Status: 11. Oktober 2023
Table of contents
- Responsible
- Processing overview
- Relevant legal bases
- Security measures
- Transmission of personal data
- International data transfers
- Rights of the data subjects
- Cookies usage
- Provision of the online offer and web hosting
- Contact and inquiry management
Person in charge
Johann Holm
Bennet Witzcak
Alexandra Deaconu
Processing overview
The following overview summarizes the types of data processed and the purposes for which they are processed and refers to the data subjects.
Types of data processed
- Contact information.
- Content data.
- User data.
- Meta, communication and process data
Categories of affected persons
- Communication partner.
- User.
Processing purposes
- Contact requests and communication.
- Safety measures.
- Management and response to inquiries.
- Feedback.
- Provision of our online offer and user-friendliness.
- Information technology infrastructure.
Relevant legal bases
Relevant legal bases according to the DSGVO: Below you will find an overview of the legal basis of the GDPR on the basis of which we process personal data. Please note, that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. may apply. Furthermore, should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.
- Consent (Art. 6 Abs. 1 S. 1 lit. a) DSGVO) - The data subject has given his or her consent to the processing of personal data concerning him or her for a specific purpose or several specific purposes.
- Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO) - The processing is necessary to protect the legitimate interests of the controller or of a third party, except where the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, prevail.
National data protection regulations in Germany: In addition to the data protection regulations of the GDPR national regulations on data protection apply in Germany. These include, in particular, the Act for the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). The BDSG contains special regulations on the right to information, the right to deletion, the right to object, the processing of processing of special categories of personal data, processing for other purposes, and the transmission and as well as automated decision-making in individual cases, including profiling. Furthermore State data protection laws of the individual federal states may also apply.
Reference to validity of DSGVO and Swiss DSG: This data protection notice serves both to information according to the Swiss Federal Law on Data Protection (Schweizer DSG) as well as according to the General Data Protection Regulation (GDPR). For this reason, we ask you to note that due to the broader spatial application and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms used in the Instead of the Swiss DPA terms "processing" of "personal data", "overriding interest" and "particularly personal data" used in the GDPR, the terms "processing" of "personal data" and "legitimate data" as well as "legitimate interest" and "special categories of data" are used. The legal meaning of the terms will, however, continue to be determined in accordance with the Swiss DPA within the scope of its applicability.
Security measures
We make decisions in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons. appropriate technical and organizational measures to ensure a level of protection appropriate to the risk. ensure.
Measures include, in particular, ensuring the confidentiality, integrity and availability of data through controlling physical and electronic access to data, as well as the access, input, transfer, availability and segregation of data. access, input, disclosure, availability, and segregation. Furthermore, we have established procedures procedures in place to ensure the exercise of data subjects' rights, the deletion of data, and the response to data of the data. Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.
Transmission of personal data
In the course of our processing of personal data, it happens that the data is transmitted to other entities, companies, legally independent organizational units or persons or disclosed to them. disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks or Providers of services and content that are integrated into a website. In such cases we observe legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data. protection of your data with the recipients of your data.
International data transfers
Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU), European Economic Area (EEA)) or the processing takes place in the context of the use of third services of third parties or the disclosure or transfer of data to other persons, entities or companies, this will only be takes place, this will only be done in accordance with the legal requirements. If the level of data protection in the third country has been recognized by means of an adequacy decision (Art. 45 DSGVO), this serves as the basis for the data transfer. Otherwise, data transfers will only take place if the level of data protection is otherwise ensured, in particular through standard contractual clauses (Art. 46(2)(c) DSGVO), explicit consent or in the case of contractual or legally required transfer (Art. 49 (1) DSGVO). For the rest, we will inform you of the bases of the third country transfer in the case of the individual providers from the third country, whereby the Adequacy Decisions take precedence as bases. Information on third country transfers and available adequacy decisions can be found in the information provided by the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de.
EU-US Trans-Atlantic Data Privacy Framework: Within the framework of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the level of data protection for certain companies from the USA as part of the Adequacy Decision of July 10, 2023 as secure. The list of certified companies as well as further information on the DPF can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/ Within the scope of the data privacy notice, we inform you which of our service providers we use are certified under the Data Privacy Framework.
Rights of the data subjects
Data subjects' rights under the DSGVO: As a data subject, you are entitled to various rights under the GDPR which result in particular from Art. 15 to 21 of the DSGVO:
- Right to object: You have the right, on grounds relating to your particular situation, at any time against the processing of personal data concerning you, which is based on Art. 6 para. 1 lit. e or f DSGVO; this also applies to profiling based on these provisions. profiling based on these provisions. If the personal data concerning you is processed for the purpose of direct advertising you have the right to object at any time to the processing of personal data concerning you for the purpose of such personal data for the purposes of such advertising; this also applies to profiling, insofar as it is it is connected with such direct advertising.
- Right of withdrawal for consents: You have the right to revoke consent at any time. revoke.
- Right to Information: You have the right to request confirmation as to whether data in question is being data are processed and to information about these data as well as to further information and copy of the data in accordance with the legal requirements.
- Right of rectification: You have the right, in accordance with the law, to request the to request the completion of the data concerning you or the correction of inaccurate data concerning you. demand.
- Right to erasure and restriction of processing: Sie haben nach Maßgabe der gesetzlichen the right to demand that data relating to you be deleted immediately or, alternatively, in accordance with the alternatively, in accordance with the statutory provisions, to demand restriction of the processing of the data.
- Right to data portability: You have the right to request that data relating to you which you have provided to us in a structured, common and machine-readable format, in accordance with the legal machine-readable format or to request its transfer to another responsible party.
- Complaint to supervisory authority: You have, without prejudice to any other administrative or judicial remedy, the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged alleged infringement, if you consider that the processing of personal data relating to you infringes the data is in breach of the provisions of the DSGVO.
Cookies usage
Cookies are small text files, or other memory tags, that store information on end devices and read information from the end devices. read information from the end devices. E.g. to store the login status in a user account, a shopping cart content in an an e-shop, the contents called up or functions used of an online offer. Cookies can be used for various purposes, e.g. for purposes of the functionality, security and convenience of online offers comfort of online offers as well as the creation of analyses of visitor flows.
Consent Notes:We use cookies in accordance with the law. Therefore, we obtain prior consent from users, except where this is not required by law is required by law. In particular, consent is not required if the storage and reading of the information, i.e. cookies, are absolutely necessary in order to provide the user with a telemedia service that he or she has expressly requested. telemedia service (i.e. our online offer) that they expressly request. Among the absolutely necessary cookies generally include cookies with functions that are necessary for the display and operability of the online offer, for load load balancing, security, the storage of the preferences and choices of users or similar purposes related to the provision of the main and secondary functions of the online offer requested by the users. purposes related to the provision of the online offer requested by the users. The revocable consent will be clearly communicated to users and contains the information on the respective cookie use.
Notes on the legal basis for data protection:The legal basis under data protection law legal basis we process users' personal data with the help of cookies depends on whether we ask Ask users for consent. If the users consent, the legal basis for the processing of your data is the declared consent. Otherwise, the data processed with the help of cookies is processed on the basis of of our legitimate interests (e.g. in the business operation of our online offering and the improvement of its usability) or, if this is done in the context of the fulfillment of our contractual obligations, if the use of cookies is required. if the use of cookies is necessary to fulfill our contractual obligations. To which purposes the cookies are processed by us, we clarify this in the course of this data protection declaration or in the context of our consent and processing procedures.
Storage duration: With regard to the storage period, the following types of cookies are distinguished distinguished:
- Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest deleted at the latest after a user has left an online offer and closed his or her end device (e.g., browser or mobile application) has been clos
- Permanent cookies: Permanent cookies remain stored even after closing the end device. stored. For example, the login status can be stored or preferred content can be displayed directly content can be displayed directly when the user visits a website again. Likewise, the user data collected with the help of cookies can be used for can also be used to measure the reach of the website. If we do not provide users with explicit information about the type and storage period of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and the assume that cookies are permanent and can be stored for up to two years.
General information on revocation and objection (so-called "opt-out"):Users can revoke the consent they consent at any time and object to the processing in accordance with the legal requirements. object to the processing. For this purpose, users can, among other things, restrict the use of cookies in the settings of their browsers. (whereby this may also restrict the functionality of our online offer). An objection to the use of cookies for online marketing purposes can also be made via the websites https://optout.aboutads.info und https://www.youronlinechoices.com/ be explained.
- Legal basis: Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO). Consent (Art. 6 Abs. 1 S. 1 lit. a) DSGVO).
Further guidance on processing operations, procedures and services:
- Processing of cookie data on the basis of consent:We use a procedure for the Cookie Consent Management Procedure, under which the consent of users to the use of cookies, or the processing operations and providers mentioned in the cookie consent management procedure. can be obtained as well as managed and revoked by the users. The declaration of consent is stored stored in order not to have to repeat the request and to be able to prove the consent in accordance with the legal obligation. legal obligation. The storage can be server-side and/or in a cookie (so-called opt-in cookie, or with the aid of comparable technologies), in order to assign the consent to a user user or his or her device. Subject to individual information on the providers of cookie management services, the following information applies: The duration of the storage of the consent can be up to two years. Here, a pseudonymous user identifier is formed and linked to the time of the consent, information about the scope of the consent (e.g., which categories of cookies and/or service providers) as well as the browser, system and end device used; Legal basis: Consent (Art. 6 Abs. 1 S. 1 lit. a) DSGVO).
Provision of the online offer and web hosting
We process users' data in order to provide them with our online services. For this purpose we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's to transmit the contents and functions of our online services to the user's browser or terminal device..
- Types of data processed: Usage data (e.g. web pages visited, interest in content, access times); meta, communication, and process data (e.g., IP addresses, time, identification numbers, consent status).
- Affected persons: Users (e.g., website visitors, users of online services).
- Purposes of processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).). Security measures.
- Legal basis: Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO).
Further guidance on processing operations, procedures and services:
- Collection of access data and log files:The access to our online offer is logged in the form of so-called so-called "server log files". The server log files may include the address and name of the retrieved web pages and files, date and time of access, amount of data transferred, notification of successful access, browser type and version, the operating system of the user, referrer URL (the previously visited page) and, as a rule IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. for security purposes, e.g., to avoid overloading the servers (especially in the event of attacks, so-called DDoS attacks) and, on the other hand, to ensure the utilization of the servers and their stability. stability;Legal basis: Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO). Deletion of data: Log file information is stored for a maximum stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is required for evidentiary purposes are exempt from deletion until final clarification of the respective incident. excluded.
Contact and request management
When contacting us (e.g. by mail, contact form, e-mail, telephone or via social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed insofar as this is this is necessary to respond to the contact requests and any requested measures.
- Types of data processed: Contact data (e.g., e-mail, telephone numbers); content data (e.g., entries in online forms); usage data (e.g., websites visited, interest in content, access times). entries in online forms); usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. .IP addresses, time data, identification numbers, consent status).
- Affected persons: Communication partner.
- Processing purposes: Contact requests and communication; managing and responding to Inquiries; Feedback (e.g., collecting feedback via online form). Provision of our online offer and user-friendliness.
- Legal basis: Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO).
Created with free Datenschutz-Generator.de by Dr. Thomas Schwenke