We only use essential cookies on our website.
data protection - Cookies - imprint

Telephone availability: Mon - Thu 8 a.m. - 5 p.m., Fri 8 a.m. - 3 p.m.
de_DE_formal
de_DE_formal

data protection

The fine print

Learn more

data protection

Welcome to this website. The protection of personal data is very important to us. Therefore, we inform you about the processing of personal data and all rights of those affected in connection with the use of this website. If you have any questions about data protection or the processing of personal data, you can find imprint the contact details of the responsible person or body.

Summary: We take data protection very seriously and follow the principle of data economy at all levels. All internal and external technical processes, server-client communication and backups of this website are encrypted. All additional components and plugins used on this website are selected with great care. Any additional plugins used are regularly subject to strict auditing. For the service providers we commission for external data processing, such as storing backups, creating invoices, etc., we only use well-known providers who are fully GDPR-compliant and have been verifiably regularly tested for security, preferably from the European economic area.

data processing

This website can be used without providing any personal data. If personal data (such as names or email addresses) is collected on our website, this is done on a voluntary basis, unless it is absolutely necessary for the provision of a service. In principle, all data collected will not be passed on to third parties without your express consent.

As a responsible company, we have taken numerous technical, conceptual and organizational measures to ensure the most comprehensive protection possible for the data collected and processed via this website. As a responsible company, we consciously refrain from automated decision-making or profiling.

The responsible body within the meaning of the General Data Protection Regulation, the data protection laws of the member states of the European Union and other provisions of a data protection nature is also clearly defined and valid.

scope

This privacy policy applies to all personal data processed on this website and connected systems, as well as to all personal data processed by companies commissioned by us (contract processors). In addition, we have concluded a contract processing agreement (AV contract) with all contract processors. We understand personal data to be information within the meaning of Art. 4 No. 1 GDPR, such as names, email addresses, IP addresses and postal addresses of people. The processing of personal data enables us to offer and bill for our services and products, whether online or offline. The scope of this privacy policy extends to the following services. The services actually used may vary over time:

  • Our online presence: websites or online shops
  • customer communication via email or messenger
  • social media presence
  • newsletters or other mailings
  • apps for mobile devices
  • online billing systems
  • Encrypted backups in cloud storage services

legal basis

We process your data exclusively on the basis of the following legal bases

  • Legitimate interests (Article 6 paragraph 1 letter f GDPR): If legitimate interests require it, the processing of data is possible without active consent, e.g. to deliver the website to your computer.
  • Consent (Article 6 paragraph 1 letter a GDPR): Your consent enables us to process data for a specific purpose, e.g. when filling out forms.
  • Contract (Article 6 paragraph 1 letter b GDPR): In order to fulfil a contract or pre-contractual obligations with you, we may also process your data, e.g. to create invoices.
  • Legal obligation (Article 6 paragraph 1 letter c GDPR): We also process your data if we have to fulfill a legal requirement, e.g. the legal obligation to retain invoices.

rights of data subjects according to the GDPR

You have the right to information, rectification, erasure, restriction of processing, data portability and objection. You can find more information about your rights in section 8 of our privacy policy. More information on the GDPR: https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

  • Right to information (Article 15 GDPR): You have the right to know whether we process your data. If this is the case, you have the right to receive a copy of the data as well as information about the purpose of the processing, the categories of data processed, the recipients (including any transfers to third countries), the storage period, your right to rectification, erasure, restriction of processing and objection, the right to lodge a complaint with a supervisory authority (link to the authority below), the origin of the data (if not collected from you), and the possible implementation of profiling.
  • Right to rectification (Article 16 GDPR): You have the right to have incorrect data corrected.
  • Right to erasure (Article 17 GDPR – “right to be forgotten”): You can request that your data be deleted.
  • Right to restriction of processing (Article 18 GDPR): Under certain circumstances, we may only store your data but not further process it.
  • Right to data portability (Article 20 GDPR): Upon request, we will provide you with your data in a common format.
  • Right to object (Article 21 GDPR): You can object to processing based on public interest or legitimate interest. We will check whether we can comply with the objection.
  • Right to object to direct marketing and profiling: You can object to the use of your data for direct advertising or profiling at any time.
  • Automated decisions (Article 22 GDPR): In certain circumstances, you have the right not to be subject to measures based solely on automated decisions.
  • Right to lodge a complaint (Article 77 GDPR): You have the right to complain to the data protection authority if you believe that the processing of your data violates the GDPR.

data transfer to the USA

Our website includes tools from companies based in the USA. If these tools are active, your personal data can be passed on to the US servers of the respective companies. We would like to point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are obliged to release personal data to security authorities without you as the data subject being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. secret services) will process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.

storage period

The data processed during the use of our website is deleted as soon as the purpose for which it was stored no longer exists. This is done on the condition that there are no statutory retention periods that prevent deletion and that there are no deviating details regarding specific processing methods. In some cases, we are legally obliged to store certain data even after the original purpose no longer applies, for example due to tax law requirements.

Revocation of your consent to data processing

Many data processing operations are only possible with the express consent of the data subjects. You can revoke your consent at any time. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation.

Cookies

Our website uses cookies. Cookies are small text files that are stored on your computer and saved by your browser. We use cookies to make it easier to use our website and to carry out statistical evaluations. You can prevent cookies from being saved by setting your browser software accordingly. For more information about the cookies used, their purpose and storage period, please refer to the Cookie Policy.

web hosting

In order to display a website, the browser on the visitor's computer must connect to a web server and retrieve the website code. Operating a web server is a complicated and time-consuming task. We therefore rely on professional providers and server systems that are high-performance, redundant, secure and reliable. When data is transferred from the web server to your local network and ultimately to your browser, personal data may be processed. On the one hand, your computer saves the data received, and on the other hand, the web server must also save your data in order to be able to send the data to you. Below we provide information about the type and scope of the data stored and the protective measures we have taken.

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website. The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 Para. 1 lit. f GDPR). Our hoster will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions with regard to this data.

server log files

Every time you access our website, information is automatically collected by the web hosting provider and stored in so-called server log files. This information includes:

  • IP address
  • date and time of access
  • name of the page accessed
  • Referrer URL (the previously visited page)
  • amount of data transferred
  • browser type and browser version
  • operating system

The processing of this data is technically necessary so that we can deliver the site to you; it is therefore carried out out of legitimate interest in accordance with Art. 6 Paragraph 1 Letter f of GDPR. The data is used exclusively for statistical evaluations and to improve the website. The IP addresses are stored for 30 days in the so-called log rotation and then deleted.

SSL encryption

We use SSL certificates for secure technical communication between the client and the website. This is particularly necessary when transmitting confidential data, such as when entering data in forms. SSL or TLS encryption is therefore used on this site. An encrypted connection is easily recognizable by the fact that the browser's address line displays "https://"; a colored lock symbol is usually also displayed in the browser's address line. By using this SSL or TLS encryption, the data you transmit cannot be read by third parties.

server management Plesk

We use the web server management software Plesk to administer the server services. This is a server administration system from Plesk International GmbH, Vordergasse 59, 8200 Schaffhausen, Switzerland. The EU Commission has determined through an adequacy decision pursuant to Art. 45 GDPR that Switzerland, as a third country, has an adequate level of protection compared to the usual scope of the GDPR. You can find the corresponding decision here. For more information about the data processed through the use of Plesk Obsidian, see the Data protection.

Cloudflare

On our website we may use the Content Delivery Network (CDN) from Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA) to reduce the loading time of the website and protect it from misuse. Cloudflare may use cookies and process user data such as the IP address.

Tracking & Analysis

We use web analytics software on our website that anonymously logs and evaluates actions such as clicks or entries by visitors to our website. We use these services to improve the performance of our offering. The respective system collects and processes anonymized data and provides us with analyses of user behavior. The tools also offer testing options, such as A/B tests, in which two versions of content are tested to see which version leads to more acquisition. In such tests or other analyses, anonymous user profiles can also be created and data stored in cookies.

To record usage and optimize the website, we use Matomo, a visitor tracking and analysis software for websites, provided by InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. All data is collected completely anonymously and only evaluated in aggregate.

We use Matomo, an analysis software for websites, on our website. The service provider is the New Zealand company InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. You can find out more about the data processed through the use of Matomo in the Privacy Policy. Questions about data protection can be sent by email to privacy@matomo.org. The use of web analytics requires your consent, which we have obtained with our cookie popup. According to Art. 6 Paragraph 1 Letter a of GDPR (consent), this consent represents the legal basis for the processing of personal data, as it may occur when collected by web analytics tools. For further information, please refer to the Data protection by Matomo

With the help of web analysis systems, we can also detect errors on the website or its functions, identify possible attempted attacks and improve the economic efficiency of our offer. The legal basis for this is Art. 6 Paragraph 1 Letter f of GDPR (Legitimate Interests). We do everything technically possible not to use cookies for this purpose. For further information, please refer to our Cookie Policy.

  • Affected group of people: Visitors to the website
  • Purpose of use: Evaluation of visitor information to optimize the website.
  • Data processed: URLs accessed, locations of accesses, device data (resolution, operating system), access duration and time, navigation behavior, click behavior, anonymized IP addresses.
  • Storage period: Maximum 6 months
  • Legal basis: Art. 6 para. 1 lit. a GDPR (through informed consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

Google Tag Manager

This website uses the Google Tag Manager. This service allows website tags to be managed via an interface. The Google Tool Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If deactivation has been carried out at the domain or cookie level, it remains in place for all tracking tags, provided they are implemented with the Google Tag Manager.

  • Provider: Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Conversion Tracking

This website uses Google Conversion Tracking. With the help of Google Conversion Tracking, Google and we can recognize whether the user has performed certain actions. For example, we can evaluate which buttons on our website were clicked and how often, and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and which actions they performed. We do not receive any information with which we can personally identify the user. Google itself uses cookies or similar recognition technologies for identification. The use of Google Conversion Tracking is based on Art. 6 Paragraph 1 Letter f of GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If corresponding consent has been requested (e.g. consent to the storage of cookies), processing is carried out exclusively on the basis of Art. 6 Paragraph 1 Letter a of GDPR; consent can be revoked at any time. You can find more information about Google Conversion Tracking in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

  • Provider: Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Facebook Pixel

This website uses Facebook's visitor action pixel to measure conversions. However, according to Facebook, the data collected is also transferred to the USA and other third countries. This makes it possible to track the behavior of site visitors after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized. The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage policy. This enables Facebook to enable advertisements to be placed on Facebook pages and outside of Facebook. We as the website operator cannot influence this use of the data. The use of Facebook pixels is based on Art. 6 Paragraph 1 Letter f of GDPR. The website operator has a legitimate interest in effective advertising measures, including social media. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; the consent can be revoked at any time. You can find further information on protecting your privacy in Facebook's data protection information: https://de-de.facebook.com/about/privacy/.

  • Provider: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

data processing software

content management system

Our website is based on the open source content management system WordPress. The system is installed locally on our servers. No data processing of the WordPress core services takes place outside of the secure server environment. If you have a login and log in to the site, WordPress processes personal data such as your email address or your name for authentication. WordPress uses cookies to ensure the functionality of the website. You can find more information about this in the WordPress privacy policy and in our Cookie Policy.

contact form

We use Forminator on our website, a form system for securely recording user enquiries. If you send us data via a contact form, your details from the enquiry form, including the contact details you provided there, will be saved for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent. The data will be automatically deleted after 30 days. If you use the "Continue later" function in one of our forms, the form entries you have made so far will be saved locally in a cookie.

newsletter

Newsletter data If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive the newsletter. Further data is not collected or is only collected on a voluntary basis. We use this data exclusively to send the requested information and do not pass it on to third parties. The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the email address and their use to send the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. The data you have provided to us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that we have stored for other purposes remains unaffected. After you have been removed from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not time-limited. You can object to storage if your interests outweigh our legitimate interest.

Transactional mail providers

We use Mailgun, an email API service for transactional email communication, on our website. The service provider is the American company Mailgun Technologies. Mailgun processes your data, including in the USA.

map service

This site uses the Google Maps map service via an API. To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and saved there. The provider of this site has no influence on this data transfer. Google Maps is used in the interest of an appealing presentation of our online offerings and to make the locations we specify on the website easy to find. This represents a legitimate interest within the meaning of Art. 6 Paragraph 1 Letter f of GDPR. If consent has been requested, processing will take place exclusively on the basis of Art. 6 Paragraph 1 Letter a of GDPR; consent can be revoked at any time. More information on how user data is handled can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de.

firewall

We use Wordfence, a firewall plugin for WordPress, on our website. The manufacturer is the American company Defiant, Inc. Wordfence processes your data, including in the USA.

spam defense

We use technology on our website to prevent spam entries in forms. The service provider is the American company Intuition Machines Inc. hCaptcha processes your data, including in the USA.

own services

handling of applicant data

We offer you the opportunity to apply to us (e.g. by email, post or via online application form). Below we will inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data is carried out in accordance with applicable data protection law and all other legal provisions and that your data will be treated as strictly confidential.

  • Your personal data will only be passed on within our company to people who are involved in processing your application.
  • If the application is successful, the data you submit will be stored in our data processing systems on the basis of Section 26 of the new Federal Data Protection Act and Article 6, Paragraph 1, Letter b of GDPR for the purpose of carrying out the employment relationship.
  • If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6 Para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application).

Last updated on: 21 Nov 2024

Back To Top