Responsible Data Protection Coordinator: firstname.lastname@example.org as per 01.Feb.2021
1. Basic information on data processing and legal bases
1.1. This data protection declaration explains the type, scope and purpose of the processing of personal data within our online offer. The data protection declaration applies regardless of the domains, systems, platforms and devices used (e.g. desktop or mobile) on which the online offer is carried out.
1.2. For the terms used, such as "personal data" or their "processing", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
1.3. The personal data of the users processed in the context of this online offer include usage data (e.g. the number of accesses / visitors to the website visited) and content data (e.g. entries in the contact form).
1.4. The term “user” includes all categories of persons affected by data processing. They include our cooperation partners, customers, interested parties and other visitors to our online offer. The terms used, such as "user", are to be understood as gender-neutral.
1.5. We process personal data of users only in compliance with the relevant data protection regulations. This means that user data is only processed on the basis of our legitimate interests (i.e. for the economic operation of the company, interest in the analysis, or optimization and security of our online offer within the meaning of Art. 6 Para. 1 lit. f. GDPR) .
1.6. We would like to point out that the legal basis for the consent is Article 6 (1) (a). and Art. 7 GDPR, the legal basis for processing in order to fulfill our services and carry out contractual measures Art. 6 Para. 1 lit. b. GDPR, the legal basis for processing in order to fulfill our legal obligations Art. 6 Para. 1 lit. c. GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6 Paragraph 1 lit.
2. Security measures
2.1. We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and to protect the data processed by us against accidental or deliberate manipulation, loss, destruction or against access by unauthorized persons.
2.2. The security measures include, in particular, the encrypted transmission of data between your browser and our server.
3. Transfer of data to third parties and third-party providers
3.1. A transfer of data to third parties only takes place within the framework of the legal requirements. We only pass on user data to third parties if this is necessary, for example, on the basis of Article 6 (1) (b) GDPR for contractual purposes or on the basis of legitimate interests in accordance with Article 6 (1) (f). GDPR for the economical and effective operation of our business.
3.2. If we use subcontractors to provide our services, we take suitable legal precautions as well as appropriate technical and organizational measures to ensure the protection of personal data in accordance with the relevant statutory provisions.
3.3. If content, services and tools from other providers (hereinafter jointly referred to as "third party providers") are used within the scope of this data protection declaration and their registered office is in a third country, it can be assumed that data will be transferred to the countries in which the third party providers are based. Third countries are countries in which the GDPR is not a directly applicable law, i.e. in principle countries outside the EU or the European Economic Area. The transfer of data to third countries takes place either if there is an adequate level of data protection, the consent of the user or other legal permission.
4. Provision of contractual services
4.1. We process usage data (e.g. visitors to the website) and content data (e.g. entries in the contact form)
5.1. When contacting us (using the contact form or email), the information provided by the user is processed in order to process the contact request and to process it in accordance with Article 6 (1) (b) of the GDPR.
6. Collection of access data and log files
6.1. We collect data on every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Art. 6 Paragraph 1 lit. The web server's access logs record which page views took place at what time. They contain the following data: IP, directory protection user, date, time, pages accessed, logs, status code, data volume, referrer, user agent, host name accessed.
6.2. The IP addresses are saved anonymously. To do this, the last three digits are removed, i.e. 127.0.0.1 becomes 127.0.0. *. IPv6 addresses are also anonymized. Information on the directory protection user used is anonymized after one day.
7. Cookies & range measurement
7.1. Cookies are information that is transferred from our web server or third party web servers to the user's web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.
7.2. We use "cookies accepted". This cookie stores the user's decision to set cookies. The storage period is five years.
7.3. We use "session cookies" that are only stored for the duration of the current visit to our online presence. A randomly generated unique identification number, a so-called SessionID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offer and, for example, log out or close your browser.
7.4. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
8. Google Analytics
8.2. Google is certified under the Privacy Shield Agreement and thus offers a guarantee that it will comply with [European data protection law] (https://www.privacyshield.gov/participant? Id = a2zt000000001L5AAI & status = Active).
8.3. Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and the internet. In doing so, pseudonymous user profiles can be created from the processed data.
8.4. We only use Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address will only be sent to a Google server in the USA and shortened there in exceptional cases.
8.5. The IP address transmitted by the user's browser will not be merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; Users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and from processing this data by downloading and installing the browser plug-in available under the following link: http: // tools .google.com / dlpage / gaoptout? hl = de.
8.6. You can find more information on the use of data by Google, setting and objection options on the Google website: https://www.google.com/intl/de/policies/privacy/partners (“Use of data by Google when you use websites or apps of our partners "), http://www.google.com/policies/technologies/ads (" Use of data for advertising purposes "), http://www.google.de/settings/ads (" Manage information that Google uses, to show you advertisements ").
9. Integration of services and content from third parties
9.1. We use content or service offers from third-party providers within our online offer based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. Integrate services such as videos or fonts (hereinafter uniformly referred to as "content"). This always presupposes that the third-party providers of this content perceive the IP address of the users, since they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content. We strive to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and contain, among other things, technical information about the browser and operating system, referring websites, visiting time and other information about the use of our online offer, and can also be linked to such information from other sources.
9.2. The following illustration provides an overview of third-party providers and their content, along with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, options for objection (so-called opt-out):
External fonts from Google, Inc., https://www.google.com/fonts ("Google Fonts"). The integration of Google Fonts takes place by calling up a server on Google (usually in the USA). Data protection declaration: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
Maps provided by the "Google Maps" service provided by the third-party provider Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
Our online offer uses functions of the LinkedIn network. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you visit one of our pages that contains LinkedIn functions, a connection to the LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn is able to assign your visit to our website to you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use by LinkedIn. Data protection declaration: https://www.linkedin.com/legal/privacy-policy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting opt-out.
10. User rights
10.1. Users have the right, upon request, to receive information free of charge about the personal data that we have stored about them.
10.2. In addition, users have the right to correct incorrect data, restrict the processing and deletion of their personal data, if applicable, to assert their rights to data portability and, in the event of unlawful data processing being assumed, to lodge a complaint with the competent supervisory authority.
10.3. Users can also revoke their consent, generally with effect for the future.
11. Deletion of data
11.1. The data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention requirements. If the user data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be kept for commercial or tax reasons.
12. Right to Object
Users can object to the future processing of their personal data in accordance with the legal requirements at any time. The objection can in particular be made against processing for direct marketing purposes.
13.1. We reserve the right to change the data protection declaration in order to adapt it to changed legal situations or to changes in the service and data processing. However, this only applies to declarations on data processing. If the consent of the user is required or components of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the user.
13.2. The users are asked to inform themselves regularly about the content of the data protection declaration.