Privacy policy
Privacy Policy
1. Data Protection at a Glance
General Information
The following information provides a simple overview
of what happens to your personal data when you visit this website. Personal data
means any data by which you can be personally identified. Detailed information
on the topic of data protection can be found in the privacy policy set out
below this text.
Data Collection on This Website
Who is responsible for data collection on this
website?
Data processing on this website is carried out by the
website operator. You can find the operator’s contact details in the section
“Information on the Responsible Party” in this privacy policy.
How do we collect your data?
Some of your data is collected when you provide it to us.
This may include, for example, data that you enter in a contact form.
Other data is collected automatically or with your consent
by our IT systems when you visit the website. This primarily includes technical
data, such as your internet browser, operating system, or the time at which a
page is accessed. This data is collected automatically as soon as you enter
this website.
What do we use your data for?
Some of the data is collected to ensure that the website is
provided without errors. Other data may be used to analyze your user behavior.
If contracts can be concluded or initiated through the website, the submitted
data will also be processed for contractual offers, orders, or other service
requests.
What rights do you have regarding your data?
You have the right at any time to receive information free
of charge about the origin, recipients, and purpose of your stored personal
data. You also have the right to request the correction or deletion of this
data. If you have given consent to data processing, you may withdraw that
consent at any time with effect for the future. You also have the right, under
certain circumstances, to request that the processing of your personal data be
restricted. In addition, you have the right to lodge a complaint with the
competent supervisory authority.
You may contact us at any time regarding this or any other
questions relating to data protection.
Analytics Tools and Third-Party Tools
When you visit this website, your browsing behavior may be
statistically evaluated. This is primarily done using analytics programs.
Detailed information about these analytics programs can be found in the
following sections.
2. Hosting
We host the content of our website with the following
provider:
Amazon Web Services (AWS)
The provider is Amazon Web Services EMEA SARL, 38 Avenue
John F. Kennedy, 1855 Luxembourg (hereinafter “AWS”). When you visit our
website, your personal data is processed on AWS servers. Personal data may also
be transferred to AWS’s parent company in the United States. The transfer of
data to the United States is based on the EU Standard Contractual Clauses.
Details can be found here: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/ .
Further information can be found in AWS’s privacy policy: https://aws.amazon.com/de/privacy/?nc1=f_pr . The use of AWS is based on Art. 6(1) lit. f
GDPR. We have a legitimate interest in presenting our website as reliably as
possible. If corresponding consent has been requested, processing is carried
out exclusively on the basis of Art. 6(1) lit. a GDPR and Section 25(1) TDDDG,
insofar as the consent includes the storage of cookies or access to information
on the user’s device, such as device fingerprinting, within the meaning of the
TDDDG. Consent may be withdrawn at any time.
The company is certified under the “EU-U.S. Data Privacy
Framework” (DPF). The DPF is an agreement between the European Union and the
United States intended to ensure compliance with European data protection
standards for data processing in the United States. Each company certified
under the DPF commits to complying with these data protection standards.
Further information is available from the provider at the
following link: https://www.dataprivacyframework.gov/participant/5776 .
3. General Information and Mandatory Information
Data Protection
The operators of these pages take the protection of your
personal data very seriously. We treat your personal data confidentially and in
accordance with the statutory data protection regulations and this privacy
policy. When you use this website, various types of personal data are
collected. Personal data means data by which you can be personally identified.
This privacy policy explains which data we collect and what we use it for. It
also explains how and for what purpose this is done. Please note that data
transmission over the internet, for example when communicating by e-mail, may
have security vulnerabilities. Complete protection of data against access by
third parties is not possible.
Information on the Responsible Party
The party responsible for data processing on this website
is:
Denise Wenning
xxxxxx
xxxxx
xxxxxxx
Germany
Phone: +49 xxxxx
E-mail: xxxxxxxx
The responsible party is the natural or legal person who, alone or jointly with
others, determines the purposes and means of the processing of personal data,
such as names, e-mail addresses, and similar information.
Storage Period
Unless a more specific storage period has been stated in
this privacy policy, your personal data will remain with us until the purpose
for data processing no longer applies. If you submit a legitimate request for
deletion or withdraw your consent to data processing, your data will be deleted
unless we have other legally permissible reasons for storing your personal
data, such as retention periods under tax or commercial law. In the latter
case, deletion will take place after those reasons no longer apply.
General Information on the Legal Bases for Data
Processing on This Website
If you have consented to data processing, we process your
personal data on the basis of Art. 6(1) lit. a GDPR and, where special categories
of data within the meaning of Art. 9(1) GDPR are processed, on the basis of
Art. 9(2) lit. a GDPR. In the event of explicit consent to the transfer of personal
data to third countries, data processing is also carried out on the basis of
Art. 49(1) lit. a GDPR. If you have consented to the storage of cookies or to
access to information on your device, such as via device fingerprinting, data
processing is additionally carried out on the basis of Section 25(1) TDDDG.
Consent may be withdrawn at any time. If your data is required for the
performance of a contract or for pre-contractual measures, we process your data
on the basis of Art. 6(1) lit. b GDPR. Furthermore, we process your data if this is
necessary to fulfill a legal obligation on the basis of Art. 6(1) lit. c GDPR. Data
processing may also be carried out on the basis of our legitimate interest
pursuant to Art. 6(1) lit. f GDPR. The relevant legal bases in each individual case
are explained in the following sections of this privacy policy.
Recipients of Personal Data
In the course of our business activities, we work with
various external parties. In some cases, it is also necessary to transmit
personal data to these external parties. We disclose personal data to external
parties only if this is necessary for the performance of a contract, if we are
legally required to do so, for example by disclosing data to tax authorities,
if we have a legitimate interest pursuant to Art. 6(1) lit. f GDPR in the
disclosure, or if another legal basis permits the data disclosure. When using
processors, we disclose our customers’ personal data only on the basis of a
valid data processing agreement. In the case of joint processing, a joint
processing agreement is concluded.
Withdrawal of Your Consent to Data Processing
Many data processing operations are possible only with your
express consent. You may withdraw consent you have already given at any time.
The lawfulness of data processing carried out before the withdrawal remains
unaffected by the withdrawal.
Right to Object to Data Collection in Special Cases and
to Direct Advertising (Art. 21 GDPR)
IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART.
6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME, ON GROUNDS RELATING TO
YOUR PARTICULAR SITUATION, TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA;
THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL
BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU
OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN
DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE
YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR UNLESS THE PROCESSING SERVES THE
ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO
ART. 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT ADVERTISING
PURPOSES, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF
PERSONAL DATA CONCERNING YOU FOR THE PURPOSES OF SUCH ADVERTISING; THIS ALSO
APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT
ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL THEREAFTER NO LONGER BE
USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).
Right to Lodge a Complaint with the Competent
Supervisory Authority
In the event of violations of the GDPR, data subjects have
the right to lodge a complaint with a supervisory authority, in particular in
the member state of their habitual residence, place of work, or the location of
the alleged violation. The right to lodge a complaint exists without prejudice
to any other administrative or judicial remedies.
Right to Data Portability
You have the right to have data that we process
automatically on the basis of your consent or in performance of a contract
handed over to you or to a third party in a commonly used, machine-readable
format. If you request the direct transfer of the data to another controller,
this will be done only to the extent technically feasible.
Access, Correction, and Deletion
Within the scope of the applicable legal provisions, you
have the right at any time to receive information free of charge about your
stored personal data, its origin and recipients, and the purpose of data
processing. You may also have the right to correction or deletion of this data.
You may contact us at any time regarding this or any other questions relating
to personal data.
Right to Restriction of Processing
You have the right to request the restriction of the
processing of your personal data. You may contact us at any time for this
purpose. The right to restriction of processing exists in the following
cases:
- If
you dispute the accuracy of your personal data stored by us, we generally
need time to verify this. For the duration of the review, you have the
right to request the restriction of the processing of your personal data.
- If
the processing of your personal data was or is unlawful, you may request
restriction of data processing instead of deletion.
- If
we no longer need your personal data, but you need it for the exercise,
defense, or establishment of legal claims, you have the right to request
restriction of the processing of your personal data instead of deletion.
- If
you have objected pursuant to Art. 21(1) GDPR, a balancing of your
interests and our interests must be carried out. As long as it has not yet
been determined whose interests prevail, you have the right to request the
restriction of the processing of your personal data.
If you have restricted the processing of your personal data,
such data may, apart from being stored, be processed only with your consent, for
the establishment, exercise, or defense of legal claims, for the protection of
the rights of another natural or legal person, or for reasons of important
public interest of the European Union or of a member state.
SSL or TLS Encryption
For security reasons and to protect the transmission of
confidential content, such as orders or inquiries that you send to us as the
website operator, this site uses SSL or TLS encryption. You can recognize an
encrypted connection by the fact that the address line of the browser changes
from “http://” to “https://” and by the lock symbol in your browser’s address
bar. If SSL or TLS encryption is activated, the data you transmit to us cannot
be read by third parties.
4. Data Collection on This Website
Cookies
Our websites use so-called “cookies.” Cookies are small
data packets and do not cause any harm to your device. They are stored either
temporarily for the duration of a session (session cookies) or permanently
(permanent cookies) on your device. Session cookies are automatically deleted
after the end of your visit. Permanent cookies remain stored on your device
until you delete them yourself or until they are automatically deleted by your
web browser. Cookies may originate from us (first-party cookies) or from third
parties (so-called third-party cookies). Third-party cookies enable the
integration of certain third-party services within websites, such as cookies
for processing payment services. Cookies have various functions. Numerous
cookies are technically necessary because certain website functions would not
work without them, such as the shopping cart function or the display of videos.
Other cookies may be used to evaluate user behavior or for advertising
purposes. Cookies that are required to carry out the electronic communication
process, to provide certain functions requested by you, such as the shopping
cart function, or to optimize the website, such as cookies used to measure web
audiences, are necessary cookies and are stored on the basis of Art. 6(1) lit. f
GDPR unless another legal basis is specified. The website operator has a
legitimate interest in storing necessary cookies for the technically error-free
and optimized provision of its services. If consent to the storage of cookies
and comparable recognition technologies has been requested, processing is
carried out exclusively on the basis of that consent (Art. 6(1) lit. a GDPR and
Section 25(1) TDDDG); consent may be withdrawn at any time. You can configure
your browser so that you are informed when cookies are set and allow cookies
only in individual cases, exclude the acceptance of cookies in certain cases or
in general, and activate the automatic deletion of cookies when the browser is
closed. If cookies are disabled, the functionality of this website may be
restricted. Which cookies and services are used on this website can be found in
this privacy policy.
Server Log Files
The provider of the pages automatically collects and stores
information in so-called server log files, which your browser automatically
transmits to us. These are:
- Browser
type and browser version
- Operating
system used
- Referrer
URL
- Host
name of the accessing computer
- Time
of the server request
- IP address
This data is not merged with other data sources. This data
is collected on the basis of Art. 6(1) lit. f GDPR. The website operator has a
legitimate interest in the technically error-free display and optimization of
the website; for this purpose, server log files must be collected.
Contact Form
If you send us inquiries via the contact form, the
information you provide in the inquiry form, including the contact details you
provide there, will be stored by us for the purpose of processing the inquiry
and in case of follow-up questions. We do not share this data without your
consent.
This data is processed on the basis of Art. 6(1) lit. b GDPR if
your inquiry is related to the performance of a contract or is necessary for
pre-contractual measures. In all other cases, processing is based on our
legitimate interest in effectively processing inquiries addressed to us (Art. 6(1) lit. f GDPR) or on your consent (Art. 6(1) lit. a GDPR), if such consent has been
requested; consent may be withdrawn at any time. The data you enter in the
contact form will remain with us until you ask us to delete it, withdraw your
consent to storage, or the purpose for data storage no longer applies, for
example after your inquiry has been fully processed. Mandatory statutory
provisions, in particular retention periods, remain unaffected.
Inquiry by E-mail or Telephone
If you contact us by e-mail or telephone, your inquiry,
including all personal data resulting from it, such as name and inquiry, will
be stored and processed by us for the purpose of handling your request. We do
not share this data without your consent.
This data is processed on the basis of Art. 6(1) lit. b GDPR if
your inquiry is related to the performance of a contract or is necessary for
pre-contractual measures. In all other cases, processing is based on our
legitimate interest in effectively processing inquiries addressed to us (Art. 6(1) lit. f GDPR) or on your consent (Art. 6(1) lit. a GDPR), if such consent has been
requested; consent may be withdrawn at any time. The data you send to us via
contact inquiries will remain with us until you ask us to delete it, withdraw
your consent to storage, or the purpose for data storage no longer applies, for
example after your request has been fully processed. Mandatory statutory
provisions, in particular statutory retention periods, remain unaffected.
5. Plugins and Tools
Google Maps
This site uses the map service Google Maps. The provider is
Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4,
Ireland.
This service allows us to integrate map material into our website. To
use the functions of Google Maps, it is necessary to store your IP address.
This information is generally transmitted to a Google server in the United
States and stored there. The provider of this site has no influence over this
data transfer. If Google Maps is activated, Google may use Google Fonts for the
purpose of displaying fonts uniformly. When Google Maps is accessed, your
browser loads the required web fonts
into your browser cache in order to
display text and fonts correctly. Google Maps is used in the interest of
presenting our online offerings in an appealing manner and making the locations
listed on our website easy to find. This constitutes a legitimate interest
within the meaning of Art. 6(1) lit. f GDPR. If corresponding consent has been
requested, processing is carried out exclusively on the basis of Art. 6(1) lit. a
GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of
cookies or access to information on the user’s device, such as device
fingerprinting, within the meaning of the TDDDG. Consent may be withdrawn at
any time.
The transfer of data to the United States is based on the
Standard Contractual Clauses of the European Commission. Details can be found
here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/ .
More information on how user data is handled can be found
in Google’s privacy policy: https://policies.google.com/privacy?hl=de .
The company is certified under the “EU-U.S. Data Privacy Framework” (DPF). The
DPF is an agreement between the European Union and the United States intended
to ensure compliance with European data protection standards for data
processing in the United States. Each company certified under the DPF commits
to complying with these data protection standards. Further information is
available from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780 .
Google reCAPTCHA
We use “Google reCAPTCHA”
(hereinafter “reCAPTCHA”) on this website. The provider is
Google Ireland Limited (“Google”), Gordon House, Barrow Street,
Dublin 4, Ireland.
reCAPTCHA
is used to check
whether data entered on this website, for example in a contact form, is entered
by a human or by an automated program. For this purpose, reCAPTCHA
analyzes the behavior of the website visitor based on various characteristics.
This analysis begins automatically as soon as the website visitor enters the
website. For the analysis, reCAPTCHA
evaluates
various information, such as IP address, the length of time the website visitor
spends on the website, or mouse movements made by the user. The data collected
during the analysis is forwarded to Google.
The reCAPTCHA
analyses run
entirely in the background. Website visitors are not notified that an analysis
is taking place. The storage and analysis of the data is carried out on the
basis of Art. 6(1) lit. f GDPR. The website operator has a legitimate interest in
protecting its web offerings against abusive automated spying and SPAM. If
corresponding consent has been requested, processing is carried out exclusively
on the basis of Art. 6(1) lit. a GDPR and Section 25(1) TDDDG, insofar as the
consent includes the storage of cookies or access to information on the user’s
device, such as device fingerprinting, within the meaning of the TDDDG. Consent
may be withdrawn at any time. Further information about Google reCAPTCHA
can be found in Google’s privacy policy and Google’s terms of service at the
following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de .
The company is certified under the “EU-U.S. Data Privacy Framework” (DPF). The
DPF is an agreement between the European Union and the United States intended
to ensure compliance with European data protection standards for data
processing in the United States. Each company certified under the DPF commits
to complying with these data protection standards. Further information is
available from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780 .
Source: https://www.e-recht24.de - Translated into English by AI.
