Data protection
Privacy Policy
for www.ibindo.at and *.ibindo.at
for www.ibindo.at and *.ibindo.at
We are pleased that you are visiting our website. We respect your privacy. Data protection and data security when using our website are very important to us. With this privacy policy, we would like to inform you about the extent to which data is collected when you use our website and for what purposes we use this data. We would also like to inform you about your rights in this regard.
ibindo gmbH
Sebastian Pichler (Managing Director)
Mühlwang 106/8
4690 Rüstorf
Austria
Phone: +43664/1027450
Email: sebastian.pichler@ibindo.at
Registration number: FN 560840 s
Sebastian Pichler
Mühlwang 106/8
4690 Rüstorf
Austria
Phone: +43 664/1027450
Email: sebastian.pichler@ibindo.at
The Data Protection Authority is the body established under the General Data Protection Regulation (GDPR) and the Data Protection Directive for the law enforcement sector in Austria. Supervisory authority for data protection.
Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Phone: +43 1 521 52-25 69
E-mail: dsb@dsb.gv.at
The use of contact data published as part of the imprint obligation to send unsolicited advertising and information materials is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, for example through spam emails.
We process personal data for the following purposes, resulting from the list of processing activities, Art. 30 EU GDPR:
We process personal data on the basis of the following legal bases:
Art. 6, paragraph 1 lit. a. EU GDPR
The data subject has given his or her consent to the processing of personal data concerning him or her for one or more specific purposes
Art. 6, paragraph 1 lit. b. EU GDPR
The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
Art. 6, paragraph 1 lit. c. EU GDPR
The processing is necessary to fulfill a legal obligation to which the controller is subject
Art. 49 Paragraph 1 Letter a EU GDPR
The data subject has expressly consented to the proposed data transfer after being informed of the possible risks for him of such data transfers without an adequacy decision and without appropriate safeguards (use of platforms, in particular social media services operated outside the EU legal area, such as Facebook, Instagram, etc.).
Unless a more specific storage period has been specified in this data protection declaration, your personal data will remain with us until the purpose for data processing no longer applies. If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will take place once these reasons no longer apply.
a. Type and purpose of processing
The data you enter will be saved for the purpose of communicating with you individually. For this purpose, you must provide a valid email address and your name. This is used to assign the request and then answer it. Providing further data is optional.
b. Legal basis for processing
The data entered in the contact form is processed on the basis of a legitimate interest (Art. 6 Para. 1 lit. f GDPR). By providing the contact form, we would like to enable you to contact us easily. The information you provide will be stored for the purpose of processing your request and for possible follow-up questions. If you contact us to request a quote, the data entered in the contact form will be processed to carry out pre-contractual measures (Art. 6 Para. 1 lit. b GDPR).
c. Data categories
Contact details (name, email address, telephone number, address, fax)
d. Recipient
Recipients of the data are internal employees and, if applicable, contract processors.
e. Storage periods
Data will be deleted no later than 6 months after the request has been processed. If a contractual relationship is established, we are subject to the statutory retention periods according to the BAO and will delete your data after these periods have expired.
f. Legal / contractual requirement
The provision of your personal data is voluntary. However, we can only process your request if you provide us with your name, email address and the reason for the request.
g. Third country transfer
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
h. Revocation of consent
You can revoke your consent to the storage of your personal data at any time with effect for the future. You can inform us of your revocation at any time using the contact option provided at the beginning of this privacy policy.
i. Automated decision-making and profiling
As a responsible company, we do not use automated decision-making or profiling in this data processing.
If you contact us by email or telephone, your request, including all personal data resulting from it (name, request), will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.
This data is processed on the basis of Art. 6 (1) (b) GDPR, provided that your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this was requested; the consent can be revoked at any time.
The data you send to us via contact requests will remain with us until you request deletion, revoke your consent to storage or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular statutory retention periods - remain unaffected.
Our website uses DPO Consent, a consent management tool from DPO Consult GmbH (hereinafter DPO). We use DPO to obtain your consent to store certain cookies on your device or to use certain technologies and to document this in compliance with data protection regulations.
DPO is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 (1) (c) GDPR.
a. Type and purpose of processing
Our website uses OneTrust CMP technology to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document this in accordance with data protection regulations. The provider of this technology is OneTrust Technology Limited, with its head office at 82 St John St, Farringdon, London EC1M 4JN, United Kingdom (UK) (hereinafter OneTrust).
When you enter our website, a OneTrust cookie is stored in your browser, which stores the consents you have given or the revocation of these consents. This data is not passed on to the provider of OneTrust.
b. Legal basis for processing
The OneTrust cookie consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 Para. 1 lit. c GDPR.
c. Data categories
d. Recipient
e. Storage periods
The data collected will be stored until you request deletion or delete the OneTrust cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on OneTrust's data processing can be found at https://www.onetrust.de/datenschutzerklaerung/
f. Legal / contractual requirement
You can prevent the use of preset, technically necessary cookies (so-called opt-out cookies) via your browser settings. However, without your consent, the service and functionality of our website cannot be guaranteed. In addition, individual services may not be available or may be restricted.
G. Third country transfer
Processing takes place in: United Kingdom (UK).
h. Revocation of consent
You can revoke your consent to all cookies at any time with future effect in your browser settings.
a. Type and purpose of processing
Like many other websites, we also use so-called “cookies”. You have the option of setting the prescribed preferences in the Cookie Consent Management Tool.
You can find out which cookies we use for which purpose in the Cookie Consent.
Cookies are simple files that store information about our website and your use of it. These small files are optionally created automatically by your browser when you use our website and are stored locally on your device. This does not mean that we have immediate knowledge of your identity. The use of cookies serves to make the use of our website more pleasant for you.
Therefore, we fundamentally distinguish between technically necessary and not necessary Cookies:
You can find the storage period in the Cookie Consent Tool, which is displayed when you first visit our website.
Technically necessary cookies (“First Party Cookies”)
are required for the operation of a website and are essential for navigating it and using its functions. These cookies are not stored permanently on your computer or device and are deleted when you close the browser. They are so-called session cookies.
We use the following technically necessary cookies:
Non-necessary cookies On the other hand, most Ffunctional cookies, performance cookies and marketing & third party cookies, which allow us to, for example, record and count the number of visitors and traffic sources in order to measure and improve the performance of the website. They are also used to find out if there are problems or errors on certain pages, which pages are the most popular and how visitors navigate around the website.
b. Legal basis for processing
The use of the technically necessary cookies (“First Party Cookies”) is possible without the consent of the website visitor and is subject to a legitimate interest in the economic operation and optimization of our website and services) within the meaning of Art. 6 Para. 1 Clause 1 Letter f of GDPR.
The use of non-essential cookies, How Functional cookies, performance cookies and marketing & third party cookies is subject to the consent of the website visitor in accordance with Art. 6 Paragraph 1 Clause 1 Letter a of GDPR.
c. Data categories
d. Recipient
The data recipients can be found at the end of the privacy policy in the list of cookies used.
e. Storage periods
The user can set his web browser so that the storage of cookies on his device is generally prevented or he is asked each time whether he agrees to the setting of cookies. The user can delete cookies that have been set at any time. How this works is described in the help function of the respective web browser.
A general deactivation of cookies may lead to functional restrictions of this website.
f. Legal / contractual requirement
The provision of your personal data in cookies is voluntary for non-essential cookies, based solely on your consent (so-called opt-in cookies). You can also prevent the use of pre-set, technically necessary cookies (so-called opt-out cookies) via your browser settings. However, without your consent, the service and functionality of our website cannot be guaranteed. In addition, individual services may be unavailable or restricted.
G. Third country transfer
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
h. Revocation of consent
You can revoke your consent to all cookies at any time with future effect in your browser settings.
i. Automated decision-making and profiling
As a responsible company, we do not use automated decision-making or profiling when collecting cookies.
a. Type and purpose of processing
We use CookieBot, a cookie management and data protection compliance service, on our website. CookieBot helps us manage and document the consent of our website visitors to set cookies and ensure that our website complies with data protection regulations such as the GDPR. The processing includes collecting your consent, storing your cookie preferences and providing a transparent and user-friendly consent mechanism.
b. Legal basis for processing
The processing is carried out on the basis of your express consent in accordance with Art. 6 Para. 1 lit. a GDPR and, as far as technically necessary cookies are concerned, on the basis of our legitimate interest in the technically error-free and optimized provision of our services in accordance with Art. 6 Para. 1 lit. f GDPR.
c. Data categories
We collect data about your cookie preferences, including your consent or refusal regarding the use of cookies. This may include your IP address and information about your device and browser.
d. Recipient
The primary recipient of the data is us as the website operator. In addition, Cybot A/S, the company behind CookieBot, may have access to the data to provide technical support and data protection compliance services.
e. Storage periods
The data will be stored for as long as it is necessary for the purposes for which it was collected or to comply with legal requirements. The consent information is usually stored for a period of up to 12 months.
f. Legal/contractual requirement
The provision of your personal data is neither legally nor contractually required. However, without your consent, certain functions of our website may be restricted.
g. Third country transfer
Data will only be transferred to third countries if this is necessary to provide the service, on the basis of your consent or legal requirements and in compliance with statutory data protection standards.
h. Revocation of consent: You have the right to revoke your consent to data processing at any time with effect for the future. The revocation does not affect the legality of the processing carried out on the basis of the consent until the revocation.
i. Automated decision-making and profiling
Automated decision-making, including profiling, does not take place.
We use Airbrake.io, a bug tracking service for software developers. The provider is Airbrake Technologies, Inc., 98 San Jacinto Blvd Suite 1300, Austin, TX 78701, USA (hereinafter Airbrake). When you visit our website, information about errors that may occur in our application is collected, such as the error code, trigger, timestamp and other details that can help identify and resolve the problem. In some cases, information about the user may also be collected, such as the IP address and browser type. For more information about data processing by Airbrake, please see the provider's privacy policy at https://www.airbrake.io/privacy
The processing of your data by Airbrake.io is solely for the purpose of error tracking and troubleshooting. In order for us to use Airbrake.io on our website, we need your explicit consent in accordance with Article 6 paragraph 1 letter a) of the General Data Protection Regulation (GDPR). This means that you must give us your consent by actively accepting the use of Airbrake.io before we are allowed to transfer data to this service. Please note that you have the right to withdraw your consent at any time by disabling cookies in your browser. For more information on the use of cookies, please see our Cookie Policy.
We have taken appropriate measures to ensure that your data is processed in accordance with the applicable data protection regulations. In particular, we have concluded a contract for order processing with Airbrake.io that meets the requirements of Article 28 GDPR (order processor).
We use Amazon Cloudfront, a content distribution service from Amazon Web Services. The provider is Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA (hereinafter "AWS"). When you visit our website, data about your activities on our website may be collected, such as your IP address and browser type. We use this data to improve the performance and security of our website. Further information on how it works and how Amazon Cloudfront handles data protection can be found at the following links: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html and https://docs.aws.amazon.com/de_de/AmazonCloudFront/latest/DeveloperGuide/data-protection-summary.html
To collect and process your data on Amazon Cloudfront, we require your explicit consent in accordance with Article 6 paragraph 1 letter a) of the General Data Protection Regulation (GDPR). This means that you must give us your consent by actively accepting the use of Amazon Cloudfront before we are allowed to transfer data to this service. Please note that you have the right to withdraw your consent at any time by disabling cookies in your browser. For more information on the use of cookies, see our Cookie Policy.
We have taken appropriate measures to ensure that your data is processed in accordance with applicable data protection regulations. In particular, we have concluded a data processing agreement with AWS that meets the requirements of Article 28 GDPR.
a. Type and purpose of processing
On our website you have the option of making appointments with us. We use the tool "Calendly" to book appointments. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter "Calendly"). To book an appointment, enter the requested data and the desired date in the form provided. The data entered is used for planning, carrying out and, if necessary, for follow-up to the appointment. The appointment data is stored for us on the Calendly servers, whose privacy policy you can view here: calendly.com/de/pages/privacy
b. Legal basis for processing
The legal basis for data processing is Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in making appointments with interested parties and customers as uncomplicated as possible. If a corresponding consent has been requested, the processing will be carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: calendly.com/pages/dpa
c. Data categories
Please refer to Calendly’s privacy policy to find out which specific data is collected and how it is used: calendly.com/de/pages/privacy
d. Recipient
e. Storage periods
The data you enter will remain with us until you request deletion, revoke your consent to storage or the purpose for storing the data no longer applies. Mandatory legal provisions - in particular retention periods - remain unaffected.
f. Legal / contractual requirement
The provision of your personal data is voluntary. Without the provision of your personal data, we cannot grant you access to the content and services we offer.
g. Third country transfer
The data is processed in the USA.
h. Revocation of consent
You can revoke your consent to the storage of your personal data at any time with effect for the future. You can inform us of your revocation at any time using the contact option provided at the beginning of this privacy policy.
i. Automated decision-making and profiling
As a responsible company, we do not use automated decision-making or profiling in this data processing.
We use the tool 'CCM19' from Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn on our website. By using CCM19 Cloud, we can meet the legal requirements regarding information obligations when using cookies and other technologies. The tool is hosted on a server by DPO Consult GmbH (dpo.at).
CCM19 uses technically necessary cookies to obtain the user's consent and to save the cookie preferences. The legal basis for this is Art. 6 (1) lit. c GDPR; the use of CCM19 is necessary to comply with the obligation to provide information in accordance with Art. 13 GDPR.
Through the use of CCM19, no personal data is transferred to Papoo Software & Media GmbH or stored by Papoo Software & Media GmbH. The data we collect and store in connection with the use of CCM19 is deleted in accordance with the statutory retention periods.
You can change your cookie preferences or withdraw your consent to the use of cookies on our website at any time.
a. Type and purpose of processing
The Facebook–pixel is a JavaScript code that is implemented on our website to track the behavior of people on the website with Facebook-user profiles. It collects data that helps track conversions, optimize ads, and create audiences. The Facebook Pixel makes it possible to segment website visitors and display personalized advertising content on Facebook and other platforms in the Facebook advertising network. For example, ads can be targeted specifically at visitors who have already interacted with the website. The Facebook Pixel can be used to track conversions, i.e. it tracks whether users perform certain actions on the website (e.g. make a purchase) after clicking on a Facebook ad. This information is valuable for measuring the effectiveness of advertising campaigns.
b. Legal basis for processing
The processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in the functionality of our website.
c. Data categories
For information on which specific data is collected and how it is used, please refer to the privacy policy of Facebook: facebook.com/policy.php
d. Recipient
e. Storage periods
The data we collect directly via the pixel is deleted from our systems as soon as the purpose for storing it no longer applies, you ask us to delete it, revoke your consent to storage or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected.
The storage period of your data, which is Facebook We have no influence over whether your data is stored for our own purposes. For further details please contact Facebook (e.g. in their privacy policy, see above).
f. Legal / contractual requirement
The provision of your personal data is voluntary. Without the provision of your personal data, we cannot grant you access to the content and services we offer.
g. Third country transfer
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
h. Revocation of consent
You can revoke your consent to the storage of your personal data at any time with effect for the future. You can inform us of your revocation at any time using the contact option provided at the beginning of this privacy policy.
i. Automated decision-making and profiling
As a responsible company, we do not use automated decision-making or profiling in this data processing.
a. Type and purpose of processing
We use the Giphy service to provide animated GIFs and visual content on our website. This integration allows users to experience interactive and engaging content. By integrating Giphy, we offer a dynamic and engaging visual component that improves the user experience on our website. Giphy enables a lively and expressive form of communication that is particularly used in social media and digital sharing.
b. Legal basis for processing
The data processing is based on our legitimate interest in enriching our web content and improving the user experience (Art. 6 Para. 1 lit. f GDPR).
c. Data categories
When using Giphy, data such as IP address, device type, operating system, browser type, communication data and usage data may be processed.
d. Recipient
The recipients of the data are Giphy Inc. and its partners and service providers.
e. Storage periods
The retention periods for the data collected are based on Giphy's policies and are kept for as long as necessary to provide the service.
f. Legal/contractual requirement
The provision of your personal data is neither legally nor contractually required, but is necessary for the use of the interactive functions provided by Giphy.
g. Third country transfer
Giphy may transfer data to countries outside the European Union. Appropriate safeguards will be put in place to ensure the security of your data.
h. Revocation of consent
If the processing is based on your consent, you have the right to withdraw this consent at any time without affecting the legality of the processing carried out on the basis of the consent until the withdrawal.
i. Automated decision-making and profiling
There is no automated decision-making or profiling in connection with the data processed by Giphy.
This website uses Google Analytics, a web analysis service provided by Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland. Google Analytics uses so-called "cookies", which are text files placed on your computer, to help the website analyze how users use the site. Google Analytics processes data categories such as IP address (anonymized), click path, date and time of website visit, device information, location information, browser type, and browser language. The information generated by the cookie about your use of the website is usually transferred to a Google server in the USA and stored there. However, due to the activation of IP anonymization on these websites, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google. The purposes of data processing are to evaluate website usage and to compile reports on website activity. Other related services will then be provided based on website and internet usage. Google Analytics may process the following categories of data, among others: IP address (anonymized), click path, date and time of website visit, device information, location information, browser type, browser language.
The processing of the entered data is based on the user’s consent (Art. 6 Para. 1 lit. a GDPR).
c. Data categories
d. Recipient
e. Storage periods
Data will only be processed in this context as long as the corresponding consent has been given. After this, it will be deleted unless there are statutory retention periods. To contact us in this context, please use the contact details provided at the beginning of this data protection declaration.
f. Legal / contractual requirement
The provision of your personal data is voluntary and based solely on your consent. If you deny access, this may result in functional restrictions on the website.
g. Third country transfer
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
h. Revocation of consent
You can revoke your consent to the storage of your personal data at any time with effect for the future. You can inform us of your revocation at any time using the contact option provided at the beginning of this privacy policy.
You can prevent cookies from being saved by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: “Browser Add-On to deactivate Google Analytics”.
i. Automated decision-making and profiling
Using the tracking tool Google Analytics, the behavior of website visitors can be evaluated and their interests analyzed. To do this, we create a pseudonymous user profile.
a. Type and purpose of processing
We use the service for the online marketing process Google “Doubleclick”.
The purpose of this service is to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.). Double Click is characterized by the fact that ads are displayed in real time based on the presumed interests of users. This allows us to display ads for and within our online offering in a more targeted manner in order to only present users with ads that potentially correspond to their interests. If, for example, a user is shown ads for products that they were interested in on other online offerings, this is referred to as "remarketing". For these purposes, when you visit our website and other websites on which the Google advertising network is active, Google immediately executes a code from Google and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). This file records which websites the user has visited, which content he is interested in and which offers the user has clicked on, as well as technical information on the browser and operating system, referring websites, time of visit and other information on the use of the online offer.
The user's IP address is also recorded, although this is shortened within member states of the European Union or in other contracting states to the Agreement on the European Economic Area and only in exceptional cases is it transferred in full to a Google server in the USA and shortened there. Google may also combine the above information with information from other sources. If the user subsequently visits other websites, he or she may be shown advertisements tailored to him or her based on his or her user profile and in accordance with his or her presumed interests.
The user data is processed pseudonymously within the Google advertising network. This means that Google does not store and process the name or email address of the user, for example, but processes the relevant data in a cookie-related manner within pseudonymous user profiles. This means that from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who this cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization.
b. Legal basis for processing
The processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in the analysis, optimization and economic operation of our online offering.
c. Data categories
Click path; IP address; Usage data; Referrer URL; Mouse movements; Advertisements viewed; click path; IP address; Touch point to advertising medium; Pages viewed; User; Transactions; Events
d. Recipient
Recipients of the data are internal employees of the IT department and Google as data processor.
e. Storage periods
Once the purpose no longer applies and we no longer use Google Doubleclick, the data collected in this context will be deleted.
f. Legal / contractual requirement
The provision of your personal data is voluntary and based solely on your consent. Without the provision of your personal data, we cannot grant you access to the content and services we offer.
g. Third country transfer
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
h. Revocation of consent
For further information on data usage by Google, setting options and objection options, please see Google’s privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google(https://adssettings.google.com/authenticated). You can revoke your consent to the storage of your personal data at any time with effect for the future. You can notify us of your revocation at any time using the contact option provided at the beginning of this privacy policy.
i. Automated decision-making and profiling
As a responsible company, we do not use automated decision-making or profiling in this data processing.
a. Type and purpose of processing
This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. When you visit a page, your browser loads the required fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you use must connect to Google's servers. This tells Google that this website was accessed via your IP address. If your browser does not support Google Fonts, a standard font from your computer will be used.
Google Fonts is used in the interest of a uniform and appealing presentation of our online offerings. Further information on Google Fonts can be found at developers.google.com/fonts/faq and in Google’s privacy policy: policies.google.com/privacy.
b. Legal basis for processing
If a corresponding consent has been requested, the processing will be carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
c. Data categories
d. Recipient
Recipients of the data are internal employees of the {department/s} and Google as the data processor. For this purpose, we have concluded the corresponding data processing agreement with Google.
e. Storage periods
Data will only be processed in this context as long as the corresponding consent has been given. After this, it will be deleted unless there are statutory retention periods. To contact us in this context, please use the contact details provided at the beginning of this data protection declaration.
f. Legal / contractual requirement
The provision of your personal data is voluntary and based solely on your consent. If you deny access, this may result in functional restrictions on the website.
G. Third country transfer
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
h. Revocation of consent
For further information on data usage by Google, setting options and objection options, please see Google’s privacy policy (policies.google.com/privacy). You can revoke your consent to the storage of your personal data at any time with effect for the future. You can notify us of your revocation at any time using the contact option provided at the beginning of this privacy policy.
i. Automated decision-making and profiling
As a responsible company, we do not use automated decision-making or profiling when using Google Fonts.
a. Type and purpose of processing
We use Google Photos. Google Photos is an online service provided by Google (provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland) for storing images and videos.
When you open the image galleries, your browser loads the required pages into your browser cache in order to display the images correctly.
For this purpose, the browser you use must connect to Google's servers. This tells Google that our website was accessed via your IP address. Google Photos is used in the interest of a uniform and attractive presentation of our online offerings. You can find more information about Google Photos at photos.google.com and in Google’s privacy policy: policies.google.com.
b. Legal basis for processing
The processing is carried out in accordance with Art. 6 Para. 1 lit. a GDPR on the basis of your consent. You can revoke your consent at any time. However, without your consent, no content from Google Photos will be loaded onto our website. We use Google Photos exclusively to analyze, optimize and economically operate our online offering.
c. Data categories
d. Recipient
Recipients of the data are internal employees of the {department/s} and Google as the data processor. For this purpose, we have concluded the corresponding data processing agreement with Google.
e. Storage periods
Data will only be processed in this context as long as the corresponding consent has been given. After this, it will be deleted unless there are statutory retention periods. To contact us in this context, please use the contact details provided at the beginning of this data protection declaration.
f. Legal / contractual requirement
The provision of your personal data is voluntary and based solely on your consent. If you deny access, this may result in functional restrictions on the website.
G. Third country transfer
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
h. Revocation of consent
For further information on data usage by Google, setting options and objection options, please see Google’s privacy policy (policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google(adssettings.google.com/authenticated). You can revoke your consent to the storage of your personal data at any time with effect for the future. You can notify us of your revocation at any time using the contact option provided at the beginning of this privacy policy.
i. Automated decision-making and profiling
As a responsible company, we do not use automated decision-making or profiling when using Google Photos.
a. Type and purpose of processing
To protect against misuse of our web forms and against spam, we use the Google reCAPTCHA service in some forms on this website. By checking manual input, this service prevents automated software (so-called bots) from carrying out abusive activities on the website. This serves to protect our legitimate interests, which prevail in the context of a balancing of interests, in protecting our website against misuse and in ensuring that our online presence is displayed without disruption.
Google reCAPTCHA uses a code embedded in the website, a so-called JavaScript, to analyze your use of the website, such as cookies. The automatically collected information about your use of this website, including your IP address, is usually transferred to a Google server in the USA and stored there. In addition, other cookies stored in your browser by Google services are evaluated by Google reCAPTCHA.
No personal data is read or saved from the input fields of the respective form.
b. Legal basis for processing
The processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the security and functionality of our website.
c. Data categories
d. Recipient
Recipients of the data are internal employees and Google as data processors.
e. Storage periods
Once the purpose no longer applies and we no longer use Google reCAPTCHA, the data collected in this context will be deleted.
f. Legal / contractual requirement
The provision of your personal data is voluntary and based solely on your consent. Without the provision of your personal data, we cannot grant you access to the content and services we offer.
g. Third country transfer
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
h. Revocation of consent
You can prevent Google from collecting the data generated by JavaScript or cookies and relating to your use of the website (including your IP address) and from processing this data by Google by disabling JavaScript execution or cookies in your browser settings. Please note that this may limit the functionality of our website for your use.
Further information on Google’s privacy policy can be found here: https://policies.google.com/privacyYou can revoke your consent to the storage of your personal data at any time with effect for the future. You can inform us of your revocation at any time using the contact option provided at the beginning of this privacy policy.
i. Automated decision-making and profiling
As a responsible company, we do not use automated decision-making or profiling in this data processing.
a. Type and purpose of processing
Use of Google Tag Manager: Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager: www.google.de/tagmanager/use-policy.html.
b. Legal basis for processing
The processing of the entered data is based on the user’s consent (Art. 6 Para. 1 lit. a GDPR).
c. Data categories
Google Tag Manager does not store any personal data itself. The personal data is recorded by the tags of the respective web analytics tool used.
d. Recipient
Recipients of the data are internal employees of the {department/s} and Google as the data processor. For this purpose, we have concluded the corresponding data processing agreement with Google.
e. Storage periods
Data will only be processed in this context as long as the corresponding consent has been given. After this, it will be deleted unless there are statutory retention periods. To contact us in this context, please use the contact details provided at the beginning of this data protection declaration.
f. Legal / contractual requirement
The provision of your personal data is voluntary and based solely on your consent. If you deny access, this may result in functional restrictions on the website.
g. Third country transfer
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
h. Revocation of consent
You can revoke your consent to the storage of your personal data at any time with effect for the future. You can inform us of your revocation at any time using the contact option provided at the beginning of this privacy policy.
You may prevent cookies from being saved by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
i. Profiling
With the help of the Google Tag Manager tool, the behavior of website visitors can be evaluated and their interests analyzed.
This site uses LinkedIn Ads, an advertising platform from LinkedIn, to deliver targeted ads to our audience. LinkedIn Ads allows us to tailor our advertising messages to LinkedIn members and measure the performance of our ad campaigns.
The data collected by LinkedIn Ads includes your IP address, the browser you use, the pages you visit and the date and time of access. This information is transmitted by LinkedIn Ireland to LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA, and stored there.
The use of LinkedIn Analytics is based on your consent in accordance with Art. 6 (1) (a) GDPR. LinkedIn will not be loaded without your consent.
For more information about data processing by LinkedIn Analytics, please see LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy.
We use LinkedIn Analytics, a web analytics service provided by LinkedIn Ireland Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2, Ireland). LinkedIn Analytics uses cookies to collect information about the use of our website and to provide us with reports on the activities on our website.
The data collected by LinkedIn Analytics includes your IP address, the browser you use, the pages you visit and the date and time of access. This information is transmitted by LinkedIn Ireland to LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA, and stored there.
The use of LinkedIn Analytics is based on your consent in accordance with Art. 6 (1) (a) GDPR. LinkedIn will not be loaded without your consent.
For more information about data processing by LinkedIn Analytics, please see LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy.
We use an external service to continuously update the privacy policy. The provider of this service is preeco GmbH, Magirus-Deutz-Straße 14, 89077, Ulm. No personal data is collected when the information obligations according to Art. 13ff, the so-called privacy policy, are called up.
We use Usabilla, a feedback and analysis tool from Usabilla BV, Rokin 16, 1012 KR Amsterdam, Netherlands (“Usabilla”) on our website. Usabilla enables us to collect feedback from users of our website and to improve the user-friendliness of our website.
For this purpose, Usabilla stores cookies on your device that enable an analysis of the use of the website. The information generated by the cookie is usually transferred to a Usabilla server and stored there. This may include the following data: IP address, date and time of the visit, pages and content accessed, browser and operating system used, referrer URL (the previously visited website). Further information on data processing by Usabilla can be found in Usabilla's privacy policy at https://demo.usabilla.com/privacy/.
In order for us to use Usabilla on our website, we need your express consent in accordance with Article 6 paragraph 1 letter a) of the General Data Protection Regulation (GDPR). You can withdraw your consent at any time. We have taken appropriate measures to ensure that your data is processed in accordance with the applicable data protection regulations. In particular, we have concluded a contract for order processing with Usabilla that meets the requirements of Article 28 GDPR (order processor).
a. Type and purpose of processing
We use YouTube NoCookie, a more privacy-friendly version of YouTube, to embed videos on our website. This service enables us to offer multimedia content without automatically setting cookies when the page is first accessed, which transfer user data to YouTube.
b. Legal basis for processing
YouTube videos are embedded on the basis of our legitimate interest in offering our users high-quality content and improving our online presence (Art. 6 Para. 1 lit. f GDPR).
c. Data categories
When a user plays a video, data such as IP address, information about the device used, browser data and interaction data with the video may be collected by YouTube.
d. Recipient
The recipients of the data are YouTube or Google LLC and their partner companies involved in the video hosting services.
e. Storage periods
The data collected is stored for as long as necessary to provide the service and to comply with YouTube's legal obligations.
f. Legal/contractual requirement
The provision of your data is not required by law or contract, but is necessary to play the video content via YouTube NoCookie.
g. Third country transfer
When using YouTube NoCookie, your data may be transferred to countries outside the European Union. YouTube ensures that appropriate data protection standards are maintained.
h. Revocation of consent
If the processing of your data is based on consent, you have the right to withdraw this consent at any time. The withdrawal does not affect the legality of the processing based on the consent before its withdrawal.
i. Automated decision-making and profiling
There is no automated decision-making or profiling in the context of the use of YouTube NoCookie that has legal consequences for you or significantly affects you in a similar way.
a. Type and purpose of processing
Our website uses social plugins from YouTube You can recognize the plugins by the fact that they are marked with the corresponding logo.
These plugins may transmit information, which may include personal data, to YouTubeand may be used by them. We prevent the unconscious and unwanted collection and transmission of data to YouTube through a so-called Shariff solutionOnly by clicking on the plugin will the collection of information and its transmission to YouTube We do not collect any personal data ourselves via the social plugins or through their use.
We have no influence on what data an activated plugin collects and how this data is YouTube Currently, it must be assumed that a direct connection to the services of YouTube is set up and at least the IP address and device-related information is recorded and used. It is also possible that YouTube attempts to store cookies on the computer used.
b. Legal basis for processing
The processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in the functionality of our website.
c. Data categories
For information on which specific data is collected and how it is used, please refer to the privacy policy of YouTube:
YouTube: https://policies.google.com/privacy
d. Recipient
e. Storage periods
The data we collect directly via the social media plugins is deleted from our systems as soon as the purpose for storing it no longer applies, you request deletion, revoke your consent to storage or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected.
The storage period of your data, which is YouTube We have no influence over whether your data is stored for our own purposes. For further details please contact YouTube (e.g. in their privacy policy, see above).
f. Legal / contractual requirement
The provision of your personal data is voluntary. Without the provision of your personal data, we cannot grant you access to the content and services we offer.
g. Third country transfer
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
h. Revocation of consent
You can revoke your consent to the storage of your personal data at any time with effect for the future. You can inform us of your revocation at any time using the contact option provided at the beginning of this privacy policy.
i. Automated decision-making and profiling
As a responsible company, we do not use automated decision-making or profiling in this data processing.
a. Type and purpose of processing
We embed YouTube videos on some of our websites. The operator of the corresponding plug-ins is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you visit a page with the YouTube plug-in, a connection is established to YouTube servers. YouTube is informed which pages you visit. If you are logged into your YouTube account, YouTube can assign your surfing behavior to you personally. You can prevent this by logging out of your YouTube account beforehand. When a YouTube video is started, the provider uses cookies that collect information about user behavior. You can find more information about the purpose and scope of data collection and processing by YouTube in the provider's privacy policy. There you will also find more information about your rights in this regard and setting options for protecting your privacy (policies.google.com/privacy).
b. Legal basis for processing
The legal basis for the integration of YouTube and the associated data transfer to Google is your consent (Art. 6 Para. 1 lit. a GDPR).
c. Data categories
IP address; device information, referrer URL, videos viewed, IP address, videos viewed
d. Recipient
Recipients of the data are internal employees of the IT department and YouTube as a service provider.
e. Storage periods
Anyone who has deactivated the storage of cookies for the Google Ad program will not have to expect such cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you want to prevent this, you must block the storage of cookies in your browser. Further information on data protection at "YouTube" can be found in the provider's data protection declaration at: policies.google.com/privacy
f. Legal / contractual requirement
The provision of your personal data is voluntary and based solely on your consent. If you deny access, this may result in functional restrictions on the website.
g. Third country transfer
Google processes your data in the USA.
h. Revocation of consent
You can revoke your consent to the storage of your personal data at any time with effect for the future. You can inform us of your revocation at any time using the contact option provided at the beginning of this privacy policy.
i. Automated decision-making and profiling
As a responsible company, we do not use automated decision-making or profiling in this data processing.
a. Type and purpose of processing
We are pleased about your interest in our presence on FacebookWe would like to give you an overview of which data we collect, use and store there.
Social networks can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). By visiting our social media presence on Facebook Numerous data protection-relevant processing operations are triggered. In detail:
If you are in your Facebookaccount and visit our social media presence, Facebook assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account on Facebook In this case, this data collection takes place, for example, via cookies that are stored on your device or by recording your IP address. With the help of the data collected in this way, Facebook Create user profiles that store your preferences and interests. This allows you to receive interest-based advertising inside and outside of Facebook If you have an account on Facebookinterest-based advertising can be displayed on all devices on which you are logged in or were logged in. Please also note that we cannot carry out all processing on Facebook Therefore, further processing operations may be required by Facebook For details, please refer to the Terms of Use and Privacy Policy of Facebook.
b. Legal basis for processing
The processing is carried out in accordance with Art. 6 (1) lit. f. GDPR on the basis of our legitimate interest in the contact options with our customers. Facebook The analysis processes initiated may be based on different legal bases, which are Facebook must be stated (e.g. consent within the meaning of Art. 6 Para. 1 lit. a GDPR).
c. Data categories
For information on which specific data is collected and how it is used, please refer to the privacy policy of Facebook:
Facebook: www.facebook.com/policy.php
d. Recipient
e. Storage periods
After the purpose has ceased and the use of Facebook We will delete the data collected in this context.
f. Legal / contractual requirement
The provision of your personal data is voluntary. Without the provision of your personal data, we cannot grant you access to the content and services we offer.
g. Third country transfer
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
h. Revocation of consent
You can revoke your consent to the storage of your personal data at any time with effect for the future. You can inform us of your revocation at any time using the contact option provided at the beginning of this privacy policy.
i. Automated decision-making and profiling
As a responsible company, we do not use automated decision-making or profiling in this data processing.
a. Type and purpose of processing
We are pleased about your interest in our presence on InstagramWe would like to give you an overview of which data we collect, use and store there.
We advertise our products and services on our Instagram-Account. There may be marked links for advertising purposes to external websites or to our websites that redirect to a sales page.
Social networks can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). By visiting our social media presence on Instagram Numerous data protection-relevant processing operations are triggered. In detail:
If you are in your Instagramaccount and visit our social media presence, Instagram assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account on Instagram In this case, this data collection takes place, for example, via cookies that are stored on your device or by recording your IP address. With the help of the data collected in this way, Instagram Create user profiles that store your preferences and interests. This allows you to receive interest-based advertising inside and outside of Instagram If you have an account on Instagraminterest-based advertising can be displayed on all devices on which you are logged in or were logged in. Please also note that we cannot carry out all processing on Instagram Therefore, further processing operations may be required by Instagram For details, please refer to the Terms of Use and Privacy Policy of Instagram.
b. Legal basis for processing
The processing is carried out in accordance with Art. 6 (1) lit. f. GDPR on the basis of our legitimate interest in the contact options with our customers. Instagram The analysis processes initiated may be based on different legal bases, which are Instagram must be stated (e.g. consent within the meaning of Art. 6 Para. 1 lit. a GDPR).
c. Data categories
For information on which specific data is collected and how it is used, please refer to the privacy policy of Instagram:
Instagram: help.instagram.com/155833707900388
d. Recipient
e. Storage periods
After the purpose has ceased and the use of Instagram We will delete the data collected in this context.
f. Legal / contractual requirement
The provision of your personal data is voluntary. Without the provision of your personal data, we cannot grant you access to the content and services we offer.
g. Third country transfer
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
h. Revocation of consent
You can revoke your consent to the storage of your personal data at any time with effect for the future. You can inform us of your revocation at any time using the contact option provided at the beginning of this privacy policy.
i. Automated decision-making and profiling
As a responsible company, we do not use automated decision-making or profiling in this data processing.
a. Type and purpose of processing
We are pleased about your interest in our presence on LinkedInWe would like to give you an overview of which data we collect, use and store there.
We advertise our products and services on our LinkedIn-Account. There may be marked links for advertising purposes to external websites or to our websites that redirect to a sales page.
Social networks can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). By visiting our social media presence on LinkedIn Numerous data protection-relevant processing operations are triggered. In detail:
If you are in your LinkedInaccount and visit our social media presence, LinkedIn assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account on LinkedIn In this case, this data collection takes place, for example, via cookies that are stored on your device or by recording your IP address. With the help of the data collected in this way, LinkedIn Create user profiles that store your preferences and interests. This allows you to receive interest-based advertising inside and outside of LinkedIn If you have an account on LinkedIn interest-based advertising can be displayed on all devices on which you are logged in or were logged in. Please also note that we cannot carry out all processing on LinkedIn Therefore, further processing operations may be required by LinkedIn For details, please refer to the Terms of Use and Privacy Policy of LinkedIn.
b. Legal basis for processing
The processing is carried out in accordance with Art. 6 (1) lit. f. GDPR on the basis of our legitimate interest in the contact options with our customers. LinkedIn The analysis processes initiated may be based on different legal bases, which are LinkedInmust be stated (e.g. consent within the meaning of Art. 6 Para. 1 lit. a GDPR).
c. Data categories
For information on which specific data is collected and how it is used, please refer to the privacy policy of LinkedIn:
LinkedIn: https://www.linkedin.com/legal/privacy-policy
d. Recipient
e. Storage periods
After the purpose has ceased and the use of LinkedIn We will delete the data collected in this context.
f. Legal / contractual requirement
The provision of your personal data is voluntary. Without the provision of your personal data, we cannot grant you access to the content and services we offer.
g. Third country transfer
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
h. Revocation of consent
You can revoke your consent to the storage of your personal data at any time with effect for the future. You can inform us of your revocation at any time using the contact option provided at the beginning of this privacy policy.
i. Automated decision-making and profiling
As a responsible company, we do not use automated decision-making or profiling in this data processing.
7. eCommerce and payment providers
Processing of data (customer and contract data)
We only collect, process and use personal data to the extent that it is necessary for the establishment, content design or modification of the legal relationship (master data). This is done on the basis of Art. 6 Paragraph 1 Letter b of GDPR, which permits the processing of data to fulfill a contract or pre-contractual measures. We only collect, process and use personal data about the use of this website (usage data) to the extent that this is necessary to enable the user to use the service or to bill them.
The customer data collected will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.
Data transfer when concluding a contract for services and digital content
We only transmit personal data to third parties if this is necessary for the performance of the contract, for example to the credit institution responsible for processing payments.
The data will not be transferred to any other party or will only be transferred if you have expressly consented to the transfer. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
The basis for data processing is Art. 6 (1) (b) GDPR, which permits the processing of data to fulfill a contract or for pre-contractual measures.
Payment services
We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, bank details, credit card number) will be processed by the payment service provider for the purpose of payment processing. The respective contract and data protection provisions of the respective providers apply to these transactions. The payment service providers are used on the basis of Art. 6 Para. 1 lit. b GDPR (contract processing) and in the interest of a payment process that is as smooth, convenient and secure as possible (Art. 6 Para. 1 lit. f GDPR). If your consent is requested for certain actions, Art. 6 Para. 1 lit. a GDPR is the legal basis for data processing; consent can be revoked at any time for the future.
We use the following payment services / payment service providers on this website:
Stripe
The provider for customers within the EU is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter “Stripe”).
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://stripe.com/de/privacy and https://stripe.com/de/guides/general-data-protection-regulation.
You can find details about this in Stripe’s privacy policy at the following link: https://stripe.com/de/privacy.
Klarna
The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). Klarna offers various payment options (e.g. installment purchase). If you choose to pay with Klarna (Klarna checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimize the use of the Klarna checkout solution. Details on the use of Klarna cookies can be found at the following link: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.
You can find details about this in Klarna’s privacy policy at the following link: https://www.klarna.com/de/datenschutz/.
Instant bank transfer
The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter "Sofort GmbH"). Using the "Sofortüberweisung" process, we receive a payment confirmation from Sofort GmbH in real time and can begin to meet our obligations immediately. If you have chosen the "Sofortüberweisung" payment method, you send the PIN and a valid TAN to Sofort GmbH, which it can use to log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and carries out the transfer to us using the TAN you have sent. It then immediately sends us a transaction confirmation. After logging in, your transactions, the credit limit of the overdraft facility and the existence of other accounts and their balances are also automatically checked. In addition to the PIN and TAN, the payment data you have entered and your personal data are also sent to Sofort GmbH. The personal data includes your first and last name, address, telephone number(s), email address, IP address and, if applicable, other data required for payment processing. The transmission of this data is necessary in order to establish your identity beyond doubt and to prevent attempted fraud. Details on payment with Sofortüberweisung can be found at the following links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.
The provider for customers within the EU is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter “Stripe”).
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://stripe.com/de/privacy and https://stripe.com/de/guides/general-data-protection-regulation.
You can find details about this in Stripe’s privacy policy at the following link:
https://stripe.com/de/privacy.
a. Type and purpose of processing
We use Stripe to process payments securely and efficiently. If you decide to make a purchase on our site, your payment information will be processed directly by Stripe to complete the transaction.
b. Legal basis for processing
The processing of your payment information by Stripe is based on the performance of the contract (Article 6 paragraph 1 letter b GDPR), as the processing is necessary for the processing of your order.
c. Data categories
The following data categories may be collected:
d. Recipient
Your payment information is processed by Stripe. Stripe is committed to protecting your data in accordance with its privacy policy.
e. Storage periods
Stripe stores your payment information for the period necessary to process the transaction and to comply with legal retention requirements.
f. Legal / contractual requirement
The provision of your personal data for payment processing is necessary to conclude the contract. Without this information, we may not be able to process your order.
g. Third country transfer
Stripe may process and store data outside the European Union (EU) or the European Economic Area (EEA), in particular in the United States. Transfers of data to third countries are carried out in accordance with applicable data protection laws and by implementing appropriate security measures.
h. Revocation of consent
Since the processing of your data for payment processing is generally based on the performance of the contract and not on your consent, there can be no separate revocation for this specific processing. However, if you have any questions or concerns about our data protection practices, you can contact us at any time using the contact details provided.
i. Automated decision-making and profiling
As a responsible company, we consciously decide not to use automated decision-making or profiling in the context of this data processing.
Users can create a user account. During registration, the required mandatory information is communicated to the users and processed on the basis of Art. 6 Paragraph 1 Letter b of GDPR for the purpose of providing the user account. The data processed includes in particular the login information (name, password and an email address). The data entered during registration is used for the purposes of using the user account and its purpose.
Users can be informed by email about information that is relevant to their user account, such as technical changes. If users have terminated their user account, their data relating to the user account will be deleted, subject to a statutory retention period. It is the responsibility of users to back up their data before the end of the contract if the contract is terminated. We are entitled to irretrievably delete all user data stored during the term of the contract.
When you use our registration and login functions and the user account, we save the IP address and the time of the respective user action. The data is saved on the basis of our legitimate interests, as well as the user's interest in protection against misuse and other unauthorized use. This data is generally not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c. GDPR. The IP addresses are anonymized or deleted after 7 days at the latest.
The personal data of every individual who has a contractual, pre-contractual or other relationship with our company deserves special protection. We aim to maintain our data protection level at a high standard. That is why we are committed to continuously developing our data protection and data security concepts. We are therefore committed to protecting your privacy and treating your personal data confidentially. In order to avoid manipulation, loss or misuse of the data stored by us, we take extensive technical and organizational security precautions that are regularly reviewed and adapted to technological progress. This includes, among other things, the use of recognized encryption methods (SSL or TLS). However, we would like to point out that due to the structure of the Internet, it is possible that the data protection rules and the above-mentioned security measures are not observed by other persons or institutions outside our area of responsibility. In particular, data disclosed unencrypted - e.g. if this is done by email - can be read by third parties. We have no technical influence on this. It is the user's responsibility to protect the data he or she provides against misuse by encrypting it or otherwise.
If your personal data is processed as a user, you are considered to be a data subject in accordance with the GDPR. Data subjects have the following rights vis-à-vis the controller:
Since changes in the law or changes to our internal company processes may make it necessary to adapt this privacy statement, we ask you to read this privacy statement regularly. The privacy statement can be accessed at any time. We therefore reserve the right to change these guidelines at any time in compliance with data protection regulations.
1. Data protection at a glance
General information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is all data with which you can be personally identified. You can find detailed information on the subject of data protection in our data protection declaration listed under this text.
Data collection on this website
Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. You can find his contact details in the section "Information on the responsible party" in this data protection declaration.
How do we collect your data?
On the one hand, your data is collected when you communicate it to us. This may, for example, be data that you enter in a contact form, or when registering or using one of our services.
Other data is collected automatically or with your consent when you visit the website by our IT systems. This is primarily technical data (e.g. Internet browser, operating system or time of page access). This data is collected automatically as soon as you enter this website.
What do we use your data for?
Some of the data is collected to ensure that the website and our services are provided without errors. Other data may be used to analyze your user behavior, provided you have consented.
As well as for passing on data due to a legal obligation to authorities, registration authorities, district administrative authorities, state police directorates, municipalities
What rights do you have regarding your data?
You have the right to obtain information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request that this data be corrected or deleted. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request that the processing of your personal data be restricted under certain circumstances. You also have the right to lodge a complaint with the responsible supervisory authority.
You can contact us at any time with any questions about this or other issues relating to data protection.
a. Type and purpose of processing
When you register to use our personalized services, some personal data is collected, such as name, address, contact and communication details (e.g. telephone number and email address). If you are registered with us, you can access content and services that we only offer to registered users. Registered users also have the option of changing or deleting the data provided during registration at any time if necessary. Of course, we will also provide you with information about the personal data we have stored about you at any time.
b. Legal basis for processing
The processing of the data entered during registration is based on the user's consent (Art. 6 Para. 1 lit. a GDPR), to fulfill a contract (Art. 6 Para. 1 lit. b GDPR), to fulfill a legal obligation (Art. 6 Para. 1 lit. c GDPR), and to protect the vital interests of the data subject or another natural person (Art. 6 Para. 1 lit. d GDPR).
c. Data categories
Contact details for COVID-19 guest registration (telephone number, email address, last name, table number, time, date) | Contact details for the digital guest sheet (name, address, gender, origin, length of stay, marital status, ID number, passport number, fellow travelers)
d. Recipient
Recipients of the data are internal employees of the management, sales, accounting and, if applicable, contract processors (accommodation providers, interface providers, municipalities, registration authorities, district administrative authorities, state police directorates, municipalities) who are either responsible for the operation and maintenance of our website or in the context of the provision of the service.
e. Storage periods
Data will only be processed in this context as long as there is a legal basis according to Art. 6 Para. 1 ff GDPR. After that, it will be deleted unless there are statutory retention periods. To contact us in this context, please use the contact details provided at the beginning of this data protection declaration.
f. Legal / contractual requirement
Your personal data is provided in accordance with Art. 6 (1) ff GDPR. Without the provision of your personal data, we cannot grant you access to the content and services we offer.
g. Third country transfer
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
h. Revocation of consent
You can revoke your consent to the storage of your personal data at any time with effect for the future. You can inform us of your revocation at any time using the contact option provided at the beginning of this privacy policy.
i. Automated decision-making and profiling
As a responsible company, we do not use automated decision-making or profiling in this data processing.
a. Type and purpose of processing
Like many other websites, we also use so-called “cookies”. You have the option of setting the prescribed preferences in the Cookie Consent Management Tool.
You can find out which cookies we use for which purpose in the Cookie Consent.
Cookies are simple files that store information about our website and your use of it. These small files are optionally created automatically by your browser when you use our website and are stored locally on your device. This does not mean that we have immediate knowledge of your identity. The use of cookies serves to make the use of our website more pleasant for you.
Therefore, we fundamentally distinguish between technically necessary and not necessary Cookies:
You can find the storage period in the Cookie Consent Tool, which is displayed when you first visit our website.
Technically necessary cookies (“First Party Cookies”)
are required for the operation of a website and are essential for navigating it and using its functions. These cookies are not stored permanently on your computer or device and are deleted when you close the browser. They are so-called session cookies.
We use the following technically necessary cookies:
Non-necessary cookies On the other hand, most Ffunctional cookies, performance cookies and marketing & third party cookies, which allow us to, for example, record and count the number of visitors and traffic sources in order to measure and improve the performance of the website. They are also used to find out if there are problems or errors on certain pages, which pages are the most popular and how visitors navigate around the website.
b. Legal basis for processing
The use of the technically necessary cookies (“First Party Cookies”) is possible without the consent of the website visitor and is subject to a legitimate interest in the economic operation and optimization of our website and services) within the meaning of Art. 6 Para. 1 Clause 1 Letter f of GDPR.
The use of non-essential cookies, How Functional cookies, performance cookies and marketing & third party cookies is subject to the consent of the website visitor in accordance with Art. 6 Paragraph 1 Clause 1 Letter a of GDPR.
c. Data categories
d. Recipient
The data recipients can be found at the end of the privacy policy in the list of cookies used.
e. Storage periods
The user can set his web browser so that the storage of cookies on his device is generally prevented or he is asked each time whether he agrees to the setting of cookies. The user can delete cookies that have been set at any time. How this works is described in the help function of the respective web browser.
A general deactivation of cookies may lead to functional restrictions of this website.
f. Legal / contractual requirement
The provision of your personal data in cookies is voluntary for non-essential cookies, based solely on your consent (so-called opt-in cookies). You can also prevent the use of pre-set, technically necessary cookies (so-called opt-out cookies) via your browser settings. However, without your consent, the service and functionality of our website cannot be guaranteed. In addition, individual services may be unavailable or restricted.
G. Third country transfer
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
h. Revocation of consent
You can revoke your consent to all cookies at any time with future effect in your browser settings.
i. Automated decision-making and profiling
As a responsible company, we do not use automated decision-making or profiling when collecting cookies.
When you visit this website, your surfing behavior may be statistically evaluated. This is done primarily with so-called analysis programs.
Detailed information about these analysis programs can be found in the following privacy policy.
Hosting
We host our website with GDPR compliant providers within the EU.
Details can be found in the data processing agreement (AVV) pursuant to Art. 28 EU GDPR.
The data is used on the basis of Art. 6 (1) (f) GDPR. We have a legitimate interest in presenting our website as reliably as possible. If consent has been requested, the data will be processed exclusively on the basis of Art. 6 (1) (a) GDPR; consent can be revoked at any time.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This is:
This data will not be merged with other data sources.
This data is collected on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website - for this purpose, the server log files must be recorded.
Order processing
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law that guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Data protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the Internet (e.g. when communicating by email) can have security gaps. Complete protection of data against access by third parties is not possible.
Note on the responsible body
The responsible body for data processing on this website is:
ibindo gmbH
Main Street 101
A-2123 Hautzendorf
Legal form: Limited liability company
Company registration number: FN 560840 s
Phone: +43 0677/63696352
Email: datenschutz@ibindo.at
The responsible body is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).
Storage period
Unless a more specific storage period has been specified within this data protection declaration, your personal data will remain with us until the purpose for data processing no longer applies.
Storage period digital guest list
The storage period of personal data for the “Digital Guest Sheet” is Section 19 paragraph 5 Reporting Act–Implementing Regulation and amounts to 7 years, with the period starting from the last entry.
Storage period COVID19 guest registration
The storage period of personal data for the “COVID 19 guest registration” is Section 5c paragraph 3 Epidemic Act 1950, Federal Law Gazette No.
186/1950 as amended in conjunction with Section 17 of the COVID-19 Opening Ordinance, Federal Law Gazette II No. 214/2021 and amounts to 28 days.
Storage period Probbill
The storage period of personal data for the “Probbill“ is the 132 BAO and amounts to 7 years,
If you make a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will take place once these reasons no longer apply.
Data Protection Officer
We have appointed a data protection officer for our company.
DPO Consult GmbH
Karl Pusch
At the Iron Gate 2/III
A-8010 Graz
Telephone: 0800 22 44 88
Email: dpo@dpo.at
If, as part of our processing, we disclose data to other persons and companies (contract processors, joint controllers or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if transmission of the data to third parties, such as payment service providers, is necessary to fulfill the contract), users have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using interface providers, accommodation providers, authorities, municipalities, etc.).
If we disclose, transmit or otherwise grant access to data to other companies in our group of companies, this is done in particular for administrative purposes as a legitimate interest and, beyond that, on a basis that complies with the legal requirements.
The following organisations, companies, authorities or persons have been commissioned by the operator of this website to process data:
Processor within the EU / EEA:
Accommodation providers, interface providers.
Processor outside the EU / EEA:
Service provider of the web services.
Note on data transfer to the USA and other third countries
Among other things, we use tools from companies based in the USA or other third countries that are not secure in terms of data protection law. If these tools are active, your personal data can be transferred to these third countries and processed there. We would like to point out that a level of data protection comparable to that in the EU cannot be guaranteed in these countries. For example, US companies are obliged to release personal data to security authorities without you as the data subject being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. secret services) will process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke your consent at any time. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation.
Every data subject has the right to object at any time, for reasons related to his or her particular situation, to the processing of personal data concerning him or her which is carried out on the basis of Art. 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions.
In the event of an objection, the controller shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. If the controller processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This also applies to profiling insofar as it is related to such direct marketing. If the data subject objects to the controller processing for direct marketing purposes, the controller will no longer process the personal data for these purposes.
In addition, the data subject has the right to object to the processing of personal data concerning him or her by the controller for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, unless such processing is necessary to perform a task carried out in the public interest, for reasons related to his or her particular situation. To exercise the right to object, the data subject may contact us at any time using the contact option provided at the beginning of this data protection notice.
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data concerning him or her infringes the GDPR. The supervisory authority to which the complaint was submitted shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
Each data subject has the right to receive the personal data concerning him or her, which was made available to a controller, in a structured, common and machine-readable format. He or she also has the right to transmit this data to another controller without hindrance from the current controller to whom the personal data was made available, provided that the processing is based on consent pursuant to point (a) of Art. 6 (1) GDPR or point (a) of Art. 9 (2) GDPR or on a contract pursuant to point (b) of Art. 6 (1) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising his or her right to data portability pursuant to Art. 20 (1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others. To assert the right to data portability, the data subject may contact us at any time using the contact option provided at the beginning of this privacy policy.
Every data subject has the right to obtain from our company the immediate rectification of inaccurate personal data concerning him or her. Furthermore, the data subject has the right to request the completion of incomplete personal data, also by means of a supplementary statement, taking into account the purposes of the processing.
If a data subject wishes to exercise this right to information, he or she can contact us at any time using the contact option provided at the beginning of this data protection notice.
Every data subject has the right to information about the personal data concerning him or her. The right to information extends to all data processed by us. The right can be exercised easily and at regular intervals so that all data subjects are always aware of the processing of their personal data and can check its legality (see Recital 63 GDPR). The right to information includes in particular the following information:
If a data subject wishes to exercise this right to information, he or she can contact us at any time using the contact option provided at the beginning of this data protection notice.
Any data subject has the right to request the controller to restrict processing if one of the following conditions applies:
If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by the controller, he or she may contact us at any time using the contact option provided at the beginning of this data protection notice. The controller will arrange for the processing to be restricted.
Social Media
Use of LinkedIn plugins
a. Type and purpose of processing
Our website uses social plugins from LinkedIn You can recognize the plugins by the fact that they are marked with the corresponding logo.
These plugins may transmit information, which may include personal data, to LinkedInand may be used by them. We prevent the unconscious and unwanted collection and transmission of data to LinkedIn through a so-called Consent management solutionOnly with your consent will the collection of information and its transmission to LinkedIn We do not collect any personal data ourselves via the social plugins or through their use.
b. Legal basis for processing
The processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in the functionality of our website.
c. Data categories
For information on which specific data is collected and how it is used, please refer to the privacy policy of LinkedIn:
LinkedIn: https://www.linkedin.com/legal/privacy-policy
d. Recipient
e. Storage periods
The data we collect directly via the social media plugins is deleted from our systems as soon as the purpose for storing it no longer applies, you request deletion, revoke your consent to storage or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected.
The storage period of your data, which is LinkedIn We have no influence over whether your data is stored for our own purposes. For further details please contact LinkedIn (e.g. in their privacy policy, see above).
f. Legal / contractual requirement
The provision of your personal data is voluntary. Without the provision of your personal data, we cannot grant you access to the content and services we offer.
g. Third country transfer
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
h. Revocation of consent
You can revoke your consent to the storage of your personal data at any time with effect for the future. You can inform us of your revocation at any time using the contact option provided at the beginning of this privacy policy.
i. Automated decision-making and profiling
As a responsible company, we do not use automated decision-making or profiling in this data processing.
4. Analysis tools and advertising
Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of stay, operating systems used and origin of the user. This data may be summarized by Google in a profile that is assigned to the respective user or their device.
Furthermore, we can use Google Analytics to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modeling approaches to supplement the data sets collected and uses machine learning technologies in data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
This analysis tool is used on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR; the consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
IP anonymization
We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Browser plug-in
You can prevent Google from collecting and processing your data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
For more information on how Google Analytics handles user data, please see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Order processing
We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographic characteristics in Google Analytics
This website uses the "demographic characteristics" function of Google Analytics to be able to show website visitors suitable advertisements within the Google advertising network. This enables reports to be created that contain information about the age, gender and interests of the site visitors. This data comes from interest-based advertising from Google as well as from visitor data from third parties. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the "Objection to data collection" section.
Google Analytics eCommerce tracking
This website uses the "E-Commerce Tracking" function of Google Analytics. With the help of E-Commerce Tracking, the website operator can analyze the purchasing behavior of website visitors in order to improve their online marketing campaigns. Information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data can be summarized by Google under a transaction ID that is assigned to the respective user or their device.
Storage period
Data stored by Google at user and event level that is linked to cookies, user IDs (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized or deleted after 2 months. You can find details at the following link: https://support.google.com/analytics/answer/7667196?hl=de
WordPress Statistics
This website uses “WordPress Statistics” to statistically evaluate visitor access. The provider is Automattic Inc., 60 29th Street #343, San Francisco, CA 94110-4929, USA.
WordPress Statistics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). WordPress Statistics records log files (referrer, IP address, browser, etc.), the origin of website visitors (country, city) and the actions they have performed on the site (e.g. clicks, views, downloads) for analysis. The information collected in this way about the use of this website is stored on servers in the USA. Your IP address is anonymized after processing and before storage.
This analysis tool is used on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR; the consent can be revoked at any time.
Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms into Google (keyword targeting). In addition, targeted advertisements can be displayed based on the user data available to Google (e.g. location data and interests) (target group targeting). We as website operators can evaluate this data quantitatively, for example by analyzing which search terms led to the display of our advertisements and how many ads led to corresponding clicks.
The use of Google Ads is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in marketing its services and products as effectively as possible.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
Google AdSense (not personalized)
This website uses Google AdSense, a service for integrating advertisements. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
We use Google AdSense in "non-personalized" mode. In contrast to personalized mode, the advertisements are not based on your previous user behavior and no user profile is created of you. Instead, so-called "context information" is used when selecting the advertisement. The selected advertisements are then based on, for example, your location, the content of the website you are on or your current search terms. You can find out more about the differences between personalized and non-personalized targeting with Google AdSense at: https://support.google.com/adsense/answer/9007336.
Please note that even when using Google Adsense in non-personalized mode, cookies or similar recognition technologies (e.g. device fingerprinting) may be used. According to Google, these are used to combat fraud and abuse.
AdSense is used on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in marketing its website as effectively as possible. If consent has been requested, processing will be carried out exclusively on the basis of Art. 6 (1) (a) GDPR; consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
You can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in: https://adssettings.google.com/authenticated.
You can find more information about Google’s advertising technologies here: https://policies.google.com/technologies/ads and https://www.google.de/intl/de/policies/privacy/.
LinkedIn Insights Tag
This website uses the LinkedIn Insight Tag. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Data processing by LinkedIn Insight Tag
With the help of the LinkedIn Insight Tag, we receive information about the visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyze the key professional data (e.g. career level, company size, country, location, industry and job title) of our website visitors and thus better tailor our site to the respective target groups. Furthermore, with the help of LinkedIn Insight Tags, we can measure whether visitors to our websites make a purchase or take another action (conversion measurement). Conversion measurement can also take place across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting function with which we can show visitors to our website targeted advertising outside of the website, although according to LinkedIn, the advertising recipient is not identified.
LinkedIn itself also records so-called log files (URL, referrer URL, IP address, device and browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days.
We as website operators cannot assign the data collected by LinkedIn to specific individuals. LinkedIn will store the personal data collected from website visitors on its servers in the USA and use it for its own advertising purposes. For details, see LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.
Legal basis
The use of LinkedIn Insight is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in effective advertising measures, including social media. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR; the consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
Objection to the use of LinkedIn Insight Tag
You can object to the analysis of user behavior and targeted advertising by LinkedIn using the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To avoid a link between data collected on our website by LinkedIn and your LinkedIn account, you must log out of your LinkedIn account before visiting our website.
Order processing
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law that guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
5. Newsletter
Newsletter data
If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. No other data is collected or is only collected on a voluntary basis. We use this data exclusively to send the requested information and do not pass it on to third parties.
The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the email address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
The data you provide to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or if the purpose no longer applies. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR.
After you unsubscribe from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interests.
6. Plugins and tools
Google Web Fonts (local hosting)This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. There is no connection to Google servers.
For more information about Google Web Fonts, see https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Calendly
On our website you have the opportunity to make appointments with us. We use the “Calendly” tool to book appointments. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter “Calendly”).
To book an appointment, enter the requested data and the desired date in the form provided. The data entered is used for planning, carrying out and, if necessary, for follow-up to the appointment. The appointment data is stored for us on the Calendly servers, whose privacy policy you can view here: https://calendly.com/de/pages/privacy.
The data you enter will remain with us until you request deletion, revoke your consent to storage or the purpose for storing the data no longer applies. Mandatory legal provisions - in particular retention periods - remain unaffected.
The legal basis for data processing is Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in making appointments with interested parties and customers as uncomplicated as possible. If consent has been requested, Art. 6 (1) (a) GDPR is the legal basis for data processing; consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://calendly.com/pages/dpa.
Order processing
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law that guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Hubspot CRM
We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter Hubspot CRM).
Hubspot CRM enables us, among other things, to manage existing and potential customers as well as customer contacts. With the help of Hubspot CRM, we are able to record, sort and analyze customer interactions via email, social media or telephone across different channels. The personal data collected in this way can be evaluated and used for communication with the potential customer or for marketing measures (e.g. newsletter mailings). With Hubspot CRM, we are also able to record and analyze the user behavior of our contacts on our website.
The use of Hubspot CRM is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the most efficient customer management and customer communication possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR; the consent can be revoked at any time.
For details, please see Hubspot’s privacy policy: https://legal.hubspot.com/de/privacy-policy.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.hubspot.de/data-privacy/privacy-shield.
OneDrive
We have integrated OneDrive. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter "OneDrive").
OneDrive enables us to integrate an upload area. The use of OneDrive is based on Art. 6 Para. 1 lit. f GDPR.
7. eCommerce and payment providers
Processing of data (customer and contract data)
We only collect, process and use personal data to the extent that it is necessary for the establishment, content design or modification of the legal relationship (master data). This is done on the basis of Art. 6 Paragraph 1 Letter b of GDPR, which permits the processing of data to fulfill a contract or pre-contractual measures. We only collect, process and use personal data about the use of this website (usage data) to the extent that this is necessary to enable the user to use the service or to bill them.
The customer data collected will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.
Data transfer when concluding a contract for services and digital content
We only transmit personal data to third parties if this is necessary for the performance of the contract, for example to the credit institution responsible for processing payments.
The data will not be transferred to any other party or will only be transferred if you have expressly consented to the transfer. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
The basis for data processing is Art. 6 (1) (b) GDPR, which permits the processing of data to fulfill a contract or for pre-contractual measures.
Payment services
We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, bank details, credit card number) will be processed by the payment service provider for the purpose of payment processing. The respective contract and data protection provisions of the respective providers apply to these transactions. The payment service providers are used on the basis of Art. 6 Para. 1 lit. b GDPR (contract processing) and in the interest of a payment process that is as smooth, convenient and secure as possible (Art. 6 Para. 1 lit. f GDPR). If your consent is requested for certain actions, Art. 6 Para. 1 lit. a GDPR is the legal basis for data processing; consent can be revoked at any time for the future.
We use the following payment services / payment service providers on this website:
Stripe
The provider for customers within the EU is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter “Stripe”).
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://stripe.com/de/privacy and https://stripe.com/de/guides/general-data-protection-regulation.
You can find details about this in Stripe’s privacy policy at the following link: https://stripe.com/de/privacy.
Klarna
The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). Klarna offers various payment options (e.g. installment purchase). If you choose to pay with Klarna (Klarna checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimize the use of the Klarna checkout solution. Details on the use of Klarna cookies can be found at the following link: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.
You can find details about this in Klarna’s privacy policy at the following link: https://www.klarna.com/de/datenschutz/.
Instant bank transfer
The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter "Sofort GmbH"). Using the "Sofortüberweisung" process, we receive a payment confirmation from Sofort GmbH in real time and can begin to meet our obligations immediately. If you have chosen the "Sofortüberweisung" payment method, you send the PIN and a valid TAN to Sofort GmbH, which it can use to log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and carries out the transfer to us using the TAN you have sent. It then immediately sends us a transaction confirmation. After logging in, your transactions, the credit limit of the overdraft facility and the existence of other accounts and their balances are also automatically checked. In addition to the PIN and TAN, the payment data you have entered and your personal data are also sent to Sofort GmbH. The personal data includes your first and last name, address, telephone number(s), email address, IP address and, if applicable, other data required for payment processing. The transmission of this data is necessary in order to establish your identity beyond doubt and to prevent attempted fraud. Details on payment with Sofortüberweisung can be found at the following links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.
8. Audio and video conferences
Data processing
We use online conference tools, among others, to communicate with our customers. The tools we use in detail are listed below. If you communicate with us via video or audio conference over the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.
The conference tools record all data that you provide/use to use the tools (email address and/or your telephone number). The conference tools also process the duration of the conference, the start and end (time) of participation in the conference, the number of participants and other “context information” related to the communication process (metadata).
Furthermore, the provider of the tool processes all technical data that is necessary to handle online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.
If content is exchanged, uploaded or otherwise made available within the tool, this is also stored on the servers of the tool providers. Such content includes in particular cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the service.
Please note that we do not have full influence on the data processing procedures of the tools used. Our options are largely based on the company policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, which we have listed below this text.
Purpose and legal basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 Para. 1 lit. b GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). If consent has been requested, the use of the tools in question is based on this consent; the consent can be revoked at any time with effect for the future.
Storage period
The data we collect directly via the video and conference tools will be deleted from our systems as soon as you request deletion, revoke your consent to storage or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.
Conference tools used
We use the following conference tools:
TeamViewer
We use TeamViewer. The provider is TeamViewer Germany GmbH, Jahnstr. 30, 73037 Göppingen. Details on data processing can be found in TeamViewer's privacy policy: https://www.teamviewer.com/de/datenschutzerklaerung/.
Order processing
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law that guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Microsoft Teams
We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Details on data processing can be found in the Microsoft Teams privacy policy: https://privacy.microsoft.com/de-de/privacystatement.
Order processing
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law that guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.