We only use essential cookies on our website.
data protection - Cookies - imprint

Telephone availability: Mon - Thu 8 a.m. - 5 p.m., Fri 8 a.m. - 3 p.m.

data protection

The fine print

Learn more

data protection

Welcome to this website. The protection of personal data is very important to us. Therefore, we inform you about the processing of personal data and all rights of those affected in connection with the use of this website. If you have any questions about data protection or the processing of personal data, you can find imprint the contact details of the responsible person or body. We have concluded a contract for order processing with the providers named below and fully implement the strict requirements of the German data protection authorities when using the service.

Summary: We take data protection very seriously and follow the principle of data economy at all levels. All internal and external technical processes, server-client communication and backups of this website are encrypted. All additional components and plugins used on this website are selected with great care. Any additional plugins used are regularly subject to strict auditing. For the service providers we commission for external data processing, such as storing backups, creating invoices, etc., we only use well-known providers who are fully GDPR-compliant and have been verifiably regularly tested for security, preferably from the European economic area.

data processing

This website can be used without providing any personal data. If personal data (such as names or email addresses) is collected on our website, this is done on a voluntary basis, unless it is absolutely necessary for the provision of a service. In principle, all data collected will not be passed on to third parties without your express consent.

As a responsible company, we have taken numerous technical, conceptual and organizational measures to ensure the most comprehensive protection possible for the data collected and processed via this website. As a responsible company, we consciously refrain from automated decision-making or profiling.

The responsible body within the meaning of the General Data Protection Regulation, the data protection laws of the member states of the European Union and other provisions of a data protection nature is also clearly defined and valid.

scope

This privacy policy applies to all personal data processed on this website and connected systems, as well as to all personal data processed by companies commissioned by us (contract processors). In addition, we have concluded a contract processing agreement (AV contract) with all contract processors. We understand personal data to be information within the meaning of Art. 4 No. 1 GDPR, such as names, email addresses, IP addresses and postal addresses of people. The processing of personal data enables us to offer and bill for our services and products, whether online or offline. The scope of this privacy policy extends to the following services. The services actually used may vary over time:

  • Our online presence: websites or online shops
  • customer communication via email or messenger
  • social media presence
  • newsletters or other mailings
  • apps for mobile devices
  • online billing systems
  • Encrypted backups in cloud storage services

legal basis

We process your data exclusively on the basis of the following legal bases

  • Legitimate interests (Article 6 paragraph 1 letter f GDPR): If legitimate interests require it, the processing of data is possible without active consent, e.g. to deliver the website to your computer.
  • Consent (Article 6 paragraph 1 letter a GDPR): Your consent enables us to process data for a specific purpose, e.g. when filling out forms.
  • Contract (Article 6 paragraph 1 letter b GDPR): In order to fulfil a contract or pre-contractual obligations with you, we may also process your data, e.g. to create invoices.
  • Legal obligation (Article 6 paragraph 1 letter c GDPR): We also process your data if we have to fulfill a legal requirement, e.g. the legal obligation to retain invoices.

rights of data subjects according to the GDPR

You have the right to information, rectification, erasure, restriction of processing, data portability and objection. Further information on the GDPR: https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

  • Right to information (Article 15 GDPR): You have the right to know whether we process your data. If this is the case, you have the right to receive a copy of the data as well as information about the purpose of the processing, the categories of data processed, the recipients (including any transfers to third countries), the storage period, your right to rectification, erasure, restriction of processing and objection, the right to lodge a complaint with a supervisory authority (link to the authority below), the origin of the data (if not collected from you), and the possible implementation of profiling.
  • Right to rectification (Article 16 GDPR): You have the right to have incorrect data corrected.
  • Right to erasure (Article 17 GDPR – “right to be forgotten”): You can request that your data be deleted.
  • Right to restriction of processing (Article 18 GDPR): Under certain circumstances, we may only store your data but not further process it.
  • Right to data portability (Article 20 GDPR): Upon request, we will provide you with your data in a common format.
  • Right to object (Article 21 GDPR): You can object to processing based on public interest or legitimate interest. We will check whether we can comply with the objection.
  • Right to object to direct marketing and profiling: You can object to the use of your data for direct advertising or profiling at any time.
  • Automated decisions (Article 22 GDPR): In certain circumstances, you have the right not to be subject to measures based solely on automated decisions.
  • Right to lodge a complaint (Article 77 GDPR): You have the right to complain to the data protection authority if you believe that the processing of your data violates the GDPR.

To exercise these rights, please contact us. If you have a complaint about how we handle your data, we would like to hear from you, but you also have the right to lodge a complaint with the relevant supervisory authority (the Data Protection Authority).

data transfer to the USA

Our website includes tools from companies based in the USA. If these tools are active, your personal data can be passed on to the US servers of the respective companies. We would like to point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are obliged to release personal data to security authorities without you as the data subject being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. secret services) will process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.

storage period

The data processed during the use of our website is deleted as soon as the purpose for which it was stored no longer exists. This is done on the condition that there are no statutory retention periods that prevent deletion and that there are no deviating details regarding specific processing methods. In some cases, we are legally obliged to store certain data even after the original purpose no longer applies, for example due to tax law requirements.

Revocation of your consent to data processing

Many data processing operations are only possible with the express consent of the data subjects. You can revoke your consent at any time. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation.

Cookies

Our website uses cookies. Cookies are small text files that are stored on your computer and saved by your browser. We use cookies to make it easier to use our website and to carry out statistical evaluations. You can prevent cookies from being saved by setting your browser software accordingly. For more information about the cookies used, their purpose and storage period, please refer to the Cookie Policy.

web hosting

In order to display a website, the browser on the visitor's computer must connect to a web server and retrieve the website code. Operating a web server is a complicated and time-consuming task. We therefore rely on professional providers and server systems that are high-performance, redundant, secure and reliable. When data is transferred from the web server to your local network and ultimately to your browser, personal data may be processed. On the one hand, your computer saves the data received, and on the other hand, the web server must also save your data in order to be able to send the data to you. Below we provide information about the type and scope of the data stored and the protective measures we have taken.

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website. The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 Para. 1 lit. f GDPR). Our hoster will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions with regard to this data.

server log files

Every time you access our website, information is automatically collected by the web hosting provider and stored in so-called server log files. This information includes:

  • IP address
  • date and time of access
  • name of the page accessed
  • Referrer URL (the previously visited page)
  • amount of data transferred
  • browser type and browser version
  • operating system

The processing of this data is technically necessary so that we can deliver the site to you; it is therefore carried out out of legitimate interest in accordance with Art. 6 Paragraph 1 Letter f of GDPR. The data is used exclusively for statistical evaluations and to improve the website. The IP addresses are stored for 30 days in the so-called log rotation and then deleted.

SSL encryption

We use SSL certificates for secure technical communication between the client and the website. This is particularly necessary when transmitting confidential data, such as when entering data in forms. SSL or TLS encryption is therefore used on this site. An encrypted connection is easily recognizable by the fact that the browser's address line displays "https://"; a colored lock symbol is usually also displayed in the browser's address line. By using this SSL or TLS encryption, the data you transmit cannot be read by third parties.

core services

Content management system (WordPress)

Our website is based on the open source content management system WordPress. The system is installed locally on our servers. No data processing of the WordPress core services takes place outside of the secure server environment. If you have a login and log in to the site, WordPress processes personal data such as your email address or your name for authentication. WordPress uses cookies to ensure the functionality of the website. You can find more information about this in the WordPress privacy policy and in our Cookie Policy.

comment function (WordPress)

Posts on this website can be commented on by visitors. When a comment is written, it is stored indefinitely, including other metadata. In this way, we can recognize discussions and moderate comments automatically. For example, a follow-up comment is automatically approved if a comment from an author has already been approved. The authors are identified by their email address. The criterion for the duration of the storage of further personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted unless it is no longer required to fulfill or initiate a contract. The comments made in our blog can in principle also be subscribed to by third parties. In particular, there is the possibility that a commentator subscribes to the comments on a specific blog post that follow his comment. If a data subject decides to subscribe to comments, the controller sends an automatic confirmation email to check in the double opt-in process whether the owner of the specified email address has really opted for this option. The option to subscribe to comments can be canceled at any time.

registration function (WordPress)

We offer you the opportunity to register on our website. The data entered during this registration, which can be seen in the input mask of the registration form, is collected and saved exclusively for the use of our offer. When you register on our website, we will also save your IP address and the date and time of your registration. This serves as a safeguard on our part in the event that a third party misuses your data and registers on our website with this data without your knowledge. The data will not be passed on to third parties. The data collected in this way will also not be compared with data that may be collected by other components of our website.

For users who register on our website, we also store the personal information they provide in their user profiles. All users can view, change or delete their personal information at any time (the user name cannot be changed). Website administrators can also view and change this information.

The controller will provide any data subject with information on request at any time about which personal data about the data subject is stored. Furthermore, the controller will correct or delete personal data at the request or indication of the data subject, provided that there are no statutory retention periods to the contrary. The technically stored data can be exported at any time and can be requested by email. The email address of the data subject serves as an identification feature. For the purposes of legitimacy, this must also correspond to the sender address of the requester.

server management Plesk

We use the web server management software Plesk to administer the server services. This is a server administration system. The EU Commission has determined through an adequacy decision pursuant to Art. 45 GDPR that Switzerland, as a third country, has an adequate level of protection compared to the usual scope of the GDPR. You can find the corresponding decision here

tracking

We use web analytics software on our website that anonymously logs and evaluates actions such as clicks or entries by visitors to our website. We use these services to improve the performance of our offering. The respective system collects and processes anonymized data and provides us with analyses of user behavior. The tools also offer testing options, such as A/B tests, in which two versions of content are tested to see which version leads to more acquisition. In such tests or other analyses, anonymous user profiles can also be created and data stored in cookies.

Consent Manager

We use SEOPress as a system for cookie compliance management. Read more. For further information, please visit the WordPress privacy policy read.

Matomo

We use Matomo for anonymous visitor tracking. Read moreThe use of web analytics requires your consent, which we have obtained using our cookie compliance system. According to Art. 6 (1) (a) GDPR, this consent represents the legal basis for the processing of personal data, as may occur when data is collected using web analytics tools.

With the help of web analysis systems, we can identify which content has been accessed and how often, how long visitors stay on the site, which device they use to access the website and where they come from geographically. The statistics help us to improve the economic efficiency of our offer. The legal basis for this is Art. 6 Para. 1 lit. f GDPR (legitimate interests). We do everything technically possible not to use cookies for this purpose. For further information, please refer to our Cookie Policy.

plugins

Transactional emails

We use Mailgun, an email API service for transactional email communication, on our website. The service provider is the American company Mailgun Technologies. Mailgun processes your data, including in the USA.

firewall

We use Wordfence, a firewall plugin for WordPress, on our website. The manufacturer is the American company Defiant, Inc. Wordfence processes your data, including in the USA.

spam protection (hCaptcha)

We use technology on our website to prevent spam entries in forms. The service provider is the American company Intuition Machines Inc. hCaptcha processes your data, including in the USA.

social media

We maintain online presences within social networks and platforms in order to be able to communicate with customers, interested parties and users active there and to inform them about our services. We would like to point out that user data may be processed outside the European Union. This may result in risks for users because it could, for example, make it more difficult to enforce users' rights. With regard to US providers who are certified under the Privacy Shield, we would like to point out that they thereby undertake to comply with EU data protection standards. Furthermore, user data is usually processed for market research and advertising purposes. For example, user profiles can be created from user behavior and the resulting interests of users. The user profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of users. For these purposes, cookies are usually stored on users' computers in which the user behavior and interests of users are stored. Furthermore, data can also be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

The processing of users' personal data is based on our legitimate interests in effectively informing users and communicating with users in accordance with Art. 6 (1) lit. f. GDPR. If users are asked by the respective providers to consent to data processing (i.e. they declare their consent, for example, by checking a checkbox or confirming a button), the legal basis for processing is Art. 6 (1) lit. a., Art. 7 GDPR.

For a detailed description of the respective processing and the options for opting out, please refer to the information provided by the providers linked below. In the case of requests for information and the assertion of user rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the user data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

Google My Business

We operate an external company profile on Google. We only refer to this profile and do not use any plugins from the platform on our website.

XING

We operate an external company profile on XING. We only refer to this profile and do not use any plugins from the platform on our website.

LinkedIn

We operate an external company profile on LinkedIn. We only refer to this profile and do not use any plugins from the platform on our website.

Zuletzt aktualisiert am: 22. Dec. 2024

Back To Top