Data Privacy Declaration

Controller

The body named in the legal notice is responsible for the data processing described below.

Usage data

When you visit our website, so-called usage data is temporarily analysed on our web server for statistical purposes in order to improve the quality of our website. This set of data consists of:

• the name and address of the requested content,
• the data and time of the query,
• the transmitted data volume,
• the access status (content transmitted, content not found),
• description of the used web browser and operating system,
• the referral link, which indicates which page you reached us from,
• the IP address of the requesting computer, which is shortened so that a personal reference can no longer be established.

The legal basis for processing usage data is Art. 6(1)(1)(f) GDPR. The processing is carried out in the legitimate interest of providing the content of the website and ensuring a device- and browser-optimised display.

Data security

We take technical and organisational measures to protect your data from unwanted access as comprehensively as possible. We use an encryption process on our websites. Your data is transmitted from your computer to our server and vice versa via the Internet using TLS encryption. You can usually tell when this is happening because the lock icon in your browser’s status bar is closed and the address bar starts with https://.

Essential cookies

We use cookies on our websites that are necessary for the use of our websites.

Cookies are small text files, which are saved and can be read on your end device. A distinction is made between session cookies, which are deleted when you close your browser, and persistent cookies, which are stored beyond the individual session.

We do not use these essential cookies for analysis, tracking or advertising purposes.

Some of these cookies only contain information on certain settings and are not personally identifiable. They may also be necessary to enable user guidance, security and implementation of the site.

We use these cookies on the basis of our legitimate interest in accordance with Art. 6(1)(1)(f) GDPR.

You can set your browser so that it informs you about the placement of cookies.  You can also delete them at any time via the corresponding browser setting and prevent the setting of new cookies. Please note that our web pages may then not be displayed in full and some functions may no longer be technically available.

Information on the individual cookies and their purposes can be found in the cookie policy.

Contact form

You have the option of getting in touch with us via our contact form. To use our contact form, we first need the data marked as mandatory fields.

We use this data on the basis of Art. 6(1)(1)(f) GDPR to respond to your enquiry.

In addition, you can decide for yourself whether you would like to provide us with further information. This information is provided voluntarily and is not mandatory for establishing contact. We process your voluntary information on the basis of your consent.

Your data will only be processed to respond to your enquiry. We delete your data if it is no longer required and there are no legal obligations to retain it. This is usually the case immediately after your enquiry has been processed.

If your data transmitted via the contact form is processed on the basis of Art. 6 (1)(1)(f) GDPR, you can object to the processing at any time. Furthermore, you can withdraw your consent to the processing of voluntary information. Please write to the e-mail address provided in the legal notice.

Social plugins

We enable the use of social plugins. For data protection reasons, however, we only integrate the social plugins we use in deactivated form. Therefore, when you visit our website, no data is transmitted to social media services.

However, you have the option to activate and use the social plugins integrated into our websites. To do this, we use a solution which means that, in a first step, all the data and functions required to display the social plugin are provided by our web server. Only when you choose to activate the social plugin and click on the corresponding thumbnail or icon will your browser connect to the servers of the social media service in a second step.

When you activate a plugin, the social media service receives in particular your IP address and, among other things, information about your visit to our websites (usage data). This takes place regardless of whether you have an account with the respective social media service. If you are logged in, the data can be assigned directly to your social media profile.

Overall, we have no influence on whether and to what extent the respective social media service processes personal data after activation. However, it is likely that the social media service will create user profiles from your data and use them for the purpose of personalised advertising. Your data will also be used to inform other users of the social media service about your activities on our websites.

Embedding takes place on the basis of your consent, provided that you have given your consent by clicking on the thumbnail. If the data is processed in this context outside the EU or the EEA (in particular in the USA), we provide information on the level of data protection in the table below.

If you no longer wish your personal data to be processed by the activated social plugins, you can prevent future processing by no longer clicking on the preview image or symbol of the respective social plugin.

Captcha

We use a so-called Captcha to protect our web forms from automated requests. As part of the Captcha function, you may be asked to solve tasks or click checkboxes. The user input provided in this context and, if applicable, the mouse movements are used to estimate whether the input comes from a human or an automated program.

The data processing is carried out on the basis of Art. 6 (1) 1 lit. f GDPR in the legitimate interest of protecting us from spam and misuse and to ensure the security of our systems.

If you do not want this data processing to take place, please do not use our web forms.

In providing and evaluating the Captcha, we are supported by a processor who is bound by instructions. A data processing agreement has been concluded.

Embedding takes place on the basis of Art. 6(1)(1)(f) GDPR and in the interest of protection against spam and misuse.

If the data is processed in this context outside the EU or the EEA (in particular in the USA), we provide information on the level of data protection in the table below.

Integration of other technical third-party content and functions

We use the technical functions and content of third-party providers listed below to display our websites.

When you access our pages, content is loaded from third parties who provide these features and content. As a result, the third-party provider receives the information that you have accessed our website and the usage data technically required in this context.

We have no influence on further processing by the third-party provider.

Data processing takes place on the basis of your consent, provided that you have previously given your consent via our banner solution.

Please note that the use of third-party content and functions may result in your data being processed outside the EU or the EEA (in particular in the USA). For transmissions to the USA, an adequate level of data protection is guaranteed under the adequacy decision (EU-U.S. Data Privacy Framework).

Storage period

Unless we have already informed you in detail about the storage period, we delete personal data when it is no longer required for the aforementioned processing purposes and no legitimate interests or other (legal) reasons for storage prevent deletion.

Other order processors

We pass on your data to service providers who support us in the operation of our websites and the associated processes as part of order processing in accordance with Art. 28 GDPR. Some examples are hosting service providers. Our service providers are strictly bound by our instructions and have corresponding contractual obligations.

If we have not already done so in the data privacy declaration above, we will identify the processors with whom we work below. If data can be processed outside the EU or the EEA in this context, we will inform you about this in the following table.

Your rights as the data subject

When processing your personal data, the GDPR grants you certain rights as a data subject:

Right to information (Art. 15 GDPR)

You have the right to obtain confirmation as to whether or not personal data concerning you are being processed; if so, you have the right to be informed about such personal data and to have access to the information specified in Art. 15 GDPR.

Right to rectification (Art. 16 GDPR)

You have the right to request the immediate correction of inaccurate personal data concerning you and, if necessary, the completion of incomplete data.

Right to erasure (Art. 17 GDPR)

You have the right to request the immediate deletion of your personal data if one of the reasons listed in Art. 17 GDPR applies.

Right to restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to the processing, for the duration of the investigation by the controller.

Right to data portability (Art. 20 GDPR)

In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of this data to a third-party.

Right to revoke (Art. 7 GDPR)

If the data processing is based on your consent, you have the right to withdraw your consent to the use of your personal data at any time in accordance with Art. 7 (3) GDPR. Please note that the revocation is only effective with respect to the future. It does not affect the processing of data that takes place before the revocation.

Right to object (Art. 21 GDPR)

If data is collected on the basis of Art. 6 (1)(1)(f) GDPR (data processing for the protection of legitimate interests) or on the basis of Art. 6 (1)(1)(e) GDPR (data processing to protect the public interest or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of data concerning you violates data protection regulations. The right to lodge a complaint may be exercised, in particular, with a supervisory authority in the Member State where you have your habitual residence, your place of work or the place where the alleged infringement took place.

Asserting your rights

Unless otherwise described above, please contact the body named in the legal notice to assert your rights as a data subject.