. All data that we store about you (such as content or information about you) will be stored until you object.

Content Delivery Networks

What is a Content Delivery Network?

On our website we use a so-called content delivery network or CDN. This helps to load our website quickly and easily, regardless of your location. Moreover, your personal data will also be stored, managed and processed on the respective CDN provider’s servers. In the following, we will go into more general detail on this service and the data processing associated with it. You can find detailed information on how your data is handled in the provider’s Privacy Policy.

Each content delivery network (CDN) is a network of regionally distributed servers that are connected to each other via the internet. Through this network, website content (especially very large files) can be delivered quickly and smoothly, even when large loading peaks occur. To make this possible, CDNs create a copy of our website on their servers. The website can be delivered quickly because these servers are distributed all around the world. Any data transfer to your browser is therefore significantly shortened by the CDN.

Why do we use a Content Delivery Network for our website?

A fast loading website is part of our service. Of course, we know how annoying it is when a website loads at a snail’s pace. Most of the time, you lose your patience and click away before the website is fully loaded. But of course we want to avoid that. Therefore, to us a fast loading website is an obligatory part of our website offer. With the use of a content delivery network, our website loads significantly faster in your browser. Furthermore, CDNs are particularly helpful when you are abroad, as the website is always delivered from a server in your area.

Which data are processed?

If you access a website or its content and it gets cached in a CDN, the CDN forwards the request to the server closest to you which then delivers the content. Content delivery networks are built in a way that JavaScript libraries can be downloaded and hosted on npm and Github servers. Alternatively, WordPress plugins can also be loaded on most CDNs, provided they are hosted on WordPress.org. Moreover, your browser can send personal data to the content delivery network we use. This includes data such as IP addresses, browser type, browser version, the accessed website or the time and date of the page visit. This data is collected and stored by the CDN. Whether cookies are used for data storage depends on the network that is being used. For more information on this, please read the Privacy Policy of the respective service.

Right to object

If you want to prevent this data transfer altogether, you can use a JavaScript blocker (see for example https://noscript.net/) on your computer. However, our website can then of course no longer offer its usual service (such as a fast loading speeds).

Legal basis

If you have consented to the use of a content delivery network, your consent represents the the legal basis for the corresponding data processing. According to Art. 6 paragraph 1 lit. a (consent) your consent represents the legal basis for the processing of personal data, as it can occur when collected by a content delivery network.

We also have a legitimate interest in using a content delivery network to optimise our online service and make it more secure. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). Nevertheless, we only use the tool if you have consented to it.

Provided this information is available, you can find out more about the particular content delivery networks in the following sections.

Video Conferencing & Streaming

What are video conferences & streamings?

We use software programs that enable us to hold video conferences, online meetings, webinars and to utilise display sharing and/or streaming. In a video conference or a streaming, information is transmitted simultaneously via sound and moving images. With such video conference or streaming tools, we can communicate quickly and easily with customers, business partners, clients and employees via the Internet. Of course, when selecting the service provider, we consider the given legal framework.

Generally, third-party providers can process data as soon as you interact with the software program. Third-party video conference providers or streaming solutions use your data and metadata for different purposes. The data helps to e.g. make the tool more secure and to improve the service. Most of the time, the data may also be used for the respective third-party provider’s own marketing purposes.

Why do we use video conferencing & streaming on our website?

We want to communicate digitally, quickly, easily and securely with you, our customers and our business partners. This works best with video conferencing solutions that are very easy to use. Most tools also work directly in your browser and with just a few clicks you can get right to your video meeting. The tools also offer helpful additional features such as chat and screen sharing functions or the possibility of sharing content between meeting participants.

Which data are processed?

If you join our video conference or streaming, your data will also be processed and stored on the servers of the respective service provider.

The exact data that gets stored depends on the respective software. Each provider stores and processes data differently. Generally, however, most providers store your name, address, contact details such as your email address or telephone number and your IP address. Information about the device you are using may also get stored, along with usage data, such as which websites you visit, when you visit a website or which buttons you click. Data that is shared within the video conference (photos, videos, texts) may also be retained.

Duration of data processing

Below we will inform you about the duration of the data processing of the service that is being used, provided we have further information on this. In general, we only process personal data for as long as is absolutely necessary to provide our services and products. Moreover, it is possible that the provider may store your data according to their own requirements, which we have no influence on.

Right to object

You always have the right to information, rectification and erasure of your personal data. If you have any questions, you can always contact the person responsible for the respective video conferencing or streaming tool. You can find contact details either in our specific privacy policy or on the website of the relevant provider.

In your browser you can erase, deactivate or manage cookies that providers use for their functions. This works slightly different, depending on which browser you are using. Please note, however, that functions may not keep working as usual after doing so.

Legal basis

If you have consented to the processing and storage of your data by the respective video or streaming solution, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). We may also offer a video conference as part of our services, if there has been a contractual agreement with you in advance (Art. 6 para. 1 lit. b GDPR). Generally, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) to maintain fast and good communication with you or other customers and business partners, provided you have priorly given consent. Most video or streaming solutions also place cookies in your browser to store data. We therefore recommend you to read our privacy policy about cookies carefully and to take a look at the privacy policy or the cookie policy of the respective service provider.

Provided it is available, you can find information on special video conference and streaming solutions in the following sections.

Microsoft Teams Privacy Policy

On our website we use Microsoft Teams, which is an online meeting and video conferencing service. The provider of this service is the American company Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Microsoft processes data from you, among other things, in the USA. Microsoft is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Microsoft uses so-called Standard Contractual Clauses (Article 46(2) and (3) GDPR). Standard Contractual Clauses (SCC) are template clauses provided by the EU Commission and are designed to ensure that your data complies with European data protection standards, even when transferred and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Microsoft commits to maintaining the European data protection level when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847.

You can find more information on the standard contractual clauses at Microsoft at https://docs.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses .

You can find out more about the data that is processed by Microsoft in their Privacy Policy at https://privacy.microsoft.com/en-GB/privacystatement.

Web Design Introduction

What is web design?

We use various tools on our website for the purpose of our web design. Contrary to common belief, web design is not just about making our website look nice, but rather also about functionality and performance. But of course, a good-looking website is also a major goal of professional web design. Web design is a part of media design and deals with the visual as well as the structural and functional design of a website. Our aim with our web design is to improve your experience on our site. In web design jargon, this is called User Experience (UX) and usability. User Experience entails all impressions and experiences that website visitors come across on a website. What is more, usability is part of the User Experience, as it determines how user-friendly a website is. This includes the clear structuring of content, subpages or products, along with how quickly and easily the website enables you to find what you are looking for. In order to offer you the best possible experience on our website, we also use so-called third-party web design tools. Therefore, all tools and services that help improve our website’s design are classified under the category “web design”. This may, for example, include fonts, various plugins or other integrated web design functions.

Why do we use web design tools?

The way you absorb information on a website depends very much on its structure, functionality and visual perception. Therefore, good and professional web design has become increasingly important for us. We are constantly working on improving our site as a way of further extending our services for you as a website visitor. Furthermore, a beautiful and functioning website also has economic advantages for us. Needless to say, you will only visit it and take advantage of our offers if you feel completely at ease.

What data is stored by web design tools?

When you visit our website, any web design elements integrated into our pages may process your data. The exact data that is processed depends on the tools used. Below you can see exactly which tools we use for our website. For more information about data processing, we recommend you also read the respective privacy policy of the respective tools. There you can usually find out which data is processed, whether cookies are used and how long the data is stored. Moreover, fonts such as Google Fonts, for example, also automatically transmit information such as your language settings, IP address, browser version, browser screen resolution and browser name to Google’s servers.

Duration of data processing

Data processing times are very individual and depend on the web design elements used. For example, when cookies are used, the retention period can be as little as a minute, but it may also be a few years. Please make yourself familiar with this topic. You may for example read our general section on cookies as well as the Privacy Policies of the tools used. There you can likely find out exactly which cookies are used and what information is stored there. For example, Google Font files are stored for one year, in order to improve the loading speed of a website. In principle, data is only kept for as long as is necessary to provide the service. But legal requirements may require data to be stored for longer.

Right to object

You also retain the right and the option to revoke your consent to the use of cookies or third-party providers at any time. You can do this either via our cookie management tool or via other opt-out functions. You can also prevent cookies from collecting your data by managing, deactivating or deleting the cookies in your browser. However, among web design elements (typically fonts) there is also data that cannot be erased easily. This is the case whenever data is automatically collected as soon as a page is accessed and then directly transmitted to a third party (e.g. Google). In these cases, please contact the support of the respective provider. In the case of Google, you can reach support at https://support.google.com/?hl=de.

Legal Basis

If you have consented to the use of web design tools, this consent serves as the legal basis for the relevant data processing. According to Article 6 (1) (a) GDPR (consent), your consent represents the legal basis for the processing of personal data, as it may occur when it is collected by web design tools. We also have a legitimate interest in web design to improve on our website. After all, only then can we provide you with a beautiful and professional web offer. The corresponding legal basis for this is Article 6 (1) (f) GDPR (legitimate interests). However, we strongly want to emphasise once more that we only use web design tools if you have given your consent.

You can find information on different web design tools – if available – in the following sections.

Font Awesome Lokal Privacy Policy

We use the Font Awesome Local font and icon toolkit for our website. The service provider is the American company Fonticons, Inc, 307 S Main St Ste 202 Bentonville, AR, 72712-9214 , USA.

We have embedded the Font Awesome fonts locally, i.e. on our web server – not on Font Awesome’s servers. As a result, there is no connection to Font Awesome servers and thus no data transfer or storage to this company.

You can find out more about the data that is processed by Font Awesome Lokal in their Privacy Policy at https://fontawesome.com/privacy.

Google Fonts Local Privacy Policy

On our website we use Google Fonts, by the company Google Inc. The responsible entity for the European area is Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland). We have integrated Google fonts locally, i.e. on our web server and not on Google’s servers. This means that no connection to Google’s servers and therefore no data transfer or retention take place.

What are Google Fonts?

Google Fonts was previously called Google Web Fonts. It is an interactive list with over 800 fonts which Google offer for free use. With the use of Google Fonts, it is possible to utilise fonts without uploading them to your own server. In order to prevent any transfer of information to Google’s servers, we downloaded the fonts to our own server. This way we can comply with data privacy and do not transmit any data to Google Fonts.

Online Booking Systems Introduction

What is an online booking system?

We use one or more booking systems which enable you to make bookings via our website. That way e.g. appointments can easily be created online. A booking system is a software application integrated into our website that displays available resources (such as available appointments) and allows you to book – and usually, also pay – directly online. You’ve probably already come across many such booking systems from the restaurant or hotel industry. However, such systems are actually used in a wide variety of industries. Depending on the tool and settings, booking systems can be used both by us internally, as well as by customers like yourself. In most cases, your personal data is also collected and stored.

Bookings usually work as follows: You will find a booking system on our website, through which you can book an appointment directly with one click. Then you will enter your data and usually also be able to pay immediately. You may also have the option to enter various information about yourself into a form. Please be aware that any information you enter may be stored and managed in a database.

Why do we use an online booking system?

In a way, we also consider our website a free service for you. We want you to receive helpful information on our site and feel comfortable on there. This also includes an online service that makes it as easy as possible for you to book appointments or services. Gone are the days when you had to wait days for booking confirmations via phone or email. With an online booking system, you can get everything done after just a few clicks and get on with your day. The system also makes it easier for us to manage all bookings and appointments. Therefore, we consider a booking system absolutely sensible for both you and ourselves.

Which data is processed?

In this general introduction about booking systems, we naturally cannot tell you exactly what data is processed for which system. It always depends on the tool used, as well as the functions and possibilities it contains. What is more, in addition to the conventional booking function, many booking systems also offer a range of other features. For example, many systems also have an external online payment system (e.g. Stripe, Klarna or Paypal) and an integrated calendar synchronisation function. Accordingly, different data and different amounts of data can be processed, depending on the included functions. Usually, data such as your IP address, name and contact details, technical device information and the time of your booking are processed. If you also make a payment via the system, your bank details such as your account number, credit card number, passwords, TANs etc. will also be stored and passed on to the respective payment provider. We recommend you carefully read the respective privacy policy of the tool used, so that you know which of your data is processed specifically.

Duration of data processing

Each booking system stores data for different lengths of time. Therefore, we cannot yet give any specific information about the duration of data processing in this instance. In general, however, personal data is only stored for as long as is absolutely necessary to provide the services. Booking systems usually also use cookies, which store information for different lengths of time. While some cookies are erased immediately after leaving the site, others can be stored for a number of years. You can find out more about this in our “Cookies” section. Please also take a look at the respective privacy policies of the providers. There you should find answers on how long your data will be stored specifically.

Right to object

If you have consented to data processing by a booking system, you always retain the option and the right to revoke this consent. So please, always be aware that you have rights in relation to your personal data and that you can exercise these rights at any time. Thus, if you do not agree to the processing of your personal data, then none of your personal data may be processed. It is that simple. The easiest way to revoke data processing is via a cookie consent tool or via other available opt-out functions. You can, for example, manage data retention by cookies directly in your browser. Until you withdraw your consent, the lawfulness of data processing remains unaffected.

Legal Basis

If you have agreed that booking systems may be used, this consent is the legal basis for the corresponding data processing. According to Article 6 (1) (a) GDPR (consent), your consent represents the legal basis for the processing of personal data, as it may occur through the use of booking systems.

Furthermore, we also have a legitimate interest in using booking systems because we use them to extend our customer service and to optimise our internal booking organisation. The corresponding legal basis for this is Article 6 (1) (f) GDPR (legitimate interests). However, we strongly want to emphasise once more that we only use these tools if you have given your consent.

You can find information on different booking systems – if available – in the following sections.

Miscellaneous Overview

What is included in “Miscellaneous”?

The “Miscellaneous” category includes any services that do not fit into any of the above categories. Usually, they are various plugins and integrated elements that are meant to improve our website. Generally, these functions are obtained from third parties and integrated into our website. They may e.g. be web search services such as Algolia Place, Giphy, Programmable Search Engine or online services for weather data such as OpenWeather.

Why do we use these third parties?

With our website, we want to provide you with the best web offer in our industry. Websites have long been so much more than just a business card for companies. Instead, they are a place designed to help you find what you’re looking for. And in order to make our website even more interesting and helpful for you, we use various third-party services.

Which data is processed?

Whenever elements are integrated into our website, your IP address will be transmitted to the respective provider, where it will be stored and processed. This is necessary to send the content to your browser which will then display it for you. Moreover, service providers may also use pixel tags or web beacons. These are small graphics on websites that can record a log file and create analyses of it. Providers can improve their own marketing measures with the information they receive this way. In addition to pixel tags, this information (e.g. which button you click or when you access which page) can also be stored in cookies. In addition to data analyses on your web behaviour, technical information such as your browser type or operating system may also be stored there. Some providers can also link the data they obtain to other internal services or to third-party providers. Each provider handles your data differently. Therefore, we recommend you carefully read the privacy policies of the respective services. We make every effort to only use services that operate very carefully in regards to data protection and privacy.

Duration of data processing

Below we will inform you about the duration of data processing, provided we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products.

Legal Basis

If we ask for your consent and you agree to us using a service, this consent serves as the legal basis for the processing of your data (Article 6 (1) (a) GDPR). In addition to your consent, we have a legitimate interest in analysing the behaviour of our website visitors and thus technically and economically improving our offer. The legal basis for this is Article 6 (1) (f) GDPR (legitimate interests). However, we only use any tools if you have given your consent.

Information on the special tools – if available – can be found in the following sections.

Explanation of the terminology used

We always strive to make our privacy policy as clear and comprehensible as possible. However, this is not always easy, especially when it comes to technical and legal matters. It is often sensible to use legal terms (such as ‘personal data)’ or certain technical terms (such as ‘cookies’ or ‘IP address’). But we don’t want to use such terms without any explanation. This is why you will find an alphabetical list of important terms used below. These are terms we may not yet have sufficiently explained in the privacy policy. In case we have adopted any of these terms from the GDPR which are definitions, we will also list the GDPR texts here and add our own further explanations if necessary.

Processor

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

“processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Explanation: As a company and a website owner, we are responsible for all your data we process (i. e. the ‘controller’). In addition to the controller, there may also be so-called processors. This includes any company or person who processes personal data on our behalf. In addition to service providers such as tax consultants, processors can also be hosting or cloud providers, payment or newsletter providers or large companies such as Google or Microsoft.

Consent

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

“consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation: With websites, such consent is usually given via a cookie consent tool. You’ve most certainly come across these. Whenever you visit a website for the first time, you will usually be asked via a banner whether you agree or consent to the data processing. You can usually also make individual settings and thus decide for yourself which level of data processing you want to allow. If you do not give your consent, no personal data may be processed. Consent can of course also be given in writing, i.e. not via a tool.

Data concerning health

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

“Data concerning health” means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;

Explanation: Health data includes all stored information relating to your own health. It is often data that is also noted in patient files. This includes, for example, which medication you are using, X-rays, your entire medical history or your vaccination statuses.

Personal Data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

“personenal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Explanation: Personal data is all data that can identify you as a person. This is usually data such as:

• name
• address
• email address
• postal address
• phone number
• birthday
• identification numbers such as social security number, tax identification number, ID card number or matriculation number
• banking data such as account number, credit information, account balances and more.

According to the European Court of Justice (ECJ), your IP address is also personal data. IT experts can use your IP address to determine at least the approximate location of your device and subsequently your location as the connection owner. Therefore, storing an IP address also requires a legal basis within the scope of the GDPR. There are also so-called “special categories” of personal data, which are particularly worthy of protection. These include:

• racial and ethnic origin
• political opinions
• religious or ideological beliefs
• Union membership
• genetic data such as data obtained from blood or saliva samples
• biometric data (this is information about psychological, physical or behavioural characteristics that can identify an individual).
  health Data
• Data relating to sexual orientation or sex life

Profiling

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

Explanation: Profiling collects various personal data about an individual in order to learn more about that individual. On the internet, profiling is often used for advertising purposes or for credit checks. Web and advertising analysis programs e. g. collect data about your behaviour and interests on a website. This results in a special user profile that can be used to target advertising to specific target groups.

Pseudonymisation

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

Explanation: Our Privacy Policy often refers to pseudonymised data. Pseudonymised data means that this data can no longer be used to identify you as a person unless additional information is added. However, you should not confuse pseudonymisation with anonymisation. With anonymisation, there is no personal reference whatsoever, and the only way to reconstruct it would require a disproportionate amount of technical effort.

Controller

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

“controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Explanation: In our example, we are responsible for the processing of your personal data and are therefore the “controller”. If we pass on collected data to other service providers for processing, they are considered “contract processors”. For this, a “Data Processing Agreement (DPA)” must be concluded.

Processing

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Note: When we talk about processing in our Privacy Policy, we talk about any type of data processing. As mentioned above in the original GDPR declaration, this includes not only the collection but also the storage and processing of data.

Closing Remarks

Congratulations! If you are reading these lines, you have most likely familiarised yourself with our entire Privacy Policy – or at least scrolled down here. As you can see from the scope of our Privacy Policy, we do not take the protection of your personal data lightly.
We find it important to inform you about the processing of your personal data to the best of our abilities. In doing so, we not only want to tell you which data is processed but also explain to you why we use various software programs. In general, Privacy Policies have very technical and legal jargon. However, since most of you are not web developers or solicitors, we wanted to take a different approach and explain the facts in simple and clear language. Of course, this is not always possible due to the subject matter. Therefore, you can also find a more detailed explanation of the most important terms at the end of the Privacy Policy.
If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible body. We wish you all the best and hope to soon welcome you to our website again.

All texts are copyrighted.