General

As the operator of this website and as a company, we come into contact with your personal data. This refers to all data that says something about you and with which you can be identified. In this privacy policy, we would like to explain to you how, for what purpose and on what legal basis we process your data.

We are responsible for data processing on this website and in our company:

IT Verlag für Informationstechnik GmbH
Ludwig-Ganghofer-Str. 51
83624 Otterfing
Phone: +49 8104 64940
E-mail: [email protected], [email protected]

General information

SSL or TLS encryption

When you enter your data on websites, place online orders or send e-mails over the Internet, you must always be prepared for unauthorized third parties to access your data. There is no complete protection against such access. However, we do everything we can to protect your data
as well as possible and to close security gaps as far as we can.

An important protection mechanism is the SSL or TLS encryption of our website, which ensures that data that you transmit to us cannot be read by third parties. You can recognize the encryption by the lock icon in front of the Internet address entered in your browser and by the fact that our Internet address begins with https:// and not with http://.

How long do we store your data?

In some places in this privacy policy, we inform you about how long we or the companies that process your data on our behalf store your data. If no such information is provided, we will store your data until the purpose of the data processing no longer applies, you object to the data processing or you withdraw your consent to the data processing.

However, in the event of an objection or revocation, we may continue to process your data if at least one of the following conditions is met:

• We have compelling legitimate grounds for continuing the data processing that outweigh your interests, rights and freedoms (only if you object to the data processing; if the objection is directed against direct marketing, we cannot provide any legitimate grounds).
• Data processing is necessary in order to assert, exercise or defend legal claims (does not apply if your objection is directed against direct advertising).
• We are legally obliged to retain your data. In this case, we will delete your data as soon as the requirement(s) cease(s) to apply.

Data transfer to the USA

We also use tools on our website from companies that transfer your data to the USA and store and, if necessary, process it there. The European Commission has adopted an adequacy decision for the EU-US data protection framework. This establishes that the USA guarantees an adequate level of protection for personal data from the EU that is transferred to US companies. This decision is based on new safeguards and measures introduced by the US to meet data protection requirements. The adequacy decision includes, among other things, restrictions and safeguards on access to the data by US intelligence services. Binding safeguards have been introduced to limit the access of US intelligence agencies to what is necessary and proportionate to protect national security. In addition, increased oversight of the activities of the US intelligence services has been established to ensure that the restrictions on surveillance activities are complied with. An independent redress mechanism has also been established to handle and resolve complaints from European citizens about access to their data. The
EU-US data protection framework thus enables European companies to transfer data to certified US companies without having to introduce additional data protection safeguards. You can view a list of all certified companies at the following link: https://www.dataprivacyframework.gov/s/participant-search

A change to the European Commission’s decision cannot be ruled out.

Data Protection Officer

We have appointed a data protection officer for our company.

DataGAP GmbH
Bessemerstr. 82, 10th floor south
12103 Berlin
E-mail address: [email protected]
Telephone number: +49 030 577 10 513

Your rights

Objection to data processing

IF YOU READ IN THIS DATA PROTECTION DECLARATION THAT WE HAVE LEGITIMATE INTERESTS FOR THE PROCESSING OF YOUR DATA AND THEREFORE BASE THIS ON ART. 6 ABS. 1 SENTENCE 1 LIT.

F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THIS IN ACCORDANCE WITH ART. 21 GDPR, YOU HAVE THE RIGHT TO OBJECT TO THIS. THIS ALSO APPLIES TO PROFILING BASED ON THE AFOREMENTIONED PROVISION. THE PREREQUISITE IS THAT YOU STATE REASONS FOR THE OBJECTION THAT ARISE FROM YOUR PARTICULAR SITUATION. NO JUSTIFICATION IS REQUIRED IF THE OBJECTION IS DIRECTED AGAINST THE USE OF YOUR DATA FOR DIRECT ADVERTISING.

THE CONSEQUENCE OF THE OBJECTION IS THAT WE MAY NO LONGER PROCESS YOUR DATA. THIS ONLY DOES NOT APPLY IF ONE OF THE FOLLOWING CONDITIONS APPLIES:

• WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS.
• THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

THE EXCEPTIONS DO NOT APPLY IF YOUR OBJECTION IS DIRECTED AGAINST DIRECT ADVERTISING OR AGAINST PROFILING IN CONNECTION WITH THIS.

Further rights

Revocation of your consent to data processing

Many data processing operations are based on your consent. You give this consent, for example, by ticking the appropriate box on online forms before you send the form or by allowing certain cookies when you visit our website. You can withdraw your consent at any time without giving reasons (Art. 7 para. 3 GDPR). We may then no longer process your data from the time you withdraw your consent. The only exception: We are legally obliged to retain the data for a certain period of time. Such retention periods exist in particular in tax and commercial law.

Right to lodge a complaint with the competent supervisory authority

If you believe that we are in breach of the General Data Protection Regulation (GDPR), you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. You may contact a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement
. The right to lodge a complaint exists in addition to administrative or judicial remedies.

Right to data portability

Data that we process automatically on the basis of your consent or in fulfillment of a contract must be handed over to you or a third party in a commonly used, machine-readable format if you request this. We can only transfer the data to another controller if this is technically possible.

Right to data access, erasure and rectification

In accordance with Art. 15 GDPR, you have the right to receive information free of charge about what personal data we have stored about you, where the data comes from, to whom we transmit the data and for what purpose it is stored. If the data is incorrect, you have the right to rectification (Art. 16 GDPR); under the conditions of Art. 17 GDPR, you may request that we erase the data.

Right to restriction of processing

In certain situations, you can request that we restrict the processing of your data in accordance with Art. 18 GDPR. The data may then – apart from storage – only be processed as follows:

• with your consent
• for the assertion, exercise or defense of legal claims
• to protect the rights of another natural or legal person
• for reasons of important public interest of the European Union or a Member State

The right to restriction of processing exists in the following situations:

• You have disputed the accuracy of your personal data stored by us and we need time to check this. Here you have the right for the duration of the review.
• The processing of your personal data is unlawful or was unlawful in the past. In this case, you have the alternative right to erasure of the data.
• We no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims. Alternatively, you have the right to have the data erased.
• You have lodged an objection in accordance with Art. 21 (1) GDPR and now your interests and ours must be weighed against each other. You have the right to do so as long as the result of the balancing process has not yet been determined.

Hosting and Content Delivery Networks (CDN)

External hosting

Our website is hosted on a server of the following internet service provider (hoster): SD Solutions, Gerhart-Hauptmann-Str. 83, 90763 Fürth

Has an order processing contract been concluded with the hoster or are standard contractual clauses (SCC) used?
Yes

How do we process your data?

The host stores all data from our website. This also includes all personal data that is collected automatically or through your input. This may include in particular Your IP address, pages accessed, names, contact details and inquiries as well as meta and communication data. When processing data, our hoster complies with our instructions and only ever processes the data to the extent that this is necessary to fulfill the service obligation to us.

On what legal basis do we process your data?

Since we address potential customers via our website and maintain contact with existing customers, data processing by our hoster serves to initiate and fulfill contracts and is therefore based on Art. 6 para. 1 lit. b) GDPR. In addition, it is our legitimate interest as a company to provide a professional website that meets the necessary requirements for security, speed and efficiency. In this respect, we also process your data on the basis of Art. 6 para. 1 lit. f) GDPR.

Cloudflare

What is Cloudflare?
Content Delivery Network (CDN) with Domain Name System (DNS)

Who processes your data?
Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, USA

Has an order processing contract been concluded with Cloudflare?
Yes

Where can you find more information about data protection at Cloudflare?
https://www.cloudflare.com/privacypolicy/

On what basis do we transfer your data to the USA?
Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How do we process your data?
We use the services of Cloudflare for our website. The global content delivery network ensures that all the content we provide online reaches you quickly, even when large amounts of data have to be moved over long distances. This is made possible by Cloudflare, with all its technical capabilities and servers around the world, being placed between our website and your browser, analyzing the traffic and filtering out malicious data before it reaches our server. Cloudflare also comes into contact with personal data that is collected via our website. The company may also use cookies or other technologies to recognize Internet users. Data processing by Cloudflare always serves the sole purpose of enabling fast data traffic.

On what legal basis do we process your data?

We have a legitimate interest in providing visitors to our website with an online offering that is as fast and efficient as possible. Data processing is therefore carried out on the basis of Art. 6 para. 1 lit. f) GDPR.

Data collection on this website

Use of cookies

Our website places cookies on your device. These are small text files that are used for different purposes. Some cookies are technically necessary for the website to function at all (necessary cookies). Others are required to perform certain actions or functions on the site (functional cookies). For example, without cookies it would not be possible to use the benefits of a shopping basket in an online store. Other cookies are used to analyze user behavior or to optimize advertising measures. If we use third-party services on our website, e.g. to process payment transactions, these companies may also leave cookies on your device when you access the website (so-called third-party cookies).

How do we process your data?

Session cookies are only stored on your device for the duration of a session. As soon as you close the browser, they disappear automatically. Permanent cookies, on the other hand, remain on your device if you do not delete them yourself. This can lead, for example, to your user behavior being permanently analyzed. You can use the settings in your browser to influence how it handles cookies:

• Do you want to be informed when cookies are set?
• Do you want to exclude cookies in general or for certain cases?
• Do you want cookies to be deleted automatically when you close your browser?

If you deactivate or do not allow cookies, the functionality of the website may be restricted. If we use cookies from other companies or for analysis purposes, we will inform you about this in this privacy policy. We also ask for your consent in this regard when you visit our website.

On what legal basis do we process your data?

We have a legitimate interest in ensuring that our online services can be used by visitors without technical problems and that all desired functions are available to them. The storage of necessary and functional cookies on your device is therefore based on Art. 6 para. 1 lit. f) GDPR. We use all other cookies on the basis of Art. 6 para. 1 lit. a) GDPR, provided that you give us your consent to do so. You can revoke this consent at any time with effect for the future. If you have consented to the placement of necessary and functional cookies when your consent was requested, these cookies will also be stored exclusively on the basis of your consent.

Advertising and tracking-free access with contentpass

On our website we offer you a service for ad-free and tracking-free access. This service is called contentpass and is offered by Content Pass GmbH, Wolfswerder 58, 14532 Kleinmachnow, Germany. When you subscribe to the service, contentpass becomes your contractual partner. You can find more information about this service at contentpass.net.

In order to display and thus offer you this service on our website, contentpass processes your IP address on our behalf at the beginning of your website visit. For the registration and contract processing of contentpass and the associated data processing, contentpass is the controller within the meaning of the GDPR. We are solely responsible for processing your IP address. The processing is necessary for technical reasons in order to be able to display and offer you the contentpass service. For more information on data processing at contentpass, please read their privacy policy.

The basis for the data processing of the IP address, as part of our order processing with contentpass, is our legitimate interest in offering you the opportunity to access our website without advertising and tracking and your legitimate interest in using our website practically without advertising and tracking [Art. 6 para. 1 sentence 1 letter f) GDPR, in conjunction with § 25 para. 2 no. 2 TDDDG]. In addition, we hereby fulfill the legal obligation to obtain legally compliant consent to data processing requiring consent [Art. 6 para. 1 lit. c) GDPR in conjunction with § 25 para. 2 no. 2 TDDDG].
You can subscribe to contentpass and log in here.

Cookie consent with CCM19

What is CCM19?

Consent management provider (CMP) for obtaining, processing and forwarding GDPR-compliant consent

Who processes your data?
Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn

Has an order processing contract been concluded with CCM19?
Yes

Where can you find more information about data protection at CCM19?
https://www.ccm19.de/datenschutzerklaerung.html

How do we process your data?

We use CCM19 to obtain your consent to the storage of cookies on your device and to document this in compliance with data protection regulations. When you visit our website and close the CCM19 cookie window with the request for consent, the following data is transmitted to the company:

• Your IP address (from which your country is also determined)
• the browser used
• the language used
• the website accessed

In addition, CCM19 stores various cookies in your browser in order to be able to assign the consents given or their revocation to your browser. All data collected will be stored until the cookies are no longer needed, you delete the cookies from CCM19 or you ask us to delete the data. This only does not apply if we are legally obliged to store the data.

On what legal basis do we process your data?

We are legally obliged to obtain the consent of our website visitors for the use of certain cookies. To fulfill this obligation, we use CCM19. The legal basis for data processing is therefore Art. 6 para. 1 lit. c) GDPR

Server log files

Server log files log all requests and access to our website and record error messages. They also contain personal data, in particular your IP address. However, this is anonymized by the provider after a short time so that we cannot assign the data to you personally. The data is automatically transmitted from your browser to our provider.

How do we process your data?

Our provider stores the server log files in order to be able to track the activities on our website and to detect errors. The files contain the following data:

• Browser type and version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address (anonymized if necessary)

We do not merge this data with other data, but only use it for statistical analysis and to improve our website.

On what legal basis do we process your data?

We have a legitimate interest in ensuring that our website runs smoothly. It is also in our legitimate interest to obtain an anonymized overview of access to our website. Data processing is therefore lawful in accordance with Art. 6 para. 1 lit. f) GDPR.

Contact form

You can send us a message using the contact form on this website.

How do we process your data?

We store your message and the information from the form in order to be able to process your request, including follow-up questions. This also applies to the contact details provided. We will not pass the data on to other persons without your consent.

How long do we store your data?

We delete your data as soon as one of the following points occurs:

• Your request has been finally processed.
• You ask us to delete the data.
• You revoke your consent to storage.

This only does not apply if we are legally obliged to retain the data.

On what legal basis do we process your data?

If your request is related to our contractual relationship or serves the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b) GDPR. In all other cases, it is in our legitimate interest to process inquiries addressed to us effectively. The legal basis for data processing is therefore Art. 6 para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 para. 1 lit. a) GDPR is the legal basis. In this case, you can withdraw your consent at any time with effect for the future.

Request by e-mail, telephone or fax

You can send us a message by e-mail or fax or give us a call.

How do we process your data?

We store your message and the contact details you have provided or the telephone number you have transmitted so that we can process your inquiry, including any follow-up questions. We will not pass the data on to other persons without your consent.

How long do we store your data?

We delete your data as soon as one of the following points occurs:

• Your request has been finally processed.
• You ask us to delete the data.
• You revoke your consent to storage.

This only does not apply if we are legally obliged to retain the data.

On what legal basis do we process your data?

If your request is related to our contractual relationship or serves the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b) GDPR. In all other cases, it is in our legitimate interest to process inquiries addressed to us effectively. The legal basis for data processing is therefore Art. 6 para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 para. 1 lit. a) GDPR is the legal basis. In this case, you can withdraw your consent at any time with effect for the future.

Eventbrite

What is Eventbrite?

Tool for booking tickets for various events

Who processes your data?
Eventbrite, Inc, Delaware, 155 5th Street, Floor 7, San Francisco, CA 94103, USA

Has an order processing contract been concluded with Eventbrite?
Yes

Where can you find more information about data protection at Eventbrite?
https://www.eventbrite.de/support/articles/de/Troubleshooting/datenschutzrichtlinie-von- eventbrite?lg=en

How do we process your data?
When you book a ticket, Eventbrite collects the data you provide, payment data, IP address and other metadata (browser, operating system, version, end device).

On what basis do we transfer your data to the USA?
Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How long do we store your data?

We delete your data as soon as one of the following points occurs:

• The purpose of the data processing no longer applies.
• You ask us to delete the data.
• You revoke your consent to storage.

This only does not apply if we are legally obliged to retain the data.

On what legal basis do we process your data?

We have a legitimate interest in providing an uncomplicated ticket booking system. Data processing is therefore carried out on the basis of Art. 6 para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 para. 1 lit. a) GDPR is the sole legal basis. In this case, you can withdraw your consent at any time with effect for the future.

Salesforce Sales Cloud

What is the Salesforce Sales Cloud?

Platform for Customer Relationship Management (CRM), i.e. the management of customer relationships in the areas of marketing, sales and service

Who processes your data?
salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany

Has an order processing contract been concluded with Salesforce?
Yes

Where can you find more information about data protection at Salesforce?

https://www.salesforce.com/de/company/privacy

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How do we process your data?

We use the CRM Salesforce Sales Cloud to record, sort and analyze customer interactions via email, social media and telephone across various channels. We evaluate the personal data collected and use it to communicate with (potential) customers or for marketing measures, such as newsletter mailings. Salesforce also enables us to record and analyze the behavior of our website visitors.

On what legal basis do we process your data?

We have a legitimate interest in the most efficient customer management and communication possible. Data processing is therefore carried out on the basis of Art. 6 para. 1 lit. f) GDPR. If you have consented to the storage of your data, the legal basis is exclusively Art. 6 para. 1 lit. a) GDPR. In this case, you can revoke your consent at any time with effect for the future.

Registration function

In order to use certain functions or offers on our website, you must register. This requires you to enter your e-mail address and possibly other personal data.

How do we process your data?

We store the data you provide during registration and use it to provide you with the function or offer for which you have registered. If there are any changes to the offer or function, we will use your e-mail address to inform you. We also use your e-mail address to make you further contractual offers if necessary.

How long do we store your data?

We delete your data as soon as one of the following points occurs:

• The purpose of the data processing no longer applies.
• You ask us to delete the data.
• You revoke your consent to storage.

This only does not apply if we are legally obliged to retain the data.

On what legal basis do we process your data?

We store and use your data in order to fulfill the user relationship established during registration and, if necessary, to initiate further contracts. The legal basis is therefore Art. 6 para. 1 lit. b) GDPR.

Registration with Google

What is Google?

Search engine and provider of various digital products, tools and services

Who processes your data?
Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland

Has an order processing contract been concluded with Google?
Yes

Where can you find more information about data protection at Google?
https://policies.google.com/privacy

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How do we process your data?

You can also register on our website via Google. All you have to do is log in to your Google account with your name and password using the corresponding button. Google will then confirm your identity. If you have allowed this in the Google security settings, we can also complete your profile with data from your Google account. You can find the Google security settings here: https://myaccount.google.com/security and https://myaccount.google.com/permissions.

How long do we store your data?

We store your registration data for a specific purpose until you finally unsubscribe from our website. However, (partial) storage beyond this may take place due to mandatory legal requirements.

On what legal basis do we process your data?

You decide whether you register on our website via your Google account and allow us to access your profile data on Google. If you choose this option, you consent to the data processing. This is therefore lawful on the basis of Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time with effect for the future.

Social media plugins

Use of social media plugins

Regular use

We use social media plugins on our website. You can recognize them by the social network logos. Thanks to the plugins, you can easily share the content on our website in social networks. The individual plugins we use can be found in the list at the end of this section. Here you will also find the relevant data protection information for the networks.

How do we process your data?

Due to the embedded plugins, a connection to the servers of the social networks is established when you visit our website. This happens even if you do not share any content. In this way, the offering companies learn that the website was visited via your IP address. If you are logged into your social network account when you visit our website, the transmitted data can also be assigned to your personal profile. If you do not want this to happen, you must log out of your account before you continue surfing the Internet.

With the exception of Xing, all networks store the IP address. Other personal data may be added. Your data is usually transferred to servers in the USA. If this is the case, you can find out the basis on which this is done in the information on the networks below.

On what legal basis do we process your data?

It is important for the success of our company to be present in social networks. It is therefore in our legitimate interest to use social media plugins to ensure that the content of our website and our offers can be easily shared. The legal basis for data processing is Art. 6 para. 1 lit. f) GDPR.

If you have consented to data processing, we process your data exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time. We may no longer process your data from the time you withdraw your consent.

By activating the button, you give your consent for a link to be established to the social network concerned, for your IP address and possibly other data to be transmitted and for your surfing behavior to be tracked by the social media company. Data processing is therefore lawful pursuant to Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time. We may no longer process your data from the time you withdraw your consent.

Which social media plugins do we use?

Facebook

What is Facebook?

Social network

Who processes your data?

Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland

Where can you find more information about data protection on Facebook?
https://de-de.facebook.com/privacy/explanation

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

X

What is X?

Social network

Who processes your data?
Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland

Where can you find more information about data protection at X?
https://twitter.com/de/privacy

On what basis do we transfer your data to the USA?

On the basis of standard contractual clauses of the European Commission (see https://gdpr.twitter.com/e n/controller-to-controller-transfers.html)

Instagram

What is Instagram?

Social network

Who processes your data?

Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Where can you find more information about data protection on Instagram?
https://instagram.com/about/legal/privacy/

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

LinkedIn

What is LinkedIn?

Social network

Who processes your data?

LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland

Where can you find more information about data protection at LinkedIn?

https://www.linkedin.com/legal/privacy-policy

On what basis do we transfer your data to the USA?

On the basis of standard contractual clauses of the European Commission (see https://www.linkedin.com/le gal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs)

Analysis tools and advertising

We use the following tools to analyze the behavior of our website visitors and to show you advertising.

INFOnline Measurement

Our website uses the multi-stage measurement method ‘INFOnline Measurement’ from INFOnline GmbH (https://www.INFOnline.de) to determine statistical parameters (page impression, visit, (technical) client) about the use of our digital offering. The aim of usage measurement is to statistically determine the number of visits to our website, the number of website visitors and their surfing behavior – on the basis of a uniform standard procedure – and thus to obtain market-wide comparable values. As a member of the Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V. (IVW – https://www.ivw.eu ), the usage statistics are regularly provided by the IVW with the performance values ‘Page Impression’ and ‘Visit’ in the IVW report (https://ausweisungdigital.ivw.de/ ).

1. Legal basis for processing
   The measurement with INFOnline Measurement (pseudonymous system: IOMp) by INFOnline GmbH is carried out as part of a usage measurement with consent in accordance with Art. 6 para. 1 lit. a) GDPR. The purpose of processing personal data is to generate digital performance values (page impression, visit and (technical) client) for the creation of statistics. The statistics are used to track and document the use of our website.

2. Type of data
   The data collected with INFOnline Measurement does not allow a user to be clearly identified as a person due to the types and amount of data. A JavaScript code (so-called ‘Measurement Manager’) is used, which automatically integrates and executes the necessary measurement sensors for anonymous and / or pseudonymous data processing to determine the key figures on the basis of the consent information from the Consent Management Platform (CMP) used by the provider for the digital offer when called up via the browser or the user’s end device (client). INFOnline Measurement is designed as an anonymous system (without client identifier) and as a pseudonymous system (with client identifier).
   The anonymous census procedure (IOMb) does not process any personally identifiable information at all, in particular the IP address. This is completely removed from communication and processing. For this purpose, a communication interface, the so-called ‘service platform’, prevents the exchange of the user’s IP address with the INFOnline systems as a measurement endpoint within the framework of INFOnline Measurement. The IP address as personal data is discarded in the census procedure on the service platform before the measurement call is forwarded to INFOnline. There is also no geolocalization using the IP address. The data set generated in the census procedure is a pure PI data collection.
   In the pseudonymous measurement procedure (IOMp), the following data is collected with the 3rd party cookie ‘i00’ (ioam.de) and the 1st party cookie ‘ioam2018’, which has a personal reference according to the EU GDPR:

• IP address: On the Internet, every device requires a unique address, the so-called IP address, to transmit data. The at least temporary storage of the IP address is technically necessary due to the way the Internet works. The IP addresses are processed in an unabridged form using a pseudonymized procedure.
• A randomly generated client identifier: Reach measurement uses unique identifiers of the end device, a ‘Local Storage Object’ (LSO) or a signature that is created from various automatically transmitted information from your browser to recognize computer systems. This identifier is unique for a browser as long as the cookie or local storage object is not deleted. It may also be possible to measure the data and subsequently assign it to the respective identifier if you visit other websites that also use INFOnline GmbH’s pseudonymous measurement method. The following unique identifiers can be transmitted to INFOnline GmbH as a hash:
• shortened client IP or X-Forwarded-For (XFF)
• User agent (as hash)
  Personal data within the meaning of the EU GDPR is only used for measurement to the extent that a JavaScript is used against a user who has been assigned an individual IP address and a randomly generated client identifier to access web content.

3. Use of data
   The INFOnline GmbH measurement method used on this website determines usage data. This is done in order to collect the performance values Page Impression, Visit and Client.

• Geolocalization
  The assignment of a website visit to the location of the visit is carried out using the pseudonymous measurement method (IOMp) on the basis of the IP address and only up to the geographical level of the federal states / regions. Under no circumstances can the geographical information obtained in this way be used to draw conclusions about a user’s specific place of residence.
• Cross-offer consolidation of usage data
  The usage data of a (technical) client (e.g. a browser on a device) is consolidated across websites using the pseudonymous measurement method (IOMp) and stored in a database.

4. Data Retention Period
   In the census method, the shortened IP address is discarded. In the pseudonymous method, the IP address is stored for a maximum of 60 days. Usage data linked to the unique identifier is stored for a maximum of 6 months in the pseudonymous method. The validity of the cookies used in the pseudonymous method — ‘i00’ and ‘ioam2018’ — on the user’s device is limited to a maximum of 1 year.

5. Forwarding of data
   The IP address is not forwarded.
6. Rights of the data subject
   The data subject has the following rights: right of access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to object (Art. 21 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 et seq. GDPR), right to data portability (Art. 20 GDPR), right to withdraw consent (Art. 7 (3) GDPR).
   For inquiries of this kind, please contact [email protected]. Please note that we must ensure that we are actually dealing with the data subject for such requests. The data subject has the right to lodge a complaint with a data protection authority. Further information on data protection in INFOnline Measurement can be found on the website of INFOnline GmbH (https://www.infonline.de), which operates the measurement procedure.

Google Tag Manager

What is Google Tag Manager?

Tag management system for the integration of tracking codes and conversion pixels of Google Ireland. Ltd.

Who processes your data?

Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland

Where can you find more information about data protection at Google Tag Manager?

https://policies.google.com/privacy

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How do we process your data?

We use the Google Tag Manager. This tool helps us to integrate tracking codes and conversion pixels into our website, manage them and play them out. Google Tag Manager does not create any user profiles itself, does not place any cookies on your device and does not analyze your behavior as a user. However, it does record your IP address and transmits it to Google servers in the USA.

On what legal basis do we process your data?

We have a legitimate interest in the fast and uncomplicated integration and management of various tools on our website. The use of Google Tag Manager is therefore lawful under Art. 6 (1) (f) GDPR. If you have consented to the forwarding of your IP address, we process your data exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.

Google Analytics

What is Google Analytics?

Tool for the analysis of user behavior of Google Ireland Ltd.

Who processes your data?

Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland

Has a data processing agreement been concluded with Google Analytics?

Yes

Where can you find more information about data protection at Google Analytics?

https://support.google.com/analytics/answer/6004245?hl=de

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How can you prevent data collection?

Among other things with a browser plugin: https://tools.google.com/dlpage/gaoptout?hl=de

How do we process your data?

We are always interested in optimizing our web offering for visitors to our website and placing advertising in the best possible way. Google Analytics, a tool that analyzes user behavior and thus provides us with the necessary database for adjustments, helps us to do this. The tool provides us with information about the origin of our visitors, their page views and the time they spend on the pages, as well as the operating system they use.

Standard processing

To collect the data, Google Analytics uses cookies, device fingerprinting or other technologies to recognize users. The data is transmitted to Google servers in the USA and summarized in a profile that can be assigned to you or your device using the IP address that is also recorded.

You can prevent Google from processing your data by installing a browser plug-in that Google itself provides: https://tools.google.com/dlpage/gaoptout?hl=de.

IP anonymization

We have activated the “IP anonymization” function within Google Analytics. For you, this means that Google shortens your IP address (from the EU or EEA) before transmitting it to the USA. Only in exceptional cases does Google transmit the full IP address to servers in the USA and truncate it there.

Demographic characteristics

We use the “demographic characteristics” function of Google Analytics to display suitable advertisements to visitors to our website within the Google advertising network. As a result, reports can be created that contain statements about the age, gender and interests of our website visitors. This data comes from interest-based advertising from Google and visitor data from third-party providers. It is not possible to assign the collected data to specific persons. You can deactivate this function in the settings of your Google account.

How long do we store your data?

Google deletes or anonymizes data stored at user and event level that is linked to cookies, user identifiers (e.g. user IDs) or advertising IDs after 14 months according to its own information (see https://support.google.com/analytics/answe r/7667196?hl=de).

On what legal basis do we process your data?

As a website operator, we have a legitimate interest in the analysis of user behavior for the purpose of optimizing our website and the advertising placed on it. Data processing is therefore lawful under Art. 6 (1) (f) GDPR. In the event that you have consented to the storage of cookies, for example, or have otherwise consented to data processing by Google Analytics, the legal basis is exclusively Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.

Google AdSense (not personalized)

What is Google AdSense?

Service for the integration of advertisements from Google Ireland Ltd.

Who processes your data?

Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland

Has an order processing contract been concluded with Google AdSense?

Yes

Where can you find more information about data protection at Google AdSense?

https://www.google.de/intl/de/policies/privacy/ and https://policies.google.com/technologies/ads

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How do we process your data?

We integrate the advertisements on our website with Google AdSense. We use the service in non-personalized mode. This means that the ads are not displayed on the basis of your user behavior, nor is a user profile created for you. Instead, they are selected based on contextual information, e.g. your location, the website you are currently on or your current search terms. You can find out more about the differences between personalized and non-personalized targeting with Google AdSense at: https://support.google.com/adsense/answer/9007336.

Even in non-personalized mode, Google AdSense uses cookies, device fingerprinting and similar technologies to recognize users. Google justifies this by stating that fraud and abuse should be prevented.

You can adjust the advertising settings in your Google account. To do this, click on the following link and log in: https://adssettings.google.com/authenticated.

On what legal basis do we process your data?

As a website operator, we have a legitimate interest in the effective marketing of our services and products. Data processing is therefore lawful under Art. 6 (1) (f) GDPR. In the event that you have consented to the storage of cookies, for example, or have otherwise consented to data processing, the legal basis is exclusively Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.

META Pixel

What is META Pixel?

Tool for analyzing user behavior that measures the effectiveness of advertising on Facebook

Who processes your data?

Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland

Has an order processing contract been concluded with META Pixel?

Yes

Where can you find more information about data protection at META Pixel?
https://de-de.facebook.com/about/privacy/

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How can you prevent data processing?

If you have a Facebook account: Deactivate the remarketing function “Custom Audiences” in the settings for advertisements(https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen).

If you do not have a Facebook account: Deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

How do we process your data?

We use the META Pixel on our website. This analysis tool helps us to learn more about the behavior of visitors to our website after they have clicked on one of our ads on Facebook. This enables us to measure how effective our Facebook advertising is and to align future advertising measures with the knowledge gained. The data that Facebook collects via the pixel is anonymous to us as the operator of this website. We are therefore unable to identify you as a visitor. However, the data is stored and processed by Facebook. Facebook establishes a connection to your Facebook account via the pixel and also uses the data to place advertisements within and outside the network (see Facebook Data Usage Policy).
In the course of storage and processing, Facebook also transfers the data to the USA and other third countries.

If you have a Facebook account, you can deactivate the remarketing function “Custom Audiences” in the settings for advertisements at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

If you do not have a Facebook account, you have the option of deactivating usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

On what legal basis do we process your data?

As a website operator, we have a legitimate interest in effective advertising measures in social networks. Data processing is therefore lawful under Art. 6 (1) (f) GDPR. In the event that you have consented to the storage of cookies, for example, or have otherwise consented to data processing by Facebook, the legal basis is exclusively Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.

Newsletter and postal advertising

Mailchimp

What is Mailchimp?

Service for sending newsletters and analyzing recipient behavior

Who processes your data?

Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA

Has an order processing contract been concluded with Mailchimp?

Yes

Where can you find more information about data protection at Mailchimp?
https://mailchimp.com/legal/privacy and https://mailchimp.com/de/gdpr/

On what basis do we transfer your data to the USA?

Mailchimp has so-called standard contractual clauses that permit the transfer of data to the USA:
https://mailchimp.com/legal/data-processing-addendum/#9._Jurisdiction-Specific_Terms

How do we process your data?

We use Mailchimp to send out our newsletter. The service manages the data of newsletter subscribers for us, sends out our newsletter and analyzes our newsletter campaigns. If you would like to receive our newsletter, we need your e-mail address. We will also use a confirmation e-mail (double opt-in procedure) to check whether you are really the owner of this e-mail address. We do not collect any further data or only on a voluntary basis. We use your data exclusively for sending the newsletter. They are stored on a Mailchimp server in the USA.

If we send a newsletter via Mailchimp and you open it, a file contained in the newsletter automatically connects to the Mailchimp servers. This tells the service that the newsletter has been opened and registers all clicks on the links it contains. In addition, Mailchimp collects technical information such as the time of access, IP address, browser type and operating system. You can unsubscribe from the newsletter at any time.

How long do we store your data?

After you have unsubscribed, your data will be deleted from the newsletter distribution list. Under certain circumstances, we may also place your e-mail address on a blacklist; this is necessary, for example, if we have received an objection to advertising from you. In this case, the legal basis for storage is Art. 6 para. 1 lit. f) GDPR.

Furthermore, we reserve the right to delete the data at any time once the purpose for which it was collected no longer applies or at our own discretion.

On what legal basis do we process your data?

By adding your name to the subscriber list, you consent to data processing by Mailchimp. This is therefore lawful on the basis of Art. 6 para. 1 lit. a) GDPR. You can revoke your consent by unsubscribing from the newsletter or by sending us an informal message. For us, this means that we may no longer send you newsletters from this point on.

Brevo

What is Brevo?

Service for sending newsletters and messages, analyzing recipient behavior and managing marketing activities

Who processes your data?

Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany

Has an order processing contract been concluded with Brevo?

Yes

Where can I find more information about data protection at Brevo?

https://www.brevo.com/de/legal/privacypolicy/ and https://www.brevo.com/de/legal/antispampolicy/

How do we process your data?

Brevo allows us to manage a database of email contacts, phone numbers or any other contact information to communicate with customers and other interested parties. Information can also be collected about the date and time a message was read, as well as when the contact interacts with incoming messages, for example by clicking on links contained in them.

It is also possible to send – timed – messages to customers and other interested parties.

If you would like to receive our newsletter or other messages, we need your e-mail address/corresponding contact information. We will also use a confirmation e-mail (double opt-in procedure) to check whether you are really the owner of this e-mail address and/or telephone number. We do not collect any other data, or only on a voluntary basis. We use your data exclusively for sending newsletters/messages.

If we send a newsletter via Brevo and you open it, a file contained in the newsletter automatically connects to the Brevo servers. This tells the service that the newsletter has been opened and registers all clicks on the links it contains. In addition, Brevo collects technical information such as the time of access, IP address, browser type and operating system.

You can unsubscribe from the newsletter at any time.

How long do we store your data?

After you have unsubscribed, your data will be deleted from the newsletter distribution list. Under certain circumstances, we may also place your e-mail address on a blacklist; this is necessary, for example, if we have received an objection to advertising from you. The storage then takes place on the basis of Art. 6 para. 1 lit. f) GDPR. Furthermore, we reserve the right to delete the data at any time once the purpose for which it was collected no longer applies or at our own discretion.

On what legal basis do we process your data?

By entering the subscriber list, you consent to data processing by Brevo. This is therefore lawful on the basis of Art. 6 para. 1 lit. a) GDPR. You can revoke your consent by unsubscribing from the newsletter or by sending us an informal message. For us, this means that we may no longer send you newsletters from this point on.

Postal advertising

We will send you advertising by post. We use the following service provider for mailing:

How do we process your data?

We store your name and address and use both to send you advertising.

How long do we store your data?

We delete your data as soon as one of the following points occurs:

• The purpose of data processing no longer applies.
• You ask us to delete the data.
• You revoke your consent to receive postal advertising.

This only does not apply if we are legally obliged to retain the data.

On what legal basis do we process your data?

As a company, we have a legitimate interest in sending direct advertising. The basis for data processing is therefore Art. 6 para. 1 sentence 1 lit. f) GDPR in conjunction with recital 47. If you have consented to data processing, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time for the future. If more specific regulations apply, we will inform you of this when collecting the data. These regulations will then take precedence over those mentioned here.

Plugins and tools

YouTube (with extended data protection)

What is YouTube?

Video platform

Who processes your data?

Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland

Where can you find more information about data protection on YouTube?
https://www.youtube.com/intl/ALL_de/howyoutubeworks/our-commitments/protecting-user-data/?gclid=EAIaIQobChMIztKuysSW-gIVjgwGAB0euwPlEAAYASAAEgLBXfD_BwE

How do we process your data?

You can watch YouTube videos on our website. As the provider of YouTube, Google collects and stores certain information about you. However, as we use YouTube in extended data protection mode, this only happens when you start a video. Specifically, the following happens in this case:

1. Google’s servers are informed which of our pages have been visited from your device. If you are logged into your YouTube account while surfing, Google can assign your surfing behavior directly to your personal profile. If you do not want this, you must log out of your YouTube account before you continue surfing the Internet.
2. Google receives information about visitors to our website via cookies, device fingerprinting or similar recognition technologies. On this basis, the company then creates video statistics, makes its application more attractive to users and prevents attempts at fraud.
3. Your data may also be processed beyond this. However, we have no knowledge of the details. We also have no influence on the processing.

Even if you do not start a YouTube video on our website, Google establishes a connection to its DoubleClick network and possibly also to other partners. The extended data protection mode therefore does not mean that Google does not process any of your data when you visit our website.

On what legal basis do we process your data?

By integrating YouTube videos, we want to make our website and our services and offers more appealing. This is our legitimate interest as a company and therefore lawful under Art. 6 (1) (f) GDPR.

If you have consented to data processing, we process your data exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time. We may no longer process your data from the time you withdraw your consent.

Vimeo (without tracking)

What is Vimeo?

Video platform

Who processes your data?

Vimeo Inc, 330 West 34th Street, 5th Floor, New York, New York 10001, USA

Where can you find more information about data protection at Vimeo?
https://vimeo.com/privacy

On what basis do we transfer your data to the USA?

On the basis of standard contractual clauses of the European Commission and legitimate business interests (see https://vimeo.com/privacy#inte rnational_data_transfers_and_certain_user_rights)

How do we process your data?

You can watch Vimeo videos on our website. As soon as you call up a page in which we have embedded a Vimeo video, this is communicated to the Vimeo servers. Vimeo also learns your IP address. However, as we have made the appropriate settings in the Vimeo plugin, Vimeo will neither leave cookies on your device nor track your surfing behavior.

On what legal basis do we process your data?

By integrating Vimeo videos, we want to make our website more appealing. This is our legitimate interest as a company and is therefore lawful under Art. 6 (1) (f) GDPR. If you have consented to data processing, we process your data exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time. We may no longer process your data from the time you withdraw your consent.

Font Awesome (local hosting)

We use icons from the Font Awesome icon library on our website. The library is provided by Fonticons Inc. We have installed the icons locally so that there is no connection to the company’s servers when you visit our website.

Further information about Font Awesome can be found at https://fontawesome.com/ and specifically in the privacy policy: https://fontawesome.com/privacy.

Google Maps

What is Google Maps?

Map service of Google Ireland Ltd.

Who processes your data?

Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland

Where can you find more information about data protection at Google?

https://policies.google.com/privacy?hl=de

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How do we process your data?

We use Google Maps on our website. To enable you to use all the functions of the map service, Google stores your IP address on one of its servers in the USA.

On what legal basis do we process your data?

The maps from Google Maps ensure that the locations specified on our website are easier for visitors to find. As a company, we have a legitimate interest in this. Data processing is therefore lawful under Art. 6 (1) (f) GDPR.

If you have consented to data processing, we process your data exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time. We may no longer process your data from the time you withdraw your consent.

Google reCAPTCHA

What is Google reCAPTCHA?

Test tool for distinguishing between people and computers from Google Ireland Ltd.

Who processes your data?

Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland

Where can you find more information about data protection at Google?

https://policies.google.com/privacy?hl=de

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How do we process your data?

We use Google reCAPTCHA to check whether data entered into forms on our website originates from a human or from a computer. For you, this means that the test tool analyzes your behavior as a visitor to our website based on various characteristics. The analysis does not begin when you use the test tool, but when you visit our website. Various data is recorded, e.g. the IP address, the time spent on our website and mouse movements made. The data is forwarded to Google.

On what legal basis do we process your data?

As a company, we have a legitimate interest in protecting our website from spam and abusive spying. Data processing is therefore lawful under Art. 6 (1) (f) GDPR.

If you have consented to data processing, we process your data exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time. We may no longer process your data from the time you withdraw your consent.

Elementor

What is Elementor?

Plugin for the creation of websites

Who processes your data?

Elementor 8 THE GRN STE A DOVER, DE 19901 USA

Where can you find more information about data protection at Elementor?
https://elementor.com/about/privacy/

On what basis do we transfer your data to the USA?
Elementor complies with the standard contractual clauses of the European Commission (see https://ele mentor.com/about/privacy/)

How do we process your data?

We use the “Elementor Website Builder for WordPress” plugin on our website. This plugin does not process any personal data. However, cookies are used to store the number of page views and active sessions of the user.

On what legal basis do we process your data?

By integrating the Elementor plugin, we want to make our website and our services and offers more appealing. This is our legitimate interest as a company and therefore lawful under Art. 6 (1) (f) GDPR.

Algolia

This website uses the Algolia search technology via an API. The provider is Algolia, Inc. with its registered office at 589 Howard Street, Suite 5, San Francisco, CA 94105, USA.

In order to use the functions of the Algolia search, it is necessary to save your IP address and your search query. This information is usually transmitted to an Algolia server in Europe or the USA and stored there. The operator of this site has no influence on this data transfer. The use of the Algolia search is in the interest of optimal accessibility and easy findability of our online offers. This constitutes a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Further information on the handling of user data can be found in Algolia’s privacy policy: https://www.algolia.com/policies/privacy.

eCommerce and payment providers

Customer and contract data

How do we process your data?

When we conclude a contract with you, we require certain personal data from you. We collect, process and use this data only insofar as it is necessary to establish our legal relationship, to shape its content or to change it. If you can only use our services via our website or if the services are billed via the website, we also collect usage data if this is necessary to enable you to use our services or to bill you for the service used.

How long do we store your data?

We store your data until our legal relationship ends, unless we are legally obliged to store the data for longer.

On what legal basis do we process your data?

We store your data in order to fulfill the contract with you or to carry out pre-contractual measures. The basis for data processing is therefore Art. 6 para. 1 lit. b) GDPR.

Data transmission for shipment of goods

How do we process your data?

When you order goods from us, we transmit your data to companies that we commission with the delivery and/or through which we process the payment. Only data that is necessary for the commissioned company to carry out the specific order will be transmitted. If we wish to pass on data beyond this, we will obtain your consent. We do not pass on your data for advertising purposes.

On what legal basis do we process your data?

We pass on your data in order to fulfill the contract that we have concluded with you. The basis for data processing is therefore Art. 6 para. 1 lit. b) GDPR. Data transmission when using services and digital content

How do we process your data?

To process the payment, we transmit your data to a payment service or the credit institution commissioned to process the payment. We only pass on data that is absolutely necessary for the payment process. If we wish to pass on data beyond this, we will obtain your consent.

On what legal basis do we process your data?

We pass on your data in order to fulfill the contract that we have concluded with you. The basis for data processing is therefore Art. 6 para. 1 lit. b) GDPR. If you have consented to the disclosure of your data, the data processing is based on Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.

Payment services

So that you can conveniently pay for your purchases on our website, we use the services of payment services, i.e. external companies that process payments for us. You can find a list of these companies at the end of this section.

How do we process your data?

You must provide certain personal data for the payment process, e.g. your name, bank account details or credit card number. We pass this data on to the respective payment service. The respective contractual and data protection provisions of the respective services apply to the transaction itself.

On what legal basis do we process your data?

We pass on your data in order to fulfill the contract that we have concluded with you. The basis for data processing is therefore Art. 6 para. 1 lit. b) GDPR. We also have a legitimate interest in processing purchases as quickly, conveniently and securely as possible. In this respect, the legal basis is also Art. 6 para. 1 lit. f) GDPR. If you have consented to the transfer of your data, the data processing is based on Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.

Which payment services do we use?

Stripe

What is Stripe?

Online payment service

Who processes your data?

Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland

Where can you find more information about data protection at Stripe?
https://stripe.com/de/privacy

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company

Audio and video conferencing

As a company, we are in contact with many people: Customers, business partners, service providers, etc. In addition to other means of communication, we also use online conferencing tools. Information relevant to data protection law on the provider(s) of the tools we use can be found at the end of this section. If you communicate with us via such a tool, not only we, but in particular the provider of the respective tool will process your personal data.

How do we process your data?

Online conferencing tools collect and store various personal data to enable participation in an online conference and its smooth implementation. In addition to registration, conference and technical data, this also applies to certain communication content.

• Registration data: Your e-mail address and/or telephone number and any other data you provide when registering for the conference.
• Conference data: Start, end and duration of your participation in the conference, the number of participants and other conference metadata.
• Technical data: IP address, MAC address, device ID, device type, operating system and version, client version, camera type, microphone or loudspeaker and the type of connection.
• Communication content: Cloud recordings, chat/instant messages, voicemails uploaded photos and videos, files, whiteboards and other information shared while using the service.

For details on data processing, please refer to the data protection declarations of the respective conference tool provider.

How long do we store your data?

As your communication partner, we will delete your data from our systems as soon as one of the following points occurs:

• The purpose of data processing no longer applies.
• You ask us to delete the data.
• You revoke your consent to storage.

This only does not apply if we are legally obliged to retain the data.

Cookies remain on your end device until you delete them.

The providers of conference tools also store your data for their own purposes. Please contact the providers directly to find out what this means for the duration of the storage of your data.

On what legal basis do we process your data?

If we already have a contractual relationship or if you wish to conclude a contract with us, we use conference tools to fulfill the contract or to inform you about our services or products. In this respect, data processing is carried out on the basis of Art. 6 para. 1 lit. b) GDPR. Otherwise, the use of conference tools serves the purpose of simple and fast communication, without which we would not be able to run our company efficiently. We therefore also have a legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f) GDPR. Another legal basis may be your consent. In this case, Art. 6 para. 1 lit. a) GDPR is relevant. This basis ceases to apply in the future if you withdraw your consent.

Which online conference tools do we use?

Zoom

What is Zoom?

Communication platform for video meetings, voice communication, webinars and chats via desktop computers, telephones, mobile devices and conference room systems

Who processes your data?

Zoom Communications Inc, 55 Almaden Boulevard, Suite 600, San Jose, CA 95113, USA

Has an order processing contract been concluded with Zoom?

Yes

Where can you find more information about data protection at Zoom?
https://zoom.us/de-de/privacy.html

On what basis do we transfer your data to the USA?

Zoom Communications Inc. complies with the standard contractual clauses of the European Commission (see https://zoom.us/de-de /privacy.html)

Google Hangouts

What is Google Hangouts?

Video conferencing and instant messaging service of Google Ireland Ltd.

Who processes your data?

Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland

Has an order processing contract been concluded with Google Hangouts?
Yes

Where can you find more information about data protection at Google Hangouts?
https://policies.google.com/privacy?hl=de

On what basis do we transfer your data to the USA?

Google complies with the standard contractual clauses of the European Commission(https://privacy.google.com/businesses/compliance)

Google Meet

What is Google Meet?

Video conferencing service provided by Google Ireland Ltd.

Who processes your data?

Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland

Has an order processing contract been concluded with Google Meet?

Yes

Where can you find more information about data protection at Google Meet?
https://policies.google.com/privacy?hl=de

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

Data processing on social media

What is social media?

By social media, we mean the social networks on which we have created publicly accessible profiles. You can find out which social networks these are below.

Who processes your data?

The respective operating companies of the social networks. The individual operators can be found below under the respective networks.

How is your data processed?

The operators of social networks are generally able to collect and evaluate comprehensive data about the behavior of visitors and users of the network. It is not possible for us to track all processing operations in the social networks we use, which is why further processing operations that are not listed here may be carried out by the operators of the social networks. You can find more information on this in the terms of use and privacy policies of the respective social networks.

The processing of your data can be triggered when you visit the website of the social network or our profile page there. Even if you visit a website that uses certain network content, e.g. like or share buttons, data may already be transferred to the operators of the social network. If you yourself are a user of the social network and are logged into your user account, your visit to our profile page can be assigned to your account by the operator of the social network. Even if you have not registered a user account yourself or are not logged in, the operator of the network may still collect your personal data, e.g. by collecting your IP address or setting cookies. With this data, the operators can create user profiles tailored to your
behavior and your interests and show you interest-based advertising inside and outside the network. If you are a registered user of the network, interest-based advertising can also be displayed on all devices on which you are or were logged in.

What is the legal basis for processing your data?

Our profiles on social networks are intended to ensure that our company has the widest possible presence on the Internet. As a company, we have a legitimate interest in this. Data processing is therefore lawful in accordance with Art. 6 para. 1 lit. f GDPR. The data processing operations and analyses carried out by the operators of the social networks themselves may be based on other legal bases. These must be specified by the operators of the social networks.

Who is responsible for processing your data and how can you assert your rights?

If you visit one of our profiles in the social networks, we are jointly responsible with the operator of the respective network for the data processing operations triggered during this visit. In principle, you can assert your rights against both us and the operator of the respective network.

Despite the joint responsibility with the operators of the social networks, our influence on the data processing operations of the respective operator is limited and is primarily based on the specifications of the operator.

How long will your data be stored?

If we collect data via our profiles in the social networks, these are deleted from our systems as soon as the purpose for their storage no longer applies, you request us to delete them or you revoke your consent to their storage. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions – in particular retention periods – remain unaffected. We have no influence on how long the operators of the social networks store your data, which the operators collect for their own purposes. You can obtain information on this directly from the operator of the respective social network, e.g. in the respective privacy policy.

Which social media do we use?

Facebook

What is Facebook?

A social network

Who processes your data?

Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Will your data be transferred to third countries?

Yes, to the USA and also to other third countries

Where can you find more information about data protection on Facebook?
https://www.facebook.com/about/privacy/

As a Facebook user, where can you adjust your advertising settings?

As a registered Facebook user, you can adjust your advertising settings in your user account.

Click on the following link and log in: https://www.facebook.com/settings?tab=ads.

X

What is X?

Social network

Who processes your data?
Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland

Will your data be transferred to third countries?

Yes, to the USA

Where can you find more information about data protection at X?
https://twitter.com/de/privacy

On what basis do we transfer your data to the USA?

On the basis of standard contractual clauses of the European Commission (see https://gdpr.twitter.com/e n/controller-to-controller-transfers.html)

As an X user, where can you adjust your advertising settings?

As a registered X user, you can adjust your data protection settings in your user account. To do this, click on the following link and log in:
https://twitter.com/personalization.

Instagram

What is Instagram?

A social network specializing in photos and videos

Who processes your data?

Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Will your data be transferred to third countries?

Yes

Where can you find more information about data protection on Instagram?

https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=Instagram-Hilfebereich&bc[1]=Richtlinien%20und%20Meldungen

Where can you as a user adjust your privacy settings?

As a registered Instagram user, you can adjust your privacy settings in your user account. To do this, click on the following link and log in: https://www.instagram.com/accounts/privacy_and_security/

LinkedIn

What is LinkedIn?

A social network for business contacts

Who processes your data?

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Will your data be transferred to third countries?

Yes

Where can you find more information about data protection at LinkedIn?
https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

Where can you as a user adjust your data protection settings?

As a registered LinkedIn user, you can adjust your privacy settings in your user account. To do this, click on the following link and log in:
https://www.linkedin.com/psettings/

Xing

What is Xing?

A social network for professional contacts

Who processes your data?

New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany

Will your data be transferred to third countries?

Yes, to fulfill the contract with Xing, if you have given your consent, if it is necessary for the assertion, exercise or defense of legal claims or if an adequacy decision pursuant to Art. 45 EU GDPR or suitable guarantees pursuant to Art. 46 EU GDPR exist.

Where can you find more information about data protection at Xing?

https://privacy.xing.com/de/datenschutzerklaerung/druckversion

Where can you as a user adjust your privacy settings?

As a registered Xing user, you can adjust your privacy settings in your user account. To do this, click on the following link and log in:
https://www.xing.com/settings/privacy

YouTube

What is YouTube?

A social network in the form of an online video portal

Who processes your data?

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Will your data be transferred to third countries?

Yes

Where can you find more information about data protection on YouTube?
https://policies.google.com/privacy?hl=de

Where can you as a user adjust your data protection settings?
https://policies.google.com/privacy?hl=de#infochoices

TikTok

What is TikTok?

A social network specializing in photos and videos

Who processes your data?

TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland

Will your data be transferred to third countries?

Yes
Where can you find more information about data protection at TikTok?
https://www.tiktok.com/legal/privacy-policy-eea?lang=de

Where can you as a user adjust your data protection settings?
https://www.tiktok.com/legal/tiktok-website-cookies-policy?lang=de