Privacy policy

Intro­duc­tion

With the following data protec­tion decla­ra­tion, we would like to inform you which types of your personal data (here­inafter also referred to as “data”) we process, for which purposes and to what extent. The data protec­tion decla­ra­tion applies to all processing of personal data carried out by us, both in the context of providing our services and, in partic­ular, on our websites, in mobile appli­ca­tions and within external online pres­ences, such as our social media profiles (here­inafter also referred to collec­tively as “online offer”).

The terms used are not gender-specific.

Status: 23 July 2020

Table of contents

 

  • Intro­duc­tion
  • Respon­sible
  • Overview of processing
  • Rele­vant legal bases
  • Secu­rity measures
  • Trans­mis­sion and disclo­sure of personal data
  • Data processing in third coun­tries
  • Use of cookies
  • Commer­cial and busi­ness services
  • Use of online market­places for e‑commerce
  • Payment service provider
  • Provi­sion of the online offer and web hosting
  • Special notes on appli­ca­tions (apps)
  • Purchase of appli­ca­tions via Appstores
  • Regis­tra­tion, login and user account
  • Single sign-on regis­tra­tion
  • Blogs and publi­ca­tion media
  • Contact
  • Commu­ni­ca­tion via Messenger
  • Chat­bots and chat func­tions
  • Push News
  • Video confer­ences, online meet­ings, webi­nars and screen sharing
  • Music and podcasts
  • Appli­ca­tion proce­dure
  • Cloud services
  • Newsletter and elec­tronic noti­fi­ca­tions
  • Adver­tising commu­ni­ca­tion via e‑mail, post, fax or tele­phone
  • Raffles and compe­ti­tions
  • Surveys and ques­tion­naires
  • Web analysis, moni­toring and opti­mi­sa­tion
  • online marketing
  • Affil­iate programmes and affil­iate links
  • Offer of an affil­iate programme
  • Eval­u­a­tion plat­forms
  • Pres­ence in social networks (social media)
  • Plugins and embedded func­tions and content
  • Plan­ning, organ­i­sa­tion and support tools
  • Dele­tion of data
  • Amend­ment and update of the privacy policy
  • Rights of data subjects
  • Defi­n­i­tions of terms

Respon­sible

Academy for Personal Devel­op­ment & Entre­pre­neur­ship Dr.
Akuma Saningong Jeven­st­edter
 Straße 53 22547
 Hamburg

E‑mail address: info@drsaningong.com

Overview of processing

The following table summarises the types of data processed and the purposes of their processing, and refers to the data subjects.

Types of data processed

  • inven­tory data (e.g. names, addresses).
  • Appli­cant data (e.g. personal details, postal and contact addresses, the docu­ments pertaining to the appli­ca­tion and the infor­ma­tion contained therein, such as cover letter, curriculum vitae, certifi­cates and other infor­ma­tion about the applicant’s person or qual­i­fi­ca­tion provided volun­tarily by the appli­cant with regard to a specific posi­tion or on a volun­tary basis)
  • Content data (e.g. text entries, photographs, videos).
  • Contact details (e.g. e‑mail, tele­phone numbers).
  • Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Usage data (e.g. websites visited, interest in content, access times).
  • Loca­tion data (data indi­cating the loca­tion of an end user’s terminal equip­ment).
  • Contract data (e.g. subject matter of the contract, dura­tion, customer cate­gory).
  • Payment data (e.g. bank details, invoices, payment history).

Special cate­gories of data

  • data revealing racial and ethnic origin.

Cate­gories of data subjects

  • Employees (e.g. employees, appli­cants, former employees).
  • appli­cants.
  • Busi­ness and contrac­tual part­ners.
  • inter­ested parties.
  • commu­ni­ca­tion partner.
  • customers.
  • Users (e.g. website visi­tors, users of online services).
  • patients.
  • Compe­ti­tion and contest partic­i­pants.

Purposes of the processing

  • Affil­iate tracking.
  • Regis­tra­tion proce­dure.
  • Provi­sion of our online offer and user-friend­li­ness.
  • Visit action eval­u­a­tion.
  • Appli­ca­tion proce­dure (justi­fi­ca­tion and possible later imple­men­ta­tion and possible later termi­na­tion of employ­ment.)
  • Office and organ­i­sa­tional proce­dures.
  • Click tracking.
  • Content Delivery Network (CDN).
  • Cross-device tracking (cross-device processing of user data for marketing purposes).
  • Direct marketing (e.g. by e‑mail or post).
  • Organ­i­sa­tion of compe­ti­tions and contests.
  • Target group forma­tion.
  • Interest-based and behav­iour-based marketing.
  • Contact requests and commu­ni­ca­tion.
  • Conver­sion measure­ment (measuring the effec­tive­ness of marketing measures).
  • Profiling (creation of user profiles).
  • remar­keting.
  • Range measure­ment (e.g. access statis­tics, recog­ni­tion of returning visi­tors).
  • secu­rity measures.
  • Tracking (e.g. interest/behavioural profiling, use of cookies).
  • Server moni­toring and error detec­tion.
  • Surveys and ques­tion­naires (e.g. surveys with input options, multiple choice ques­tions).
  • Contrac­tual perfor­mance and service.
  • Manage­ment and response to requests.
  • Target group forma­tion (deter­mi­na­tion of target groups rele­vant for marketing purposes or other output of content).

Rele­vant legal bases

In the following, we provide the legal basis for the Basic Data Protec­tion Regu­la­tion (DSGVO), on the basis of which we process personal data. Please note that in addi­tion to the regu­la­tions of the DSGVO, national data protec­tion regu­la­tions may apply in your or our country of resi­dence and domi­cile. Should more specific legal provi­sions apply in indi­vidual cases, we will inform you of these in the data protec­tion decla­ra­tion.

 

  • Consent (Art. 6 para. 1 sentence 1 letter a FADP) - The data subject has given his or her consent to the processing of personal data relating to him or her for one or more specific purposes.
  • Fulfil­ment of a contract and pre-contrac­tual enquiries (Art. 6 para. 1 sentence 1 lit. b. FADP) - Processing is neces­sary for the perfor­mance of a contract to which the data subject is party or for carrying out pre-contrac­tual measures taken at the request of the data subject.
  • Legal oblig­a­tion (Art. 6 para. 1 sentence 1 lit. c. DSGVO) - The processing is neces­sary to fulfil a legal oblig­a­tion to which the controller is subject.
  • Protec­tion of vital inter­ests (Art. 6 para. 1 sentence 1 lit. d. DPA) - Processing is neces­sary in order to protect the vital inter­ests of the data subject or of another natural person.
  • Legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 letter f. DSGVO) - The processing is neces­sary to safe­guard the legit­i­mate inter­ests of the controller or of a third party, unless the inter­ests or funda­mental rights and free­doms of the data subject which require the protec­tion of personal data outweigh these.
  • Art. 9 para. 1 sentence 1 letter b DSGVO (appli­ca­tion proce­dure as a pre-contrac­tual or contrac­tual rela­tion­ship) (Insofar as special cate­gories of personal data within the meaning of Art. 9 para. 1 DSGVO (e.g. health data, such as severely hand­i­capped status or ethnic origin) are requested from appli­cants during the appli­ca­tion proce­dure in order to enable the respon­sible person or the data subject to exer­cise the rights arising to him or her from labour law and social secu­rity and social protec­tion law and to fulfil his or her oblig­a­tions in this respect, they are processed in accor­dance with Art. 9 Para­graph 2 letter b. DSGVO, in the case of protec­tion of vital inter­ests of appli­cants or other persons pursuant to Art. 9 para. 2 lit. c. DSGVO or for purposes of health care or occu­pa­tional medi­cine, for the assess­ment of the employee’s ability to work, for medical diag­nosis, care or treat­ment in the health or social sector or for the manage­ment of systems and services in the health or social sector pursuant to Art. 9 para. 2 lit. h. DSGVO. In the case of a commu­ni­ca­tion of special cate­gories of data based on volun­tary consent, their processing is carried out on the basis of Art. 9 para. 2 lit. a. DSGVO) - .
  • Fulfil­ment of contract and pre-contrac­tual enquiries (EKD) (Article 6 No. 5 DSG-EKD) - Processing is neces­sary for the perfor­mance of a contract to which the data subject is a party or for carrying out pre-contrac­tual measures taken at the request of the data subject.

National data protec­tion regu­la­tions in Germany: In addi­tion to the data protec­tion regu­la­tions of the basic data protec­tion regu­la­tion, national regu­la­tions on data protec­tion apply in Germany. These include in partic­ular the law on protec­tion against misuse of personal data in data processing (Federal Data Protec­tion Act — BDSG). In partic­ular, the BDSG contains special regu­la­tions on the right to infor­ma­tion, the right to dele­tion, the right of objec­tion, the processing of special cate­gories of personal data, processing for other purposes and trans­mis­sion as well as auto­mated deci­sion making in indi­vidual cases including profiling. Further­more, it regu­lates data processing for the purposes of the employ­ment rela­tion­ship (Section 26 BDSG), in partic­ular with regard to the estab­lish­ment, imple­men­ta­tion or termi­na­tion of employ­ment rela­tion­ships and the consent of employees. Further­more, state data protec­tion laws of the indi­vidual federal states may apply.

 

Secu­rity measures

We take appro­priate tech­nical and organ­i­sa­tional measures in accor­dance with the legal require­ments, taking into account the state of the art, the imple­men­ta­tion costs and the nature, scope, circum­stances and purposes of the processing, as well as the different prob­a­bil­i­ties of occur­rence and the extent of the threat to the rights and free­doms of natural persons, in order to ensure a level of protec­tion commen­su­rate with the risk.

These measures include in partic­ular ensuring the confi­den­tiality, integrity and avail­ability of data by control­ling phys­ical and elec­tronic access to the data as well as access, input, disclo­sure, safe­guarding of avail­ability and sepa­ra­tion of data. Proce­dures have also been put in place to ensure that data subjects’ rights are respected, that data are deleted and that responses to data breaches are made. Further­more, we take the protec­tion of personal data into account as early as the devel­op­ment or selec­tion of hard­ware, soft­ware and proce­dures in accor­dance with the prin­ciple of data protec­tion, by designing tech­nology and by using data protec­tion-friendly default settings.

Trans­mis­sion and disclo­sure of personal data

In the course of our processing of personal data, it may happen that the data is trans­ferred to or disclosed to other bodies, compa­nies, legally inde­pen­dent organ­i­sa­tional units or persons. The recip­i­ents of this data may include, for example, payment insti­tu­tions in the context of payment trans­ac­tions, service providers commis­sioned with IT tasks or providers of services and content that are inte­grated into a website. In such cases we observe the legal require­ments and in partic­ular conclude appro­priate contracts or agree­ments with the recip­i­ents of your data which serve to protect your data.

Data processing in third coun­tries

If we process data in a third country (i.e. outside the Euro­pean Union (EU), the Euro­pean Economic Area (EEA)) or if the processing takes place in the context of the use of services of third parties or the disclo­sure or transfer of data to other persons, bodies or compa­nies, this will only take place in accor­dance with the legal require­ments.

Subject to express consent or trans­mis­sion required by contract or by law, we only process or allow the data to be processed in third coun­tries with a recog­nised level of data protec­tion, a contrac­tual oblig­a­tion through so-called stan­dard protec­tion clauses of the EU Commis­sion, in the case of certi­fi­ca­tions or binding internal data protec­tion regu­la­tions (Art. 44 to 49 DSGVO, infor­ma­tion page of the EU Commis­sion: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

Use of cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. A cookie is primarily used to store infor­ma­tion about a user during or after his visit within an online offer. The stored infor­ma­tion can include, for example, the language settings on a website, the login status, a shop­ping basket or the place where a video was viewed. The term “cookies” also includes other tech­nolo­gies that perform the same func­tions as cookies (e.g. when user infor­ma­tion is stored using pseu­do­ny­mous online iden­ti­fiers, also known as “user IDs”).

The following cookie types and func­tions are distin­guished:

  • Tempo­rary cookies (also: session or session cookies): Tempo­rary cookies are deleted at the latest after a user has left an online offer and closed his browser.
  • Perma­nent cookies: Perma­nent cookies remain stored even after closing the browser. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Like­wise, the inter­ests of users used for reach measure­ment or marketing purposes can be stored in such a cookie.
  • First-party cookies: First-party cookies are set by ourselves.
  • Third-party cookies (also: third-party cookies): third-party cookies are mainly used by adver­tisers (so-called third parties) to process user infor­ma­tion.
  • Neces­sary (also: essen­tial or absolutely neces­sary) cookies: Cookies can be absolutely neces­sary for the oper­a­tion of a website (e.g. to save logins or other user entries or for secu­rity reasons).
  • Statis­tical, marketing and person­al­i­sa­tion cookies: Further­more, cookies are gener­ally also used in the context of range measure­ment as well as when the inter­ests of a user or his behav­iour (e.g. viewing certain content, using func­tions etc.) are stored in a user profile on indi­vidual websites. Such profiles are used to show users e.g. content that corre­sponds to their poten­tial inter­ests. This proce­dure is also known as “tracking”, i.e. following the poten­tial inter­ests of users. . If we use cookies or “tracking” tech­nolo­gies, we will inform you sepa­rately in our privacy policy or when you give your consent.

Infor­ma­tion on legal bases: The legal basis on which we process your personal data using cookies depends on whether we ask you for your consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is the declared consent. Other­wise, the data processed with the aid of cookies will be processed on the basis of our legit­i­mate inter­ests (e.g. in the commer­cial oper­a­tion of our online offer and its improve­ment) or, if the use of cookies is neces­sary to fulfil our contrac­tual oblig­a­tions.

Storage dura­tion: Unless we provide you with explicit infor­ma­tion on the storage dura­tion of perma­nent cookies (e.g. within the frame­work of a so-called cookie opt-in), please assume that the storage dura­tion can be up to two years.

General infor­ma­tion on revo­ca­tion and objec­tion (opt-out): Depending on whether the processing is based on consent or legal permis­sion, you have the possi­bility at any time to revoke any consent given or to object to the processing of your data by cookie tech­nolo­gies (collec­tively referred to as “opt-out”). You can initially declare your objec­tion by means of the settings of your browser, e.g. by deac­ti­vating the use of cookies (although this may also restrict the func­tion­ality of our online service). An objec­tion to the use of cookies for online marketing purposes can also be declared by means of a variety of services, espe­cially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addi­tion, you can receive further notices of objec­tion in the context of the infor­ma­tion on the service providers and cookies used.

Processing of cookie data based on consent: Before we process or have processed data in the context of the use of cookies, we ask users for their consent, which can be revoked at any time. Before consent has not been given, cookies are used if neces­sary, which are absolutely neces­sary for the oper­a­tion of our online service.

  • Processed data types: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Persons concerned: Users (e.g. website visi­tors, users of online services).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

Commer­cial and busi­ness services

We process data of our contrac­tual and busi­ness part­ners, e.g. customers and inter­ested parties (collec­tively referred to as “contrac­tual part­ners”) within the frame­work of contrac­tual and compa­rable legal rela­tion­ships and asso­ci­ated measures and within the frame­work of commu­ni­ca­tion with the contrac­tual part­ners (or pre-contrac­tual), e.g. to answer enquiries.

We process these data to fulfil our contrac­tual oblig­a­tions, to safe­guard our rights and for the purposes of the admin­is­tra­tive tasks asso­ci­ated with these data as well as for busi­ness organ­i­sa­tion. Within the frame­work of the applic­able law, we only pass on the data of the contrac­tual part­ners to third parties to the extent that this is neces­sary for the afore­men­tioned purposes or to fulfil legal oblig­a­tions or with the consent of the persons concerned (e.g. to partic­i­pating telecom­mu­ni­ca­tion, trans­port and other auxil­iary services as well as subcon­trac­tors, banks, tax and legal advi­sors, payment service providers or tax author­i­ties). The contrac­tual part­ners will be informed about other forms of processing, e.g. for marketing purposes, within the scope of this data protec­tion decla­ra­tion.

We inform the contrac­tual part­ners which data are required for the above-mentioned purposes before or within the scope of data collec­tion, e.g. in online forms, by means of special marking (e.g. colours) or symbols (e.g. aster­isks or similar), or person­ally.

We delete the data after the expiry of legal warranty and compa­rable oblig­a­tions, i.e., in prin­ciple after 4 years, unless the data is stored in a customer account, e.g., as long as it must be kept for legal archiving reasons (e.g., for tax purposes usually 10 years). We will delete data that has been disclosed to us by the contrac­tual partner within the scope of an order in accor­dance with the spec­i­fi­ca­tions of the order, gener­ally after the end of the order.

If we use third-party providers or plat­forms to provide our services, the terms and condi­tions and data protec­tion infor­ma­tion of the respec­tive third-party providers or plat­forms apply in the rela­tion­ship between the users and the providers.

customer account: Contracting parties can create an account within our online offer (e.g. customer or user account, in short “customer account”). If the regis­tra­tion of a customer account is required, contrac­tual part­ners are informed of this as well as of the infor­ma­tion required for regis­tra­tion. The customer accounts are not public and cannot be indexed by search engines. Within the scope of the regis­tra­tion and subse­quent logins and use of the customer account, we store the IP addresses of the customers together with the access times in order to be able to prove the regis­tra­tion and prevent possible misuse of the customer account.

If customers have cancelled their customer account, the data relating to the customer account will be deleted, subject to reten­tion of the data for legal reasons. It is the respon­si­bility of the Customers to secure their data when the Customer account is cancelled.

Economic analyses and market research: For economic reasons and in order to be able to iden­tify market trends, wishes of contrac­tual part­ners and users, we analyse the data avail­able to us on busi­ness trans­ac­tions, contracts, enquiries, etc., whereby contrac­tual part­ners, inter­ested parties, customers, visi­tors and users of our online offer may fall into the group of persons concerned.

The analyses are carried out for the purpose of busi­ness manage­ment eval­u­a­tions, marketing and market research (e.g. to deter­mine customer groups with different char­ac­ter­is­tics). In doing so, we can take into account the profiles of regis­tered users, if avail­able, together with their details, e.g. on services used. The analyses serve solely to serve us and are not disclosed exter­nally, unless they are anony­mous analyses with summarised, i.e. anonymised, values. Further­more, we respect the privacy of the users and process the data for the purposes of analysis as pseu­do­ny­mously as possible and, if feasible, anony­mously (e.g. as summarised data).

Shop and e‑commerce: We process the data of our customers in order to enable them to select, purchase or order the selected prod­ucts, goods and related services, as well as their payment and delivery or execu­tion.

The required infor­ma­tion is iden­ti­fied as such within the scope of the order or compa­rable acqui­si­tion process and includes the infor­ma­tion required for delivery, or provi­sion and invoicing as well as contact infor­ma­tion in order to be able to consult with you if neces­sary.

Agency services: We process the data of our customers within the scope of our contrac­tual services, which may include, for example, concep­tual and strategic consulting, campaign plan­ning, soft­ware and design development/consultancy or main­te­nance, imple­men­ta­tion of campaigns and processes, handling, server admin­is­tra­tion, data analysis/consultancy services and training services.

Educa­tion and training services: We process the data of the partic­i­pants of our educa­tion and training offers (uniformly referred to as “training and further training partic­i­pants”) in order to be able to provide our training services to them. The data processed, the type, scope, purpose and neces­sity of their processing are deter­mined by the under­lying contrac­tual and training rela­tion­ship. The forms of processing also include the perfor­mance assess­ment and eval­u­a­tion of our services and those of the instruc­tors.

Within the scope of our activ­i­ties, we may also process special cate­gories of data, in partic­ular data concerning the health of persons under­going training and further training, as well as data revealing ethnic origin, polit­ical opin­ions, reli­gious or ideo­log­ical beliefs. To this end, we obtain the express consent of the trainees, if neces­sary, and other­wise process the special cate­gories of data only if it is neces­sary for the provi­sion of training services, for purposes of health care, social protec­tion or the protec­tion of vital inter­ests of the trainees.

Insofar as it is neces­sary for the fulfil­ment of our contract, for the protec­tion of vital inter­ests or legally required, or if the consent of the person to be trained has been obtained, we disclose or transfer the data of the person to be trained to third parties or agents, such as public author­i­ties or in the field of IT, office or compa­rable services, in compli­ance with the require­ments of profes­sional law.

Coaching: We process the data of our clients as well as inter­ested parties and other clients or contrac­tual part­ners (uniformly referred to as “clients”) in order to be able to provide them with our services. The processed data, the nature, scope, purpose and neces­sity of their processing are deter­mined by the under­lying contrac­tual and client rela­tion­ship.

Within the scope of our activ­i­ties, we may also process special cate­gories of data, in partic­ular data concerning the health of clients, possibly with refer­ence to their sexual life or sexual orien­ta­tion, as well as data revealing racial or ethnic origin, polit­ical opin­ions, reli­gious or philo­soph­ical beliefs or trade union member­ship. To this end, we obtain the express consent of clients where neces­sary and other­wise process the special cate­gories of data provided that this is in the inter­ests of the health of the client, the data is public or other legal permits are avail­able.

Insofar as it is neces­sary for the fulfil­ment of our contract, for the protec­tion of vital inter­ests or legally required, or if the client’s consent has been obtained, we disclose or transfer the client’s data to third parties or agents, such as author­i­ties, accounting offices, as well as in the field of IT, office or compa­rable services, in compli­ance with the profes­sional regu­la­tions.

Consulting: We process the data of our clients, clients as well as inter­ested parties and other clients or contrac­tual part­ners (uniformly referred to as “clients”) in order to provide them with our consulting services. The processed data, the nature, scope, purpose and neces­sity of their processing are deter­mined by the under­lying contrac­tual and client rela­tion­ship.

Insofar as it is neces­sary for our fulfil­ment of the contract, for the protec­tion of vital inter­ests or legally required, or if the consent of the clients has been obtained, we disclose or transfer the clients’ data to third parties or agents, such as author­i­ties, subcon­trac­tors or in the field of IT, office or compa­rable services, in compli­ance with the profes­sional legal require­ments.

Publi­ca­tion activity: We process the data of our contact part­ners, inter­view part­ners and other persons who are the subject of our publishing, edito­rial and jour­nal­istic and related activ­i­ties. In this context, we refer to the validity of protec­tive regu­la­tions of freedom of opinion and freedom of the press according to Art. 85 DSGVO in connec­tion with the respec­tive national laws. The processing serves the fulfil­ment of our commis­sioned activ­i­ties and other­wise takes place in partic­ular on the basis of the public interest in infor­ma­tion and media offers.

Manage­ment consul­tancy: We process the data of our customers, clients as well as inter­ested parties and other clients or contrac­tual part­ners (uniformly referred to as “customers”) in order to be able to provide them with our contrac­tual or pre-contrac­tual services, in partic­ular consul­tancy services. The processed data, the type, scope, purpose and neces­sity of their processing are deter­mined by the under­lying contrac­tual and busi­ness rela­tion­ship.

Insofar as it is neces­sary for our fulfil­ment of the contract or required by law, or if the consent of the customer has been obtained, we disclose or transfer the customer’s data to third parties or agents, such as author­i­ties, courts or in the field of IT, office or compa­rable services, in compli­ance with the require­ments of profes­sional law.

Events and func­tions: We process the data of partic­i­pants in the events, func­tions and similar activ­i­ties offered or organ­ised by us (here­inafter uniformly referred to as “partic­i­pants” and “func­tions”) in order to enable them to partic­i­pate in the func­tions and to make use of the services or activ­i­ties asso­ci­ated with partic­i­pa­tion.

If we process health-related data, reli­gious, polit­ical or other special cate­gories of data in this context, then this is done in the context of publicity (e.g. at themat­i­cally oriented events or serves health care, secu­rity or is done with the consent of the persons concerned).

The required infor­ma­tion is iden­ti­fied as such within the scope of the order, contract or compa­rable contract conclu­sion and includes the infor­ma­tion required for the provi­sion of services and invoicing as well as contact infor­ma­tion in order to be able to make any neces­sary arrange­ments. Insofar as we have access to infor­ma­tion from end customers, employees or other persons, we process this infor­ma­tion in accor­dance with legal and contrac­tual require­ments.

brokerage services: We process the infor­ma­tion provided by the inter­ested parties in the context of the place­ment request for the purpose of estab­lishing, imple­menting and, if applic­able, termi­nating a contract for the place­ment of offers from providers of the prod­ucts or services requested by them.

We use the contact data of inter­ested parties to specify their enquiry by means of the agreed or other­wise permitted commu­ni­ca­tion channel (e.g. tele­phone or e‑mail) and to suggest suit­able suppliers or offers to them on the basis of the spec­i­fied enquiry. In addi­tion, we can ask inter­ested parties at a later date, in accor­dance with legal require­ments, ques­tions about the success of our medi­a­tion service.

We process the data of the inter­ested parties as well as of the providers in order to fulfil our contrac­tual oblig­a­tions, in order to link the enquiry of the inter­ested parties with the offers of the providers that are suit­able for them and to forward them to the corre­sponding providers or to suggest the providers.

We can record the entries in the online form sent by inter­ested parties in order to be able to prove the exis­tence of the contrac­tual rela­tion­ship and the inter­ested parties’ consents in accor­dance with the statu­tory account­ability oblig­a­tions (Art. 5 Para. 2 DSGVO). This infor­ma­tion will be stored for a period of three to four years if we need to prove the orig­inal request (e.g. to prove the autho­ri­sa­tion to contact the inter­ested parties).

Further infor­ma­tion on commer­cial services: We process the data of our clients and prin­ci­pals (here­inafter referred to collec­tively as “clients”) in order to enable them to select, purchase or commis­sion the selected services or works and related activ­i­ties, as well as to pay for and deliver or execute or provide them.

The required infor­ma­tion is iden­ti­fied as such within the scope of the order, contract or compa­rable contract conclu­sion and includes the infor­ma­tion required for the provi­sion of services and invoicing as well as contact infor­ma­tion in order to be able to make any neces­sary arrange­ments.

  • Processed data types: inven­tory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. e‑mail, tele­phone numbers), contract data (e.g. subject matter of the contract, dura­tion, customer cate­gory), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Special cate­gories of personal data: Health data (Art. 9 para. 1 DGSVO), data concerning sexual life or sexual orien­ta­tion (Art. 9 para. 1 DGSVO), reli­gious or philo­soph­ical beliefs (Art. 9 para. 1 DGSVO), data revealing racial or ethnic origin.
  • Persons concerned: Inter­ested parties, busi­ness and contrac­tual part­ners, customers.
  • Purposes of the processing: Contrac­tual services and perfor­mances, contact requests and commu­ni­ca­tion, office and organ­i­sa­tional proce­dures, manage­ment and answering of requests, secu­rity measures, visit eval­u­a­tion, interest based and behav­ioural marketing, profiling (creation of user profiles), conver­sion measure­ment (measure­ment of the effec­tive­ness of marketing actions).
  • Legal bases: Fulfil­ment of contract and pre-contrac­tual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO), Legal oblig­a­tion (Art. 6 para. 1 sentence 1 lit. c. DSGVO), Legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO), Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO).

Use of online market­places for e‑commerce

We offer our services on online plat­forms oper­ated by other service providers. In this context, the data protec­tion notices of the respec­tive plat­forms apply in addi­tion to our data protec­tion notices. This applies in partic­ular with regard to the methods used on the plat­forms for measuring reach and for interest-based marketing.

  • Processed data types: inven­tory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. e‑mail, tele­phone numbers), contract data (e.g. subject matter of the contract, dura­tion, customer cate­gory), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Persons concerned: customers.
  • Purposes of processing: contrac­tual and service.
  • Legal bases: Fulfil­ment of contract and pre-contrac­tual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO), legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

Services used and service providers:

  • Amazon: Online market­place for e‑commerce; service provider: Amazon Europe Core S.à.r.l., Amazon EU S.à.r.l., Amazon Services Europe S.à.r.l. and Amazon Media EU S.à.r.l., all four located at 38, avenue John F. Kennedy, L‑1855 Luxem­bourg, and Amazon Instant Video Germany GmbH, Domagkstr. 28, 80807 Munich (together “Amazon Europe”), parent company: Amazon.com, Inc, 2021 Seventh Ave, Seattle, Wash­ington 98121, USA; Website: https://www.amazon.de/; Privacy Policy: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010.
  • Digistore24: Online market­place for e‑commerce; service provider: Digistore24 GmbH, St.-Godehard-Straße 32, 31139 Hildesheim, Germany; Website: https://www.digistore24.com/; Privacy policy: https://www.digistore24.com/de/home/extern/cms/page/frontend/legal/privacy.
  • elopage: Online market­place for e‑commerce; service provider: elopay GmbH, Skalitzer Straße 138, 10999 Berlin, Germany, Germany; website: https://elopage.com/; privacy policy: https://elopage.com/privacy.

Payment service provider

Within the frame­work of contrac­tual and other legal rela­tion­ships, due to legal oblig­a­tions or other­wise based on our legit­i­mate inter­ests, we offer the persons concerned effi­cient and secure payment options and use other payment service providers in addi­tion to banks and credit insti­tu­tions (collec­tively “payment service providers”).

The data processed by the payment service providers include inven­tory data, such as name and address, bank data, such as account or credit card numbers, pass­words, TANs and check­sums, as well as contract, sum and recip­ient related data. These details are required to carry out the trans­ac­tions. However, the data entered is only processed by the payment service providers and stored by them. This means that we do not receive any account or credit card-related infor­ma­tion, but only infor­ma­tion with confir­ma­tion or nega­tive infor­ma­tion about the payment. Under certain circum­stances, the payment service providers may transfer the data to credit agen­cies. The purpose of this trans­mis­sion is to check iden­tity and cred­it­wor­thi­ness. In this regard, we refer to the general terms and condi­tions and the data protec­tion infor­ma­tion of the payment service providers.

For payment trans­ac­tions, the terms and condi­tions and the data protec­tion infor­ma­tion of the respec­tive payment service providers apply, which can be accessed within the respec­tive websites or trans­ac­tion appli­ca­tions. We also refer to these for the purpose of further infor­ma­tion and the asser­tion of rights of revo­ca­tion, infor­ma­tion and other rights of affected persons.

  • Processed data types: inven­tory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contract data (e.g. subject matter of the contract, dura­tion, customer cate­gory), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Persons concerned: Customers, inter­ested parties.
  • Purposes of processing: contrac­tual bene­fits and services, contact requests and commu­ni­ca­tion, affil­iate tracking.
  • Legal bases: Fulfil­ment of contract and pre-contrac­tual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO), legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

Services used and service providers:

  • Giropay: Payment Services; Service Provider: giropay GmbH, An der Welle 4, 60322 Frank­furt, Germany; Website: https://www.giropay.de; Privacy Policy: https://www.giropay.de/rechtliches/datenschutzerklaerung/.
  • Klarna / Sofortüber­weisung: payment services; service provider: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stock­holm, Sweden; website: https://www.klarna.com/de; privacy policy: https://www.klarna.com/de/datenschutz.
  • Master­card: payment services; service provider: Master­card Europe SA, Chaussée de Tervuren 198A, B‑1410 Waterloo, Belgium; website: https://www.mastercard.de/de-de.html; privacy policy: https://www.mastercard.de/de-de/datenschutz.html.
  • PayPal: payment services and solu­tions (e.g. PayPal, PayPal Plus, Brain­tree); service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boule­vard Royal, L‑2449 Luxem­bourg; website: https://www.paypal.com/de; privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
  • Stripe: payment services; service provider: Stripe, Inc, 510 Townsend Street, San Fran­cisco, CA 94103, USA; website: https://stripe.com/de; privacy policy: https://stripe.com/de/privacy.
  • Visa: payment services; service provider: Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, UK; website: https://www.visa.de; privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

Provi­sion of the online offer and web hosting

In order to be able to provide our online offer securely and effi­ciently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infra­struc­ture and plat­form services, computing capacity, storage space and data­base services as well as secu­rity and tech­nical main­te­nance services.

The data processed within the frame­work of the provi­sion of the hosting offer may include all data relating to the users of our online offer, which are gener­ated within the frame­work of use and commu­ni­ca­tion. This regu­larly includes the IP address, which is neces­sary to be able to deliver the contents of online offers to browsers, and all entries made within our online offer or from websites.

E‑mail dispatch and hosting: The web hosting services we use also include the dispatch, receipt and storage of e‑mails. For these purposes, the addresses of the recip­i­ents and senders as well as other infor­ma­tion concerning the e‑mail dispatch (e.g. the providers involved) and the contents of the respec­tive e‑mails are processed. The above-mentioned data may also be processed for SPAM detec­tion purposes. Please note that e‑mails on the Internet are gener­ally not sent in encrypted form. As a rule, e‑mails are encrypted in transit, but (unless a so-called end-to-end encryp­tion method is used) not on the servers from which they are sent and received. We can there­fore accept no respon­si­bility for the trans­mis­sion path of the e‑mails between the sender and the receipt on our server.

Collec­tion of access data and log files: We ourselves (or our web hosting provider) collect data on every access to the server (so-called server log files). The server log files may include the address and name of the web pages and files called up, the date and time of the call-up, the amount of data trans­ferred, noti­fi­ca­tion of successful call-up, browser type and version, the user’s oper­ating system, referrer URL (the previ­ously visited page) and, as a rule, IP addresses and the requesting provider.

The server log files can be used on the one hand for secu­rity purposes, e.g. to avoid over­loading the servers (espe­cially in the case of abusive attacks, so-called DDoS attacks), and on the other hand to ensure the capacity util­i­sa­tion of the servers and their stability.

Content Delivery Network: We use a “Content Delivery Network” (CDN). A CDN is a service that enables the content of an online offer, espe­cially large media files such as graphics or programme scripts, to be deliv­ered more quickly and securely with the help of region­ally distrib­uted servers connected via the Internet.

  • Processed data types: Content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device infor­ma­tion, IP addresses), inven­tory data (e.g. names, addresses), contact data (e.g. e‑mail, tele­phone numbers).
  • Persons concerned: Users (e.g. website visi­tors, users of online services).
  • Purposes of processing: Content Delivery Network (CDN), contrac­tual services and service, coverage measure­ment (e.g. access statis­tics, recog­ni­tion of returning visi­tors), tracking (e.g. inter­est/be­hav­iour-related profiling, use of cookies), visitor action eval­u­a­tion, server moni­toring and error recog­ni­tion, contact requests and commu­ni­ca­tion, remar­keting, profiling (creation of user profiles), conver­sion measure­ment (measure­ment of the effec­tive­ness of marketing measures).
  • Legal bases: legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO), consent (Art. 6 para. 1 sentence 1 lit. a DSGVO).

Services used and service providers:

  • 1&1 IONOS: Hosting plat­form for e‑commerce / websites; service provider: 1&1 IONOS SE, Elgen­dorfer Str. 57, 56410 Montabaur, Germany; website: https://www.ionos.de; privacy policy: https://www.ionos.de/terms-gtc/terms-privacy.
  • Homepage-Baukasten.de: Hosting plat­form for blogs / websites; service provider: webme GmbH, Virchow­straße 20B, 90409 Nürn­berg, Germany; website: https://www.homepage-baukasten.de/; privacy policy: https://www.homepage-baukasten.de/de/Datenschutzerklaerung.php.
  • Jimdo: hosting plat­form for blogs / websites; service provider: Jimdo GmbH, Stre­se­mannstr. 375, 22761 Hamburg, Germany; Website: https://de.jimdo.com; Privacy Policy: https://de.jimdo.com/info/datenschutzerklaerung.
  • Square­space: Square­space offers soft­ware as a service for the creation and hosting of websites. service provider: Square­space, Inc. 8 Clarkson St, New York, NY 10014, USA; website: https://www.squarespace.com; privacy policy: https://www.squarespace.com/privacy.
  • Webflow: We use webflow services to create static websites, which can also contain online forms. Service provider: Webflow, Inc. 208 Utah, Suite 210, San Fran­cisco, CA 94103, USA; website: https://webflow.com; privacy policy: https://webflow.com/legal/eu-privacy-policy.
  • Webnode: hosting plat­form for e‑commerce / websites; service provider: Webnode AG, Garten­strasse 3, 6304 Zug, Switzer­land; Website: https://de.webnode.com; Privacy policy: https://de.webnode.com/datenschutzerklaerung/.
  • Weebly: hosting plat­form for e‑commerce / websites; service provider: Square, Inc., 1455 Market Street Suite 600 San Fran­cisco, CA 94103, USA; website: https://www.weebly.com/de; privacy policy: https://www.weebly.com/de/privacy/.
  • Wix: hosting plat­form for websites; service provider: Wix.com ltd., Tel Aviv, 500 Terry A. Fran­cois Boule­vard, San Fran­cisco, Cali­fornia 94158, USA; website: https://www.wix.com; privacy policy: https://de.wix.com/about/privacy.

Special notes on appli­ca­tions (apps)

We process the data of the users of our appli­ca­tion to the extent neces­sary to provide the users with the appli­ca­tion and its func­tion­al­i­ties, to monitor its secu­rity and to develop it further. We may also contact users in compli­ance with the legal require­ments if the commu­ni­ca­tion is neces­sary for purposes of admin­is­tra­tion or use of the appli­ca­tion. In addi­tion, with regard to the processing of user data, we refer to the data protec­tion infor­ma­tion in this privacy policy.

Legal basis: The processing of data required for the provi­sion of the func­tion­al­i­ties of the appli­ca­tion serves the fulfil­ment of contrac­tual oblig­a­tions. This also applies if the provi­sion of the func­tions requires user autho­ri­sa­tion (e.g. release of device func­tions). If the processing of data is not neces­sary for the provi­sion of the func­tion­al­i­ties of the appli­ca­tion, but serves the secu­rity of the appli­ca­tion or our busi­ness inter­ests (e.g. collec­tion of data for the purpose of opti­mising the appli­ca­tion or secu­rity purposes), it is carried out on the basis of our legit­i­mate inter­ests. If users are expressly requested to give their consent to the processing of their data, the data covered by the consent will be processed on the basis of the consent.

Device autho­ri­sa­tions for access to func­tions and data: The use of our appli­ca­tion or its func­tion­al­i­ties may require user autho­ri­sa­tions for access to certain func­tions of the devices used or to the data stored on the devices or acces­sible by means of the devices. By default, these autho­ri­sa­tions must be granted by the users and can be revoked at any time in the settings of the respec­tive devices. The exact proce­dure for control­ling app autho­ri­sa­tions may depend on the device and the soft­ware used by the users. Users can contact us if they require further expla­na­tion. We would like to point out that the refusal or revo­ca­tion of the respec­tive autho­ri­sa­tions can affect the func­tion­ality of our appli­ca­tion.

  • Processed data types: inven­tory data (e.g. names, addresses), meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Purposes of processing: contrac­tual and service.
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), Perfor­mance of contract and pre-contrac­tual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO), Legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

Purchase of appli­ca­tions via Appstores

Our appli­ca­tion can be obtained via special online plat­forms oper­ated by other service providers (so-called “appstores”). In this context, the data protec­tion notices of the respec­tive Appstores apply in addi­tion to our data protec­tion notices. This applies in partic­ular with regard to the methods used on the plat­forms for measuring reach and for interest-related marketing as well as possible cost oblig­a­tions.

  • Processed data types: inven­tory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. e‑mail, tele­phone numbers), contract data (e.g. subject matter of the contract, dura­tion, customer cate­gory), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Persons concerned: customers.
  • Purposes of processing: contrac­tual and service.
  • Legal bases: Fulfil­ment of contract and pre-contrac­tual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO), legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

Services used and service providers:

  • Apple App Store: app and soft­ware sales plat­form; service provider: Apple Inc, Infi­nite Loop, Cuper­tino, CA 95014, USA; Web site: https://www.apple.com/de/ios/app-store/; Privacy policy: https://www.apple.com/legal/privacy/de-ww/.
  • Google Play: app and soft­ware sales plat­form; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphithe­atre Parkway, Moun­tain View, CA 94043, USA; website: https://play.google.com/store/apps?hl=de; privacy policy: https://policies.google.com/privacy.
  • Microsoft Store: app and soft­ware sales plat­form; service provider: Microsoft Corpo­ra­tion, One Microsoft Way, Redmond, WA 98052–6399 USA; Web site: https://www.microsoft.com/de-de/store/b/home; privacy state­ment: https://privacy.microsoft.com/de-de/privacystatement, secu­rity notice: https://www.microsoft.com/de-de/trustcenter.

Regis­tra­tion, login and user account

Users can create a user account. Within the scope of regis­tra­tion, users are provided with the required manda­tory data and processed for the purpose of providing the user account on the basis of contrac­tual oblig­a­tion fulfil­ment. The processed data includes in partic­ular the login infor­ma­tion (name, pass­word and an e‑mail address). The data entered during regis­tra­tion is used for the purpose of using the user account and its purpose.

Users can be informed by e‑mail about processes rele­vant to their user account, such as tech­nical changes. If users have cancelled their user account, their data with regard to the user account will be deleted, subject to a legal oblig­a­tion to keep records. It is the respon­si­bility of the users to save their data before the end of the contract if they have termi­nated their user account. We are enti­tled to irre­triev­ably delete all user data stored during the term of the contract.

When using our regis­tra­tion and login func­tions and the user account, we store the IP address and the time of the respec­tive user action. The storage is based on our legit­i­mate inter­ests and those of the users in protec­tion against misuse and other unau­tho­rised use. As a matter of prin­ciple, this data is not passed on to third parties, unless it is neces­sary to pursue our claims or there is a legal oblig­a­tion to do so.

online forum: Partic­i­pa­tion in the Forum requires regis­tra­tion, in which, unless other­wise spec­i­fied in the regis­tra­tion form, you must provide a name or your name, a pass­word and the e‑mail address to which the access data will be sent. For secu­rity reasons, the pass­word should be state-of-the-art, i.e. compli­cated (users are advised of this during regis­tra­tion if neces­sary) and not used else­where. Contri­bu­tions in the forum are visible to the public, unless their visi­bility is restricted to certain members or groups of members. The contri­bu­tions of the authors are stored with their names, if regis­tered or indi­cated, the time and the content of the entry. When regis­tering and writing entries, the IP addresses of users are also stored if the entries contain illegal content and the IP addresses could be used for legal pros­e­cu­tion. The person respon­sible reserves the right to delete regis­tra­tions and entries on the basis of an appro­priate consid­er­a­tion.

Two-Factor Authen­ti­ca­tion: Two-Factor Authen­ti­ca­tion provides an addi­tional layer of secu­rity for your account and ensures that only you can access your account, even if someone else knows your pass­word.

For this purpose, you must perform another authen­ti­ca­tion oper­a­tion in addi­tion to your pass­word (for example, enter a code sent to a mobile device). We will inform you about the proce­dure we use.

  • Processed data types: inven­tory data (e.g. names, addresses), contact data (e.g. e‑mail, tele­phone numbers), content data (e.g. text entries, photographs, videos), meta/communication data (e.g. device infor­ma­tion, IP addresses), usage data (e.g. websites visited, interest in content, access times).
  • Persons concerned: Users (e.g. website visi­tors, users of online services).
  • Purposes of the processing: contrac­tual and other services, secu­rity measures, manage­ment and response to requests.
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), Perfor­mance of contract and pre-contrac­tual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO), Legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

Single sign-on regis­tra­tion

Single sign-on” or “single sign-on regis­tra­tion or authen­ti­ca­tion” are proce­dures that allow users to register with a provider of single sign-on proce­dures (e.g. a social network), including our online service, with the help of a user account. The prereq­ui­site for single sign-on authen­ti­ca­tion is that the users are regis­tered with the respec­tive single sign-on provider and enter the neces­sary access data in the online form provided for this purpose, or are already regis­tered with the single sign-on provider and confirm the single sign-on regis­tra­tion via button.

Authen­ti­ca­tion takes place directly with the respec­tive single sign-on provider. Within the scope of such authen­ti­ca­tion, we receive a user ID with the infor­ma­tion that the user is logged in under this user ID at the respec­tive single sign-on provider and an ID that cannot be used by us for other purposes (so-called “user handle”). Whether addi­tional data is trans­mitted to us depends solely on the Single Sign-On proce­dure used, on the selected data releases within the scope of authen­ti­ca­tion and also on which data users have released in the privacy or other settings of the user account with the Single Sign-On provider. Depending on the Single-Sign-On provider and the choice of the users, different data can be used, usually the e‑mail address and the user name. The pass­word entered with the single sign-on provider within the scope of the single sign-on proce­dure is neither visible to us nor is it stored by us.

Users are asked to note that their details stored with us can be auto­mat­i­cally compared with their user account with the single sign-on provider, but that this is not always possible or actu­ally takes place. If, for example, the users’ e‑mail addresses change, they must change them manu­ally in their user account with us.

We can use the Single Sign-On regis­tra­tion, if agreed with the users, within the frame­work of or prior to the fulfil­ment of the contract, if the users have been asked to do so, we can process the Single Sign-On regis­tra­tion within the frame­work of a consent and other­wise we use it on the basis of the legit­i­mate inter­ests on our part and the inter­ests of the users in an effec­tive and secure regis­tra­tion system.

If users should ever decide that they no longer want to use the link of their user account with the Single Sign-On provider for the Single Sign-On proce­dure, they must cancel this link within their user account with the Single Sign-On provider. If users wish to delete their data from our system, they must cancel their regis­tra­tion with us.

  • Data types processed: inven­tory data (e.g. names, addresses), contact data (e.g. e‑mail, tele­phone numbers).
  • Persons concerned: Users (e.g. website visi­tors, users of online services).
  • Purposes of processing: contrac­tual and other services, regis­tra­tion proce­dures.
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), Perfor­mance of contract and pre-contrac­tual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO), Legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

Blogs and publi­ca­tion media

We use blogs or compa­rable means of online commu­ni­ca­tion and publi­ca­tion (here­inafter “publi­ca­tion medium”). Readers’ data are processed for the purposes of the publi­ca­tion medium only to the extent neces­sary for its presen­ta­tion and commu­ni­ca­tion between authors and readers or for secu­rity reasons. In addi­tion, we refer to the infor­ma­tion on the processing of visi­tors to our publi­ca­tion medium within the frame­work of this data protec­tion notice.

comments and contri­bu­tions: If users leave comments or other contri­bu­tions, their IP addresses may be stored based on our legit­i­mate inter­ests. This is done for our secu­rity in case someone leaves illegal content in comments and contri­bu­tions (insults, prohib­ited polit­ical propa­ganda etc.). In this case we can be pros­e­cuted ourselves for the comment or contri­bu­tion and are there­fore inter­ested in the iden­tity of the author.

Further­more, we reserve the right, based on our legit­i­mate inter­ests, to process user data for the purpose of spam detec­tion.

On the same legal basis, in the case of surveys, we reserve the right to store the IP addresses of users for the dura­tion of the survey and to use cookies to avoid multiple votes.

The personal infor­ma­tion provided in the comments and contri­bu­tions, any contact and website infor­ma­tion as well as the content data will be perma­nently stored by us until the user objects.

Profile pictures of Gravatar: We use the service Gravatar within our online offer and espe­cially in our blog.

Gravatar is a service where users can register and store profile pictures and their email addresses. If users leave contri­bu­tions or comments on other websites (espe­cially blogs) using their e‑mail address, their profile pictures can be displayed along­side the contri­bu­tions or comments. For this purpose, the e‑mail address provided by users is trans­mitted in encrypted form to Gravatar for the purpose of checking whether a profile is stored for it. This is the sole purpose of trans­mit­ting the e‑mail address. It will not be used for other purposes, but will be deleted after­wards.

The use of Gravatar is based on our legit­i­mate inter­ests, as Gravatar enables authors of arti­cles and comments to person­alise their contri­bu­tions with a profile picture.

By displaying the images, Gravatar obtains the IP address of users, as this is neces­sary for commu­ni­ca­tion between a browser and an online service.

If users do not want a user picture linked to their email address at Gravatar to appear in their comments, they should use an email address that is not stored at Gravatar for commenting. We would also like to point out that it is also possible to use an anony­mous e‑mail address or no e‑mail address at all if users do not want their own e‑mail address to be sent to Gravatar. Users can completely prevent the trans­mis­sion of data by not using our comment system.

  • Processed data types: inven­tory data (e.g. names, addresses), contact data (e.g. e‑mail, tele­phone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Persons concerned: Users (e.g. website visi­tors, users of online services).
  • Purposes of processing: contrac­tual services and service, feed­back (e.g. collecting feed­back via online form), secu­rity measures, admin­is­tra­tion and answering of enquiries, provi­sion of our online offer and user-friend­li­ness.
  • Legal bases: Perfor­mance of the contract and pre-contrac­tual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO), legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO), consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), protec­tion of vital inter­ests (Art. 6 para. 1 sentence 1 lit. d. DSGVO).

Services used and service providers:

  • Profile pictures of Gravatar: Profile pictures; Service provider: Automattic Inc, 60 29th Street #343, San Fran­cisco, CA 94110, USA; website: https://automattic.com; privacy policy: https://automattic.com/privacy.

Contact

When contacting us (e.g. by contact form, e‑mail, tele­phone or via social media), the data of the inquiring persons will be processed to the extent neces­sary to answer the contact enquiries and any requested measures.

The answering of contact enquiries within the frame­work of contrac­tual or pre-contrac­tual rela­tions is carried out in order to fulfil our contrac­tual oblig­a­tions or to answer (pre)contractual enquiries and other­wise on the basis of our legit­i­mate interest in answering the enquiries.

  • Processed data types: inven­tory data (e.g. names, addresses), contact data (e.g. e‑mail, tele­phone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Persons concerned: commu­ni­ca­tion part­ners.
  • Purposes of processing: contact requests and commu­ni­ca­tion.
  • Legal bases: Fulfil­ment of contract and pre-contrac­tual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO), legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

Commu­ni­ca­tion via Messenger

We use Messenger for commu­ni­ca­tion purposes and there­fore ask you to observe the following instruc­tions regarding the func­tion­ality of the Messenger, encryp­tion, use of the meta­data of the commu­ni­ca­tion and your right to object.

You can also contact us in alter­na­tive ways, e.g. by tele­phone or e‑mail. Please use the contact details provided to you or the contact details given within our online offer.

In the case of end-to-end encryp­tion of content (i.e. the content of your message and attach­ments), we would like to point out that the commu­ni­ca­tion content (i.e. the content of the message and attached images) is encrypted from end to end. This means that the content of the messages cannot be viewed, not even by the messenger providers them­selves. You should always use a current version of Messenger with encryp­tion enabled to ensure that the message content is encrypted.

However, we would like to point out to our commu­ni­ca­tion part­ners that although the messenger providers cannot view the content, they can find out that and when commu­ni­ca­tion part­ners commu­ni­cate with us, as well as tech­nical infor­ma­tion on the commu­ni­ca­tion partner’s device used and, depending on the settings of their device, also loca­tion infor­ma­tion (so-called meta­data) is processed.

Infor­ma­tion on legal bases: If we ask commu­ni­ca­tion part­ners for permis­sion before commu­ni­cating with them via Messenger, the legal basis for our processing of their data is their consent. Other­wise, if we do not ask for your consent and you contact us, for example, on your own initia­tive, we will use Messenger in rela­tion to our contrac­tual part­ners and in the context of contract prepa­ra­tion as a contrac­tual measure and, in the case of other inter­ested parties and commu­ni­ca­tion part­ners, on the basis of our justi­fied inter­ests in fast and effi­cient commu­ni­ca­tion and meeting the needs of our commu­ni­ca­tion part­ners for commu­ni­ca­tion via Messenger. Further­more, we would like to point out that we will not transmit the contact data provided to us to Messenger for the first time without your consent.

Revo­ca­tion, objec­tion and dele­tion: You can revoke a given consent at any time and object to commu­ni­ca­tion with us via Messenger at any time. In the case of commu­ni­ca­tion via Messenger, we delete the messages in accor­dance with our general dele­tion guide­lines (i.e., as described above, after the end of contrac­tual rela­tion­ships, in the context of archiving require­ments, etc.) and other­wise as soon as we can assume that we have answered any infor­ma­tion provided by the commu­ni­ca­tion part­ners, if no refer­ence to a previous conver­sa­tion is to be expected and no legal storage oblig­a­tions stand in the way of dele­tion.

Reser­va­tion of the refer­ence to other commu­ni­ca­tion chan­nels: Finally, we would like to point out that for reasons of your secu­rity, we reserve the right not to answer enquiries via Messenger. This is the case if, for example, internal contrac­tual matters require special confi­den­tiality or if a reply via Messenger does not meet the formal require­ments. In such cases we will refer you to more appro­priate commu­ni­ca­tion chan­nels.

Skype: The end-to-end encryp­tion of Skype requires its acti­va­tion (unless it should be acti­vated by default).

  • Processed data types: contact data (e.g. e‑mail, tele­phone numbers), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device infor­ma­tion, IP addresses), content data (e.g. text entries, photographs, videos).
  • Persons concerned: commu­ni­ca­tion part­ners.
  • Purposes of processing: contact requests and commu­ni­ca­tion, direct marketing (e.g. by e‑mail or by post).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

Services used and service providers:

  • Face­book Messenger: Face­book Messenger with end-to-end encryp­tion (the end-to-end encryp­tion of the Face­book Messenger requires acti­va­tion unless it should be enabled by default); Service Provider: https://www.facebook.com, Face­book Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Face­book, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.facebook.com; privacy policy: https://www.facebook.com/about/privacy; opt-out: https://www.facebook.com/settings?tab=ads.
  • Microsoft Teams: Microsoft Teams — Messenger; Service Provider: Microsoft Corpo­ra­tion, One Microsoft Way, Redmond, WA 98052–6399 USA; Web site: https://products.office.com; Privacy policy: https://privacy.microsoft.com/de-de/privacystatement, Secu­rity notice: https://www.microsoft.com/de-de/trustcenter.
  • Skype: Skype Messenger with end-to-end encryp­tion; service provider: Microsoft Corpo­ra­tion, One Microsoft Way, Redmond, WA 98052–6399 USA; website: https://www.skype.com/de/; privacy policy: https://privacy.microsoft.com/de-de/privacystatement, secu­rity advice: https://www.microsoft.com/de-de/trustcenter.
  • Slack: Slack Messenger without end-to-end encryp­tion; service provider: Slack Tech­nolo­gies, Inc, 500 Howard Street, San Fran­cisco, CA 94105, USA; website: https://slack.com/intl/de-de/; privacy policy: https://slack.com/intl/de-de/legal.
  • Snapchat: Snapchat Messenger with end-to-end encryp­tion; service provider: Snap Inc, 63 Market Street Venice, CA 90291 USA; Website: https://www.snapchat.com/l/de-de/; Privacy Policy: https://www.snap.com/de-DE/privacy/privacy-policy/.
  • Telegram Broad­casts: Telegram Broad­casts — Messenger with end-to-end encryp­tion; service provider: Telegram, Dubai; Website: https://telegram.org/; Privacy Policy: https://telegram.org/privacy.
  • Threema: Threema Messenger with end-to-end encryp­tion; service provider: Threema GmbH, Chur­erstrasse 82, 8808 Pfäf­fikon SZ, Switzer­land; Website: https://threema.ch/en; Privacy policy: https://threema.ch/de/privacy.
  • What­sApp: What­sApp Messenger with end-to-end encryp­tion; service provider: What­sApp Inc What­sApp Legal 1601 Willow Road Menlo Park, Cali­fornia 94025, USA; Web site: https://www.whatsapp.com/; Privacy policy: https://www.whatsapp.com/legal.

Chat­bots and chat func­tions

We offer online chats and chatbot func­tions as a means of commu­ni­ca­tion (collec­tively referred to as “Chat Services”). A chat is an online conver­sa­tion conducted with a certain amount of time­li­ness. A chatbot is a piece of soft­ware which answers users’ ques­tions or informs them of messages. If you use our chat func­tions, we may process your personal data.

If you use our chat services within an online plat­form, your iden­ti­fi­ca­tion number is also stored within the respec­tive plat­form. We may also collect infor­ma­tion about which users interact with our chat services and when. Further­more, we store the content of your conver­sa­tions via the chat services and log regis­tra­tion and consent processes in order to be able to prove these in accor­dance with legal require­ments.

We point out to users that the respec­tive plat­form provider may find out that and when users commu­ni­cate with our chat services and collect tech­nical infor­ma­tion on the user’s device used and, depending on the settings of their device, also loca­tion infor­ma­tion (so-called meta­data) for the purpose of opti­mising the respec­tive services and for secu­rity purposes. Like­wise, the meta­data of commu­ni­ca­tion via chat services (i.e. infor­ma­tion on who has commu­ni­cated with whom, for example) could be used by the respec­tive plat­form providers for marketing purposes or to display adver­tising tailored to users in accor­dance with their regu­la­tions, to which we refer for further infor­ma­tion.

If users agree to acti­vate infor­ma­tion with regular messages to a chatbot, they have the possi­bility to unsub­scribe at any time. The chatbot will point out to Users how and with what terms they can unsub­scribe from the messages. By unsub­scribing from the chatbot messages, Users’ data are deleted from the direc­tory of message recip­i­ents.

We use the afore­men­tioned infor­ma­tion to operate our chat services, e.g. to address users person­ally, to answer their queries, to transmit any requested content and also to improve our chat services (e.g. to “teach” chat offers answers to frequently asked ques­tions or to iden­tify unan­swered queries).

Legal notice: We use the chat services on a consent basis where we have previ­ously obtained permis­sion from users to process their data as part of our chat services (this applies to cases where users are asked for consent, e.g. so that a chatbot can send them regular messages). If we use chat services to answer users’ ques­tions about our services or our company, this is done for contrac­tual and pre-contrac­tual commu­ni­ca­tion. In addi­tion, we use chat services on the basis of our legit­i­mate inter­ests in opti­mising the chat services, their economic effi­ciency and increasing the posi­tive user expe­ri­ence.

Revo­ca­tion, objec­tion and dele­tion: You can revoke a given consent or object to the processing of your data within the scope of our chat services at any time.

  • Processed data types: contact data (e.g. e‑mail, tele­phone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Persons concerned: commu­ni­ca­tion part­ners.
  • Purposes of processing: contact requests and commu­ni­ca­tion, direct marketing (e.g. by e‑mail or by post).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

Push News

With the consent of the users, we can send the users so-called “push noti­fi­ca­tions”. These are messages that are displayed on users’ screens, termi­nals or browsers, even if our online service is not being actively used.

In order to register for the push messages, users must confirm that their browser or terminal device has been queried to receive the push messages. This approval process is docu­mented and stored. The storage is neces­sary to recog­nise whether users have consented to receive the push messages and to be able to prove their consent. For these purposes, a pseu­do­ny­mous iden­ti­fier of the browser (so-called “push token”) or the device ID of a terminal device is stored.

Push messages may be neces­sary for the fulfil­ment of contrac­tual oblig­a­tions (e.g. tech­nical and organ­i­sa­tional infor­ma­tion rele­vant to the use of our online offer) and are other­wise sent, unless specif­i­cally mentioned below, on the basis of the user’s consent. Users can change the receipt of push messages at any time using the noti­fi­ca­tion settings of their respec­tive browsers or termi­nals.

Push messages with promo­tional content: The push noti­fi­ca­tions we send may contain promo­tional infor­ma­tion. The promo­tional push messages are processed on the basis of user consent. If the contents of the push messages are specif­i­cally described in the context of consent to receive the adver­tising push messages, the descrip­tions are deci­sive for the consent of the users. In addi­tion, our newslet­ters contain infor­ma­tion about our services and us.

Loca­tion-depen­dent sending of push messages: The push noti­fi­ca­tions sent by us can be displayed depending on the loca­tion of the users, based on the loca­tion data trans­mitted by the terminal device used.

Analysis and perfor­mance measure­ment: We statis­ti­cally eval­uate push messages and can thus iden­tify if and when push messages were displayed and clicked on. This infor­ma­tion is used for the tech­nical improve­ment of our push messages based on the tech­nical data or the target groups and their retrieval behav­iour or retrieval times. This analysis also includes deter­mining whether push messages are opened, when they are opened and whether users interact with their content or buttons. For tech­nical reasons, this infor­ma­tion can be allo­cated to the indi­vidual push message recip­i­ents. However, it is neither our inten­tion nor, if used, that of the push message service provider to monitor indi­vidual users. Rather, the eval­u­a­tions serve to iden­tify the usage habits of our users and to adapt our push messages to them or to send different push messages according to the inter­ests of our users.

The eval­u­a­tion of the push messages and the measure­ment of success are based on the explicit consent of the users, which is given with their consent to receive the push messages. Users may object to the analysis and perfor­mance measure­ment by unsub­scribing from the Push Messages. Unfor­tu­nately, it is not possible to cancel the analysis and perfor­mance measure­ment sepa­rately.

  • Types of data processed: loca­tion data (data indi­cating the loca­tion of an end-user’s terminal equip­ment), usage data (e.g. web pages visited, interest in content, access times).
  • Purposes of processing: Contrac­tual services and service, direct marketing (e.g. by e‑mail or post), range measure­ment (e.g. access statis­tics, recog­ni­tion of returning visi­tors).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), perfor­mance of the contract and pre-contrac­tual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO).

Video confer­ences, online meet­ings, webi­nars and screen sharing

We use plat­forms and appli­ca­tions of other providers (here­inafter referred to as “Third Party Providers”) for the purpose of holding video and audio confer­ences, webi­nars and other types of video and audio meet­ings. When selecting the third-party providers and their services, we observe the legal require­ments.

In this context, data of the commu­ni­ca­tion partic­i­pants are processed and stored on the servers of third party providers, as far as they are part of commu­ni­ca­tion processes with us. This data may include, in partic­ular, regis­tra­tion and contact data, visual and vocal contri­bu­tions, as well as entries in chats and shared screen content.

If users are referred to the third-party providers, or their soft­ware or plat­forms, in the course of commu­ni­ca­tion, busi­ness or other rela­tions with us, the third-party providers may process usage data and meta­data for secu­rity, service opti­mi­sa­tion or marketing purposes. We there­fore ask you to observe the data protec­tion notices of the respec­tive third party providers.

Notes on legal bases: If we ask users for their consent to use the third-party providers or certain func­tions (e.g. consent to a recording of conver­sa­tions), the legal basis for processing is consent. Further­more, their use can be a compo­nent of our (pre)contractual services, provided that the use of the third-party providers has been agreed in this context. Other­wise, user data is processed on the basis of our legit­i­mate inter­ests in effi­cient and secure commu­ni­ca­tion with our commu­ni­ca­tion part­ners. In this context we would like to refer you addi­tion­ally to the infor­ma­tion on the use of cookies in this data protec­tion decla­ra­tion.

  • Processed data types: inven­tory data (e.g. names, addresses), contact data (e.g. e‑mail, tele­phone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Persons concerned: Commu­ni­ca­tion part­ners, users (e.g. website visi­tors, users of online services).
  • Purposes of processing: contrac­tual services and perfor­mances, contact requests and commu­ni­ca­tion, office and organ­i­sa­tional proce­dures, direct marketing (e.g. by e‑mail or by post).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), Perfor­mance of contract and pre-contrac­tual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO), Legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

Services used and service providers:

  • Google Hang­outs / Meet: Messenger and confer­ence soft­ware; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphithe­atre Parkway, Moun­tain View, CA 94043, USA; website: https://hangouts.google.com/; privacy policy: https://policies.google.com/privacy.
  • GoToMeeting: confer­ence soft­ware; service provider: LogMeIn Ireland Limited, Blood­stone Building Block C 70, Sir John Rogerson’s Quay Dublin 2, Ireland, parent company: LogMeIn, Inc, 320 Summer Street, Boston, MA 02210 320 Summer Street Boston, Mass­a­chu­setts 02210, USA; website: https://www.gotomeeting.com/de-de; privacy policy: https://www.logmeininc.com/de/legal/privacy.
  • Microsoft Teams: messenger and confer­encing soft­ware; service providers: Microsoft Corpo­ra­tion, One Microsoft Way, Redmond, WA 98052–6399 USA; Web site: https://products.office.com; privacy state­ment: https://privacy.microsoft.com/de-de/privacystatement, secu­rity notice: https://www.microsoft.com/de-de/trustcenter.
  • Skype: messenger and confer­ence soft­ware; service provider: Microsoft Corpo­ra­tion, One Microsoft Way, Redmond, WA 98052–6399 USA; Website: https://www.skype.com/de/; Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement, Secu­rity Notice: https://www.microsoft.com/de-de/trustcenter.
  • Slack: messenger and confer­encing soft­ware; service provider: Slack Tech­nolo­gies, Inc, 500 Howard Street, San Fran­cisco, CA 94105, USA; website: https://slack.com/intl/de-de/; privacy policy: https://slack.com/intl/de-de/legal.
  • TeamViewer: confer­ence soft­ware; service provider: TeamViewer GmbH, Jahnstr. 30, 73037 Göppingen, Germany; Website: https://www.teamviewer.com/de; Privacy policy: https://www.teamviewer.com/de/datenschutzerklaerung/.
  • Zoom: video confer­ences, web confer­ences and webi­nars; service providers: Zoom Video Commu­ni­ca­tions, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA; Website: https://zoom.us; Privacy Policy: https://zoom.us/docs/de-de/privacy-and-legal.html; Stan­dard Contrac­tual Clauses (Ensuring Level of Data Protec­tion for Processing in Third Coun­tries): https://zoom.us/docs/de-de/privacy-and-legal.html (Referred to as Global DPA).

Music and podcasts

We use hosting and analysis services provided by service providers to make our audio content avail­able for listening or down­loading and to obtain statis­tical infor­ma­tion on the retrieval of the audio content.

Podlove: Both the Podlove Subscribe Button and the Podlove Web Player are deliv­ered by keycdn.com (keycdn GDPR state­ment). The Podlove Publisher records down­load statis­tics. IP addresses are used to esti­mate geograph­ical loca­tion (city / country). They are stored temporarily (up to 48 hours) as part of a request ID. This is neces­sary so that the podcast oper­ator can under­stand the viability of his or her efforts. In order to be able to deter­mine real­istic down­load figures, the system must be able to detect renewed access to the same file by the same user. The only reli­able way to achieve this is to look at the IP address together with the user agent. It is not possible to use an anony­mous IP address, as this would lead to false results. Accessing the same file from the same user on different days can be consid­ered as a sepa­rate down­load. It is there­fore suffi­cient to keep IP addresses only for up to 48 hours. After 48 hours, request IDs are anonymised. This makes it impos­sible to restore the orig­i­nally contained IP address. The user agent of the browser used is also saved.

The podcast down­loads can be made avail­able through https://bitlove.org/ via BitTor­rent, where your browser connects directly to Bitlove’s servers.

Buttons of the micro­pay­ment service “Flattr”, Flattr AB, Box 4111, 203 12 Malmö, Sweden, can also be inte­grated, whereby your browser estab­lishes a direct connec­tion to Flattr’s servers. If you have created an account with Flattr with which you are logged in at the same time, Flattr will receive infor­ma­tion that you have visited the rele­vant page of our online service. If you have a Flattr account, are logged in and interact with the button, infor­ma­tion about this is sent to Flattr and stored there for billing purposes in accor­dance with the guide­lines applic­able there. Even if you are not logged in, usage data may be collected and stored. You can find out exactly how your data is processed when you click on the Flattr button at flattr.com/privacy.

  • Processed data types: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Persons concerned: Users (e.g. website visi­tors, users of online services).
  • Purposes of processing: range measure­ment (e.g. access statis­tics, recog­ni­tion of returning visi­tors), visitor action eval­u­a­tion, profiling (creation of user profiles), tracking (e.g. inter­est/be­hav­iour-related profiling, use of cookies).
  • Legal basis: Legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

Services used and service providers:

  • Anchor: Anchor — music and podcast hosting; service provider: Anchor, Spotify C/O Anchor, 150 Green­wich St, New York, NY 10007; website: https://anchor.fm/; privacy policy: https://anchor.fm/privacy.
  • Blubrry: Blubrry — Musik- und Podcasthosting; Dien­stan­bi­eter: Rawvoice, Inc. 5000 Arlington Centre Blvd., Building 2, Suite 2115, Upper Arlington, Ohio 43220 17525 Egan Drive Coop­ersville, Michigan 49404, USA; Website: https://soundcloud.com; Daten­schutzerk­lärung: https://create.blubrry.com/resources/about-blubrry/privacy-policy/.
  • libsyn: libsyn — music and podcast hosting; service provider: Liber­ated Syndi­ca­tion Inc, Pitts­burgh, Penn­syl­vania, USA; Website: https://www.libsyn.com/; Privacy Policy: https://www.libsyn.com/privacy-policy.
  • Pode­tize: Pode­tize — music and podcast hosting; service provider: Pode­tize; website: https://www.podetize.com.
  • Podhost: Podhost — music and podcast hosting; service provider: Pode­tize; website: https://www.podhost.de/; privacy policy: https://www.podhost.de/privacy.
  • Podlove: Podlove & Bitlove — distri­b­u­tion and play­back of podcats; service provider: Podlove (an open initia­tive); website: https://podlove.org; privacy policy: https://docs.podlove.org/podlove-publisher/guides/dsgvo-gdpr.html.
  • Podigee: Podigee — music and podcast hosting; service provider: Podigee GmbH, Schle­sische Straße 20, 10997 Berlin, Germany; Website: https://www.podigee.com/de; Privacy Policy: https://www.podigee.com/de/about/privacy/.
  • Podtrac: Metrics and data analysis of podcast target groups across all access sources; service providers: Podtrac, Inc., PO Box 30576, Alexan­dria, VA 22310, USA; website: https://podtrac.com; privacy policy: https://analytics.podtrac.com/product-privacy-statement.
  • Sound­cloud: Sound­cloud — music hosting; service provider: Sound­Cloud Limited, Rheins­berger Str. 76/77, 10115 Berlin, Germany; Website: https://soundcloud.com; Privacy Policy: https://soundcloud.com/pages/privacy.
  • Spotify: Spotify — music hosting and widget; service provider: Spotify AB, Regerings­gatan 19, SE-111 53 Stock­holm, Sweden; website: https://www.spotify.com/de; privacy policy: https://www.spotify.com/de/legal/privacy-policy/.
  • Another hosting/analysis service provider: service provider: The audio content is stored and retrieved by a hosting provider in accor­dance with legal require­ments.

Appli­ca­tion proce­dure

The appli­ca­tion proce­dure requires appli­cants to provide us with the data required for their assess­ment and selec­tion. Which infor­ma­tion is required can be found in the job descrip­tion or, in the case of online forms, in the infor­ma­tion provided there.

In prin­ciple, the required infor­ma­tion includes personal details such as name, address, a contact option and proof of the qual­i­fi­ca­tions required for a job. On request, we will also be happy to provide you with the neces­sary infor­ma­tion.

If provided, appli­cants can send us their appli­ca­tions using an online form. The data will be encrypted and trans­mitted to us according to the state of the art. Appli­cants can also send us their appli­ca­tions by e‑mail. Please note, however, that e‑mails on the Internet are gener­ally not sent in encrypted form. As a rule, e‑mails are encrypted in transit, but not on the servers from which they are sent and received. We can there­fore not accept any respon­si­bility for the trans­mis­sion path of the appli­ca­tion between the sender and receipt on our server.

For the purposes of searching for appli­cants, submit­ting appli­ca­tions and selecting appli­cants, we may, subject to legal require­ments, use appli­cant manage­ment or recruit­ment soft­ware and plat­forms and services of third parties.

Appli­cants are welcome to contact us regarding the method of submit­ting their appli­ca­tion or send us their appli­ca­tion by post.

Processing of special cate­gories of data: If special cate­gories of personal data within the meaning of Art. 9 Par. 1 DSGVO (e.g. health data such as severely disabled persons or ethnic origin) are requested from appli­cants in the context of the appli­ca­tion proce­dure so that the person respon­sible or the data subject can exer­cise the rights arising to him or her from labour law and social secu­rity and social protec­tion law and fulfil his or her oblig­a­tions in this respect, their processing is carried out in accor­dance with Art. 9 Par. 2 letter b. DSGVO, in the case of protec­tion of vital inter­ests of appli­cants or other persons pursuant to Art. 9 para. 2 lit. c. DSGVO or for purposes of health care or occu­pa­tional medi­cine, for the assess­ment of the employee’s ability to work, for medical diag­nosis, for care or treat­ment in the health or social sector or for the manage­ment of systems and services in the health or social sector pursuant to Art. 9 para. 2 lit. h. DSGVO. In the case of a commu­ni­ca­tion of special cate­gories of data based on volun­tary consent, their processing is based on Art. 9 para. 2 lit. a. DSGVO.

Dele­tion of data: In the event of a successful appli­ca­tion, the data provided by the appli­cants may be processed by us for the purposes of the employ­ment rela­tion­ship. Other­wise, if the appli­ca­tion for a job offer is not successful, the appli­cants’ data will be deleted. The appli­cants’ data will also be deleted if an appli­ca­tion is with­drawn, which the appli­cants are enti­tled to do at any time. Subject to a justi­fied revo­ca­tion by the appli­cants, the dele­tion will take place at the latest after a period of six months, so that we can answer any follow-up ques­tions regarding the appli­ca­tion and fulfil our oblig­a­tions to provide evidence in accor­dance with the regu­la­tions on the equal treat­ment of appli­cants. Invoices for any reim­burse­ment of travel expenses will be archived in accor­dance with tax law require­ments.

Admis­sion to an appli­cant pool: Admis­sion to an appli­cant pool, if offered, is based on consent. Appli­cants are informed that their consent to be included in the talent pool is volun­tary, has no influ­ence on the current appli­ca­tion proce­dure and that they can with­draw their consent at any time in the future.

  • Types of data processed: Appli­cant data (e.g. personal details, postal and contact addresses, the docu­ments belonging to the appli­ca­tion and the infor­ma­tion contained therein, such as cover letter, CV, certifi­cates and other infor­ma­tion on the applicant’s person or qual­i­fi­ca­tion provided by appli­cants with regard to a specific posi­tion or volun­tarily).
  • Persons concerned: appli­cants.
  • Purposes of processing: appli­ca­tion proce­dure (estab­lish­ment and possible subse­quent imple­men­ta­tion and possible subse­quent termi­na­tion of employ­ment.)
  • Legal basis: Art. 9 (1) sentence 1 letter b DSGVO (appli­ca­tion proce­dure as a pre-contrac­tual or contrac­tual rela­tion­ship) (Insofar as special cate­gories of personal data within the meaning of Art. 9 (1) DSGVO (e.g. health data, such as severely hand­i­capped status or ethnic origin) are requested from appli­cants during the appli­ca­tion proce­dure in order to enable the respon­sible person or the data subject to exer­cise the rights arising to him or her from labour law and social secu­rity and social protec­tion law and to fulfil his or her oblig­a­tions in this respect, they are processed in accor­dance with Art. 9 Para­graph 2 letter b. DSGVO, in the case of protec­tion of vital inter­ests of appli­cants or other persons pursuant to Art. 9 para. 2 lit. c. DSGVO or for purposes of health care or occu­pa­tional medi­cine, for the assess­ment of the employee’s ability to work, for medical diag­nosis, care or treat­ment in the health or social sector or for the manage­ment of systems and services in the health or social sector pursuant to Art. 9 para. 2 lit. h. DSGVO. In the case of a commu­ni­ca­tion of special cate­gories of data based on volun­tary consent, their processing is carried out on the basis of Art. 9 para. 2 lit. a. DSGVO).

Cloud services

We use soft­ware services acces­sible via the Internet and running on the servers of their providers (so-called “cloud services”, also referred to as “Soft­ware as a Service”) for the following purposes: docu­ment storage and manage­ment, calendar manage­ment, e‑mailing, spread­sheets and presen­ta­tions, exchanging docu­ments, content and infor­ma­tion with specific recip­i­ents or publishing web pages, forms or other content and infor­ma­tion, as well as chat­ting and partic­i­pating in audio and video confer­ences.

In this context, personal data may be processed and stored on the servers of the providers, as far as they are part of commu­ni­ca­tion processes with us or other­wise processed by us as described in this privacy policy. This data may include, in partic­ular, master data and contact details of users, data on proce­dures, contracts, other processes and their contents. The providers of the cloud services also process usage data and meta­data which they use for secu­rity purposes and for service opti­mi­sa­tion.

If we use cloud services to provide other users or publicly acces­sible websites with forms or other docu­ments and content, the providers may store cookies on the users’ devices for web analysis purposes or to remember user settings (e.g. in the case of media control).

Notes on legal bases: If we ask for consent to use the cloud services, the legal basis for processing is consent. Further­more, their use can be a compo­nent of our (pre)contractual services, provided that the use of the cloud services has been agreed in this context. Other­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e., interest in effi­cient and secure admin­is­tra­tion and collab­o­ra­tion processes)

  • Types of data processed: inven­tory data (e.g. names, addresses), contact data (e.g. e‑mail, tele­phone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device infor­ma­tion, IP addresses), contract data (e.g. subject matter of the contract, dura­tion, customer cate­gory).
  • Persons concerned: Customers, employees (e.g. employees, appli­cants, former employees), inter­ested parties, commu­ni­ca­tion part­ners.
  • Purpose of the processing: office and organ­i­sa­tional proce­dures.
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), Perfor­mance of contract and pre-contrac­tual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO), Legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

Services used and service providers:

  • Apple iCloud: cloud storage services; service provider: Apple Inc, Infi­nite Loop, Cuper­tino, CA 95014, USA; Web site: https://www.apple.com/de/; Privacy policy: https://www.apple.com/legal/privacy/de-ww/.
  • Dropbox: Cloud storage services; service provider: Dropbox, Inc, 333 Brannan Street, San Fran­cisco, Cali­fornia 94107, USA; website: https://www.dropbox.com/de; privacy policy: https://www.dropbox.com/privacy; stan­dard contrac­tual clauses (ensuring a level of data protec­tion when processing in third coun­tries): https://www.dropbox.com/terms/business-agreement-2016.
  • Google Cloud Services: cloud storage services; service providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphithe­atre Parkway, Moun­tain View, CA 94043, USA; Website: https://cloud.google.com/; Privacy Policy: https://www.google.com/policies/privacy, Secu­rity Notice: https://cloud.google.com/security/privacy; Stan­dard Contrac­tual Clauses (ensuring a level of data protec­tion when processing in third coun­tries): https://cloud.google.com/terms/data-processing-terms; Addi­tional Privacy Notice: https://cloud.google.com/terms/data-processing-terms.
  • Microsoft Cloud Services: cloud storage services; service providers: Microsoft Corpo­ra­tion, One Microsoft Way, Redmond, WA 98052–6399 USA; website: https://microsoft.com/de-de; privacy state­ment: https://privacy.microsoft.com/de-de/privacystatement, secu­rity advice: https://www.microsoft.com/de-de/trustcenter.
  • Team­Drive: cloud storage services; service provider: Team­Drive Systems GmbH, Max-Brauer-Allee 50, 22765 Hamburg, Germany; website: https://teamdrive.com; terms and condi­tions: https://teamdrive.com/datenschutzerklaerung/.
  • Telekom Magen­ta­cloud: cloud storage services; service provider: Telekom Deutsch­land GmbH, Land­grabenweg 151, 53227 Bonn, Germany; Website: https://cloud.telekom-dienste.de/; Privacy Policy: https://www.telekom.de/datenschutz-ganz-einfach.
  • Web.de Freemail Online storage: cloud storage services; service provider: 1&1 Mail & Media GmbH, Karl­sruhe branch, Brauerstr. 48, 76135 Karl­sruhe, Germany; website: https://web.de/online-speicher/; privacy policy: https://web.de/datenschutz/.

Newsletter and elec­tronic noti­fi­ca­tions

We send newslet­ters, e‑mails and other elec­tronic noti­fi­ca­tions (here­inafter “newslet­ters”) only with the consent of the recip­i­ents or a legal permis­sion. If, in the course of regis­tering for the newsletter, its contents are specif­i­cally described, they are deci­sive for the consent of the users. Further­more, our newslet­ters contain infor­ma­tion about our services and us.

To subscribe to our newslet­ters, it is gener­ally suffi­cient to provide your e‑mail address. However, we may ask you to provide a name for the purpose of personal contact in the newsletter, or other details if these are required for the purposes of the newsletter.

Double-Opt-In proce­dure: The regis­tra­tion for our newsletter is always done in a so-called Double-Opt-In-Process. This means that you will receive an e‑mail after regis­tra­tion asking you to confirm your regis­tra­tion. This confir­ma­tion is neces­sary so that nobody can register with foreign e‑mail addresses. The newsletter regis­tra­tions are logged in order to be able to prove the regis­tra­tion process in accor­dance with the legal require­ments. This includes the storage of the regis­tra­tion and confir­ma­tion time as well as the IP address. Changes to your data stored by the dispatch service provider are also logged.

Dele­tion and restric­tion of processing: We may store the deleted e‑mail addresses for up to three years on the basis of our legit­i­mate inter­ests before deleting them in order to be able to prove that we have previ­ously given our consent. The processing of this data is limited to the purpose of a possible defence against claims. An indi­vidual request for dele­tion is possible at any time, provided that the former exis­tence of a consent is confirmed at the same time. In case of oblig­a­tions to perma­nently observe objec­tions, we reserve the right to store the e‑mail address in a black­list for this purpose alone.

The regis­tra­tion proce­dure is recorded on the basis of our legit­i­mate inter­ests for the purpose of proving that it has been carried out prop­erly. If we commis­sion a service provider to send e‑mails, this is done on the basis of our legit­i­mate inter­ests in an effi­cient and secure sending system.

Infor­ma­tion on legal bases: The dispatch of the newslet­ters is based on the consent of the recip­i­ents or, if consent is not required, on our legit­i­mate inter­ests in direct marketing, if and to the extent that this is permitted by law, e.g. in the case of adver­tising to existing customers. If we commis­sion a service provider to send e‑mails, this is done on the basis of our legit­i­mate inter­ests. The regis­tra­tion process will be recorded on the basis of our legit­i­mate inter­ests in order to prove that it has been carried out in accor­dance with the law.

contents: Infor­ma­tion about us, our services, actions and offers.

Analysis and success measure­ment: The newslet­ters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened, or from the server of the newsletter provider if we use a mailing service provider. Within the frame­work of this retrieval, tech­nical infor­ma­tion such as infor­ma­tion on the browser and your system, as well as your IP address and the time of retrieval, is initially collected.

This infor­ma­tion is used for the tech­nical improve­ment of our newsletter on the basis of tech­nical data or target groups and their reading behav­iour on the basis of their retrieval loca­tions (which can be deter­mined by means of the IP address) or access times. This analysis also includes deter­mining whether the newslet­ters are opened, when they are opened and which links are clicked. For tech­nical reasons, this infor­ma­tion can be allo­cated to indi­vidual newsletter recip­i­ents. However, it is neither our endeavour nor, if used, that of the dispatch service provider to observe indi­vidual users. The eval­u­a­tions rather serve to iden­tify the reading habits of our users and to adapt our content to them or to send different content according to the inter­ests of our users.

The eval­u­a­tion of the newsletter and the measure­ment of success are carried out, subject to the express consent of the users, on the basis of our legit­i­mate inter­ests for the purpose of using a user-friendly and secure newsletter system that serves our busi­ness inter­ests and meets the expec­ta­tions of the users.

A sepa­rate revo­ca­tion of the perfor­mance measure­ment is unfor­tu­nately not possible. In this case, the entire newsletter subscrip­tion must be cancelled or objected to.

Condi­tion for the use of free services: Consent to the sending of mail­ings may be made condi­tional as a prereq­ui­site for the use of free services (e.g. access to certain contents or partic­i­pa­tion in certain campaigns). If users wish to take advan­tage of the free services without regis­tering for the newsletter, please contact us.

Sending via SMS: Elec­tronic noti­fi­ca­tions can also be sent as SMS text messages (or are sent exclu­sively via SMS if the autho­ri­sa­tion to send, e.g. consent, only includes sending via SMS).

  • Processed data types: inven­tory data (e.g. names, addresses), contact data (e.g. e‑mail, tele­phone numbers), meta/communication data (e.g. device infor­ma­tion, IP addresses), usage data (e.g. websites visited, interest in content, access times).
  • Persons concerned: Commu­ni­ca­tion part­ners, users (e.g. website visi­tors, users of online services).
  • Purposes of processing: direct marketing (e.g. by e‑mail or postal mail), contrac­tual services and service.
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).
  • Opt-out: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options listed above, prefer­ably e‑mail.

Services used and service providers:

  • Active­Cam­paign: E‑Mail-Marketing-Plat­tform; Dien­stan­bi­eter: Active­Cam­paign, Inc., 1 N Dear­born, 5th Floor Chicago, Illi­nois 60602, USA; Website: https://www.activecampaign.com; Daten­schutzerk­lärung: https://www.activecampaign.com/privacy-policy/.
  • Click Tip: Service provider: KLICK-TIPP Ltd, 15 Cambridge Court, 210 Shepherd’s Bush Road, London W6 7NJ, GB; website: https://www.klick-tipp.com; privacy policy: https://www.klick-tipp.com/datenschutzerkl%C3%A4rung.
  • Mailchimp: email marketing plat­form; service provider: “Mailchimp” — Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; website: https://mailchimp.com; privacy policy: https://mailchimp.com/legal/privacy/.

Adver­tising commu­ni­ca­tion via e‑mail, post, fax or tele­phone

We process personal data for the purposes of adver­tising commu­ni­ca­tion, which can take place via various chan­nels, such as e‑mail, tele­phone, post or fax, in accor­dance with legal require­ments.

Recip­i­ents have the right to revoke any consent given or to object to the promo­tional commu­ni­ca­tion at any time.

After revo­ca­tion or objec­tion, we may store the data required to prove consent for up to three years on the basis of our legit­i­mate inter­ests before we delete it. The processing of this data is limited to the purpose of a possible defence against claims. An indi­vidual request for dele­tion is possible at any time, provided that the former exis­tence of a consent is confirmed at the same time.

  • Data types processed: inven­tory data (e.g. names, addresses), contact data (e.g. e‑mail, tele­phone numbers).
  • Persons concerned: commu­ni­ca­tion part­ners.
  • Purposes of processing: direct marketing (e.g. by e‑mail or by post).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

Raffles and compe­ti­tions

We process personal data of partic­i­pants in compe­ti­tions and contests only in compli­ance with the rele­vant data protec­tion regu­la­tions, insofar as the processing is contrac­tu­ally neces­sary for the provi­sion, imple­men­ta­tion and handling of the compe­ti­tion, the partic­i­pants have consented to the processing or the processing serves our legit­i­mate inter­ests (e.g. in the secu­rity of the compe­ti­tion or the protec­tion of our inter­ests from misuse by possible recording of IP addresses when submit­ting compe­ti­tion entries).

If contri­bu­tions of the partic­i­pants are published in the context of the compe­ti­tions (e.g. in the context of a vote or presen­ta­tion of the compe­ti­tion contri­bu­tions or the winners or the reporting on the compe­ti­tion), we point out that the names of the partic­i­pants can also be published in this context. The partic­i­pants can object to this at any time.

If the compe­ti­tion takes place within an online plat­form or a social network (e.g. Face­book or Insta­gram, here­inafter referred to as “online plat­form”), the usage and data protec­tion provi­sions of the respec­tive plat­forms shall apply in addi­tion. In these cases, we would like to point out that we are respon­sible for the infor­ma­tion provided by the partic­i­pants in the course of the compe­ti­tion and that enquiries regarding the compe­ti­tion should be addressed to us.

The partic­i­pants’ data will be deleted as soon as the compe­ti­tion or contest is over and the data is no longer required to inform the winners or because further inquiries about the compe­ti­tion can be expected. In prin­ciple, the partic­i­pants’ data will be deleted at the latest 6 months after the end of the compe­ti­tion. Winners’ data may be retained for longer, e.g. in order to be able to answer ques­tions about the prizes or to fulfil the prize services; in this case the reten­tion period depends on the type of prize and is up to three years in the case of items or services, for example, in order to be able to process warranty claims. Further­more, the partic­i­pants’ data may be stored for longer, e.g. in the form of reports on the compe­ti­tion in online and offline media.

If data has also been collected for other purposes within the frame­work of the compe­ti­tion, its processing and the dura­tion of storage are governed by the data protec­tion infor­ma­tion on this use (e.g. in the case of regis­tra­tion for the newsletter within the frame­work of a compe­ti­tion).

  • Processed data types: inven­tory data (e.g. names, addresses), content data (e.g. text entries, photographs, videos).
  • Persons concerned: Competi­tors and partic­i­pants in compe­ti­tions.
  • Purpose of processing: organ­i­sa­tion of compe­ti­tions and contests.
  • Legal basis: Fulfil­ment of contract and pre-contrac­tual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO).

Surveys and ques­tion­naires

The surveys and ques­tion­naires we conduct (here­inafter referred to as “surveys”) are eval­u­ated anony­mously. Personal data is only processed to the extent that this is neces­sary for the provi­sion and tech­nical imple­men­ta­tion of the surveys (e.g. processing of the IP address to display the survey in the user’s browser or to enable a resump­tion of the survey by means of a tempo­rary cookie (session cookie)) or users have consented to this.

Legal basis: If we ask the partic­i­pants to give their consent to the processing of their data, this is the legal basis for the processing, other­wise the processing of the partic­i­pants’ data is based on our legit­i­mate interest in conducting an objec­tive survey.

  • Processed data types: contact data (e.g. e‑mail, tele­phone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Persons concerned: Commu­ni­ca­tion part­ners, users (e.g. website visi­tors, users of online services).
  • Purposes of processing: contact requests and commu­ni­ca­tion, direct marketing (e.g. by e‑mail or postal mail), tracking (e.g. interest/behavioural profiling, use of cookies), profiling (creation of user profiles), feed­back (e.g. collec­tion of feed­back via online form), surveys and ques­tion­naires (e.g. surveys with input options, multiple choice ques­tions).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

Services used and service providers:

  • Crowdsignal: Crowdsignal survey services; service provider: Automattic Inc, 60 29th Street #343, San Fran­cisco, CA 94110, USA; Website: https://crowdsignal.com/; Privacy Policy: https://automattic.com/privacy/.
  • Google form: Google Cloud Forms; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphithe­atre Parkway, Moun­tain View, CA 94043, USA; website: https://firebase.google.com; privacy policy: https://policies.google.com/privacy; opt-out: opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de, adver­tising display settings: https://adssettings.google.com/authenticated.
  • LimeSurvey: LimeSurvey survey services; service provider: LimeSurvey GmbH Survey Services & Consulting, Papen­reye 63, 22453 Hamburg, Germany; Website: https://www.limesurvey.org/de; Privacy Policy: https://www.limesurvey.org/de/richtlinien/datenschutzrichtlinie.
  • Qualtrics: Qualtrics survey services; service provider: Qualtrics LLC, Address: 2250 N. Univer­sity Pkwy, 48‑C, Provo, Utah 84604, USA; website: https://www.qualtrics.com/de/; privacy policy: https://www.qualtrics.com/privacy-statement/.
  • Survey­Monkey: Survey­Monkey Umfrage­di­enste; Dien­stan­bi­eter: Survey­Monkey Inc., 1 Curiosity Way, San Mateo, Cali­fornia 94403, USA; Website: https://www.surveymonkey.de; Daten­schutzerk­lärung: https://www.surveymonkey.de/mp/policy/privacy-policy/?ut_source=footer.
  • Surv­met­rics: Surv­met­rics survey services; service provider: Surv­met­rics, Inc. Chihuahua 230, Roma Norte, Ciudad de Mexico, DF 06700, USA; website: https://survmetrics.com/; privacy policy: https://survmetrics.com/privacy-policy/.
  • Type­form: creation of forms as well as surveys and manage­ment of partic­i­pant contri­bu­tions; service provider: TYPEFORM SL, Carrer Bac de Roda, 163, local, 08018 — Barcelona, Spain; website: https://www.typeform.com/; privacy policy: https://admin.typeform.com/to/dwk6gt/.

Web analysis, moni­toring and opti­mi­sa­tion

Web analysis (also known as “reach measure­ment”) is used to eval­uate the streams of visi­tors to our online offering and may include behav­iour, inter­ests or demo­graphic infor­ma­tion about visi­tors, such as age or gender, as pseu­do­ny­mous values. With the help of the reach analysis we can, for example, iden­tify at what time our online offer or its func­tions or contents are most frequently used or invite reuse. We can also under­stand which areas require opti­mi­sa­tion.

In addi­tion to web analysis, we can also use test proce­dures, for example to test and opti­mise different versions of our online offer or its compo­nents.

For these purposes, so-called user profiles can be created and stored in a file (so-called “cookie”) or similar proce­dures with the same purpose can be used. This infor­ma­tion may include, for example, the content viewed, the websites visited and the elements used on them, and tech­nical details such as the browser used, the computer system used and infor­ma­tion on usage times. If users have consented to the collec­tion of their loca­tion data, this data may also be processed, depending on the provider.

The IP addresses of users are also stored. However, we use an IP masking proce­dure (i.e., pseu­do­nymi­sa­tion by short­ening the IP address) to protect the users. In general, no clear user data (such as e‑mail addresses or names) are stored in the context of web analysis, A/B testing and opti­mi­sa­tion, but pseu­do­nyms. This means that we as well as the providers of the soft­ware used do not know the actual iden­tity of the users, but only the infor­ma­tion stored in their profiles for the purposes of the respec­tive proce­dures.

Infor­ma­tion on legal bases: If we ask users for their consent to use the third party providers, the legal basis for processing data is consent. Other­wise, the users’ data will be processed on the basis of our legit­i­mate inter­ests (i.e. interest in effi­cient, economic and recip­ient-friendly services). In this context we would also like to draw your atten­tion to the infor­ma­tion on the use of cookies in this data protec­tion decla­ra­tion.

  • Persons concerned: Users (e.g. website visi­tors, users of online services).
  • Purposes of processing: range measure­ment (e.g. access statis­tics, recog­ni­tion of returning visi­tors), tracking (e.g. inter­est/be­hav­iour-related profiling, use of cookies), visitor action eval­u­a­tion, profiling (creation of user profiles).
  • secu­rity measures: IP masking (pseu­do­nymi­sa­tion of the IP address).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

online marketing

We process personal data for online marketing purposes, which may include, in partic­ular, the marketing of adver­tising space or the display of adver­tising and other content (collec­tively referred to as “Content”) based on the poten­tial inter­ests of users and the measure­ment of its effec­tive­ness.

For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar proce­dures are used, by means of which the user infor­ma­tion rele­vant to the presen­ta­tion of the afore­men­tioned contents is stored. This infor­ma­tion may include, for example, the content viewed, websites visited, online networks used, but also commu­ni­ca­tion part­ners and tech­nical details such as the browser used, the computer system used and infor­ma­tion on usage times. If users have consented to the collec­tion of their loca­tion data, this data may also be processed.

The IP addresses of users are also stored. However, we use avail­able IP masking proce­dures (i.e., pseu­do­nymi­sa­tion by short­ening the IP address) to protect the users. In general, no clear user data (such as e‑mail addresses or names) are stored within the frame­work of the online marketing proce­dure, but pseu­do­nyms. This means that we as well as the providers of the online marketing proce­dures do not know the actual iden­tity of the users, but only the infor­ma­tion stored in their profiles.

The infor­ma­tion in the profiles is usually stored in the cookies or by means of similar proce­dures. These cookies can later gener­ally also be read out on other websites that use the same online marketing proce­dure, analysed for the purpose of presenting content and supple­mented with further data and stored on the server of the online marketing proce­dure provider.

As an excep­tion, clear data can be assigned to the profiles. This is the case, for example, if the users are members of a social network whose online marketing methods we use and the network links the users’ profiles with the afore­men­tioned data. Please note that users can make addi­tional agree­ments with the providers, e.g. by giving their consent during regis­tra­tion.

As a matter of prin­ciple, we only have access to summarised infor­ma­tion about the success of our adver­tise­ments. However, in the course of so-called conver­sion measure­ments, we can check which of our online marketing proce­dures have led to a so-called conver­sion, i.e., for example, to the conclu­sion of a contract with us. The conver­sion measure­ment is used solely to analyse the success of our marketing measures.

Unless other­wise stated, we ask you to assume that cookies used are stored for a period of two years.

Infor­ma­tion on legal bases: If we ask users for their consent to use the third party providers, the legal basis for processing data is consent. Other­wise, the users’ data will be processed on the basis of our legit­i­mate inter­ests (i.e. interest in effi­cient, economic and recip­ient-friendly services). In this context we would also like to draw your atten­tion to the infor­ma­tion on the use of cookies in this data protec­tion decla­ra­tion.

Face­book pixel: With the help of the Face­book pixel, Face­book is on the one hand able to deter­mine the visi­tors of our online offer as a target group for the presen­ta­tion of ads (so-called “Face­book ads”). Accord­ingly, we use the Face­book pixel in order to display the Face­book ads placed by us only to those users on Face­book and within the services of part­ners coop­er­ating with Face­book (so-called “Audi­ence Network” https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offering or who exhibit certain char­ac­ter­is­tics (e.g. interest in certain topics or prod­ucts that can be seen from the websites visited) that we transmit to Face­book (so-called “Custom Audi­ences”). With the help of the Face­book pixel, we also want to ensure that our Face­book Ads corre­spond to the poten­tial interest of the users and do not appear annoying. The Face­book Pixel also enables us to track the effec­tive­ness of Face­book Ads for statis­tical and market research purposes by seeing whether users have been redi­rected to our website after clicking on a Face­book Ad (so-called “conver­sion measure­ment”).

Advanced Face­book pixel matching: When using the Face­book pixel, the addi­tional func­tion “extended adjust­ment” is used. In this context, data, such as e‑mail addresses or Face­book IDs of users, are trans­mitted (encrypted) to Face­book to form target groups.

Face­book — Target groups educa­tion via data upload: Uploading data, such as tele­phone numbers, e‑mail addresses or Face­book IDs to the Face­book plat­form. The data is encrypted. The upload process is only used to display adver­tise­ments to the owners of the data or persons whose user profiles corre­spond to any user profiles of the owners of the data on Face­book. In this way we want to ensure that the ads are only displayed to users who have an interest in our infor­ma­tion and services.

  • Processed data types: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device infor­ma­tion, IP addresses), loca­tion data (data indi­cating the loca­tion of an end user’s terminal equip­ment).
  • Persons concerned: Users (e.g. website visi­tors, users of online services), inter­ested parties.
  • Purposes of processing: Tracking (e.g. interest/behavioural profiling, use of cookies), remar­keting, visitor action eval­u­a­tion, interest-based and behav­iour-based marketing, profiling (creation of user profiles), conver­sion measure­ment (measure­ment of the effec­tive­ness of marketing measures), reach measure­ment (e.g. access statis­tics, recog­ni­tion of returning visi­tors), target group forma­tion (deter­mi­na­tion of target groups rele­vant for marketing purposes or other output of content), cross-device tracking (cross-device processing of user data for marketing purposes), click tracking.
  • secu­rity measures: IP masking (pseu­do­nymi­sa­tion of the IP address).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).
  • Possi­bility of objec­tion (Opt-Out): We refer to the data protec­tion infor­ma­tion of the respec­tive providers and the possi­bil­i­ties of objec­tion (so-called “Opt-Out”) indi­cated for the providers. If no explicit opt-out option has been spec­i­fied, it is possible to switch off cookies in the settings of your browser. However, this may restrict the func­tions of our online offer. We there­fore recom­mend the following addi­tional opt-out options, which are offered in summary form for the respec­tive areas:a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-regional: https://optout.aboutads.info.

Services used and service providers:

  • Google Analytics: online marketing and web analytics; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphithe­atre Parkway, Moun­tain View, CA 94043, USA; website: https://marketingplatform.google.com/intl/de/about/analytics/; privacy policy: https://policies.google.com/privacy; opt-out: opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de, adver­tising display settings: https://adssettings.google.com/authenticated.
  • Google Ads and conver­sion measure­ment: We use the online marketing process “Google Ads” to place ads in the Google adver­tising network (e.g., in search results, in videos, on web pages, etc.) so that they are displayed to users who have a presumed interest in the ads. We also measure the conver­sion of the ads. However, we only learn the anony­mous total number of users who clicked on our ad and were redi­rected to a page with a so-called “conver­sion tracking tag”. However, we do not receive any infor­ma­tion that can iden­tify users ourselves. Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphithe­atre Parkway, Moun­tain View, CA 94043, USA; website: https://marketingplatform.google.com; privacy policy: https://policies.google.com/privacy.
  • Google Ad Manager: We use the “Google Marketing Plat­form” (and services such as “Google Ad Manager”) to place ads on the Google adver­tising network (e.g., in search results, in videos, on web pages, etc.). The Google Marketing Plat­form is char­ac­terised by the fact that ads are displayed in real time based on presumed inter­ests of users. This allows us to display ads for and within our online offering in a more targeted manner in order to show users only ads that poten­tially match their inter­ests. For example, if a user is shown ads for prod­ucts that he or she has been inter­ested in on other websites, this is called “remar­keting”. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphithe­atre Parkway, Moun­tain View, CA 94043, USA; website: https://marketingplatform.google.com; privacy policy: https://policies.google.com/privacy.
  • Face­book pixels: Service provider: https://www.facebook.com, Face­book Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Face­book, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.facebook.com; privacy policy: https://www.facebook.com/about/privacy; opt-out: https://www.facebook.com/settings?tab=ads.

Affil­iate programmes and affil­iate links

We include so-called affil­iate links or other refer­ences (which may include search masks, widgets or discount codes) to the offers and services of third parties in our online offer (collec­tively referred to as “affil­iate links”). If users follow the affil­iate links or subse­quently take advan­tage of the offers, we may receive commis­sion or other bene­fits from these third party providers (collec­tively referred to as “commis­sion”).

In order to be able to track whether users have taken advan­tage of the offers of an affil­iate link used by us, it is neces­sary for the respec­tive third party providers to learn that users have followed an affil­iate link used within our online offer. The assign­ment of the affil­iate links to the respec­tive busi­ness trans­ac­tions or other actions (e.g. purchases) serves the sole purpose of the commis­sion settle­ment and is cancelled as soon as it is no longer neces­sary for the purpose.

For the purposes of the above-mentioned allo­ca­tion of affil­iate links, the affil­iate links may be supple­mented by certain values which are a compo­nent of the link or may be stored else­where, e.g. in a cookie. These values may include in partic­ular the initial website (referrer), the time, an online iden­ti­fi­ca­tion of the oper­ator of the website on which the affil­iate link was located, an online iden­ti­fi­ca­tion of the respec­tive offer, the type of link used, the type of offer and an online iden­ti­fi­ca­tion of the user.

Infor­ma­tion on legal bases: If we ask users for their consent to use the third party providers, the legal basis for processing data is consent. Further­more, their use can be a compo­nent of our (pre-)contractual services, provided that the use of the third party providers has been agreed in this context. Other­wise, the users’ data will be processed on the basis of our legit­i­mate inter­ests (i.e. interest in effi­cient, economic and recip­ient-friendly services). In this context we would also like to draw your atten­tion to the infor­ma­tion on the use of cookies in this data protec­tion decla­ra­tion.

  • Processed data types: contract data (e.g. subject matter of the contract, dura­tion, customer cate­gory), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Persons concerned: Users (e.g. website visi­tors, users of online services).
  • Purpose of the processing: affil­iate tracking.
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), Perfor­mance of contract and pre-contrac­tual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO), Legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

Services used and service providers:

  • Amazon Partner Program: Amazon — Affil­iate Program — Amazon and the Amazon logo are trade­marks of Amazon.com, Inc. or one of its affil­i­ates. service provider: Amazon Europe Core S.à.r.l., Amazon EU S.à.r.l., Amazon Services Europe S.à.r.l. and Amazon Media EU S.à.r.l., all four located at 38, avenue John F. Kennedy, L‑1855 Luxem­bourg, and Amazon Instant Video Germany GmbH, Domagkstr. 28, 80807 Munich (together “Amazon Europe”), parent company: Amazon.com, Inc., 2021 Seventh Ave, Seattle, Wash­ington 98121, USA; website: https://www.amazon.de; privacy policy: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010.
  • Digistore24 Partner Program: Service Provider: Digistore24 GmbH, St.-Godehard-Straße 32, 31139 Hildesheim, Germany; Website: https://www.digistore24.com; Privacy Policy: https://www.digistore24.com/page/privacy.

Offer of an affil­iate programme

We offer an affil­iate programme, i.e., commis­sions or other bene­fits (collec­tively referred to as “commis­sions”) to users (referred to as “affil­i­ates”) who refer to our offers and services. The refer­ence is made by means of a link assigned to the respec­tive Affil­iate or other methods (e.g. discount codes) that allow us to recog­nise that the use of our services was based on the refer­ence (collec­tively referred to as “Affil­iate Links”).

In order to be able to track whether users have taken advan­tage of our services due to the affil­iate links used by the affil­i­ates, it is neces­sary for us to know that users have followed an affil­iate link. The assign­ment of the affil­iate links to the respec­tive busi­ness trans­ac­tions or to the other use of our services serves the sole purpose of the commis­sion settle­ment and is cancelled as soon as it is no longer neces­sary for the purpose.

For the purposes of the above-mentioned allo­ca­tion of affil­iate links, the affil­iate links may be supple­mented by certain values which are a compo­nent of the link or may be stored else­where, e.g. in a cookie. These values may include in partic­ular the initial website (referrer), the time, an online iden­ti­fi­ca­tion of the oper­ator of the website on which the affil­iate link was located, an online iden­ti­fi­ca­tion of the respec­tive offer, the type of link used, the type of offer and an online iden­ti­fi­ca­tion of the user.

Infor­ma­tion on legal bases: If we ask users for their consent to use the third party providers, the legal basis for processing data is consent. Further­more, their use can be a compo­nent of our (pre-)contractual services, provided that the use of the third party providers has been agreed in this context. Other­wise, the users’ data will be processed on the basis of our legit­i­mate inter­ests (i.e. interest in effi­cient, economic and recip­ient-friendly services). In this context we would also like to draw your atten­tion to the infor­ma­tion on the use of cookies in this data protec­tion decla­ra­tion.

  • Processed data types: contract data (e.g. subject matter of the contract, dura­tion, customer cate­gory), usage data (e.g. websites visited, interest in content, access times).
  • Persons concerned: Users (e.g. website visi­tors, users of online services), busi­ness and contrac­tual part­ners.
  • Purposes of processing: contrac­tual bene­fits and services, affil­iate tracking.
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), Perfor­mance of contract and pre-contrac­tual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO), Legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

Eval­u­a­tion plat­forms

We partic­i­pate in assess­ment proce­dures to eval­uate, opti­mise and promote our services. If users eval­uate or other­wise provide feed­back to us via the partic­i­pating eval­u­a­tion plat­forms or proce­dures, the General Terms and Condi­tions of Busi­ness or Use and the data protec­tion infor­ma­tion of the providers also apply. As a rule, eval­u­a­tion also requires regis­tra­tion with the respec­tive providers.

In order to ensure that the persons eval­u­ating have actu­ally made use of our services, we transmit, with the consent of the customer, the neces­sary data regarding the customer and the service used to the respec­tive eval­u­a­tion plat­form (including name, e‑mail address and order number or item number). This data is used solely to verify the authen­ticity of the user.

  • Processed data types: contract data (e.g. subject matter of the contract, dura­tion, customer cate­gory), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Persons concerned: Customers, users (e.g. website visi­tors, users of online services).
  • Purpose of the processing: feed­back (e.g. collecting feed­back via online form).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

Pres­ence in social networks (social media)

We main­tain online pres­ences within social networks and process user data in this context in order to commu­ni­cate with the users active there or to offer infor­ma­tion about us.

Please note that user data may be processed outside the Euro­pean Union. This may entail risks for the users, as it could, for example, make it more diffi­cult to enforce the rights of the users.

Further­more, user data within social networks is usually processed for market research and adver­tising purposes. Thus, for example, user profiles can be created on the basis of user behav­iour and the resulting inter­ests of the users. The user profiles can in turn be used, for example, to place adver­tise­ments within and outside the networks that presum­ably corre­spond to the inter­ests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behav­iour and inter­ests of the users are stored. Further­more, data may also be stored in the user profiles inde­pen­dently of the devices used by the users (espe­cially if the users are members of the respec­tive plat­forms and are logged in to these).

For a detailed presen­ta­tion of the respec­tive forms of processing and the possi­bil­i­ties of objec­tion (opt-out), we refer to the data protec­tion decla­ra­tions and infor­ma­tion provided by the oper­a­tors of the respec­tive networks.

Also in the case of requests for infor­ma­tion and the asser­tion of data subject rights, we would like to point out that these can most effec­tively be asserted with the providers. Only the providers have access to the data of the users and can take appro­priate measures and provide infor­ma­tion directly. Should you never­the­less require assis­tance, you can contact us.

  • Processed data types: inven­tory data (e.g. names, addresses), contact data (e.g. e‑mail, tele­phone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Persons concerned: Users (e.g. website visi­tors, users of online services).
  • Purposes of processing: contact requests and commu­ni­ca­tion, tracking (e.g. interest/behavioural profiling, use of cookies), remar­keting, reach measure­ment (e.g. access statis­tics, recog­ni­tion of returning visi­tors), affil­iate tracking.
  • Legal basis: Legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

Services used and service providers:

  • Insta­gram : Social network; Service provider: Insta­gram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA; website: https://www.instagram.com; privacy policy: https://instagram.com/about/legal/privacy.
  • Face­book: Social network; Service provider: Face­book Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Face­book, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Opt-Out: Adver­tising Settings: https://www.facebook.com/settings?tab=ads; Addi­tional Privacy Notice: Agree­ment on Joint Processing of Personal Data on Face­book Pages: https://www.facebook.com/legal/terms/page_controller_addendum, Privacy Notice for Face­book Pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.
  • Flickr: Social network; Service provider: Flickr Inc, 475 Sansome St San Fran­cisco, Cali­fornia 94111, USA; Website: https://www.flickr.com; Privacy Policy: https://www.flickr.com/help/privacy.
  • LinkedIn: social network; service provider: LinkedIn Ireland Unlim­ited Company, Wilton Place, Dublin 2, Ireland; website: https://www.linkedin.com; privacy policy: https://www.linkedin.com/legal/privacy-policy; opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • Pinterest: social network; service provider: Pinterest Inc, 635 High Street, Palo Alto, CA, 94301, USA; Website: https://www.pinterest.com; Privacy Policy: https://about.pinterest.com/de/privacy-policy; Opt-Out: https://about.pinterest.com/de/privacy-policy.
  • SlideShare: plat­form for presen­ta­tions; service provider: LinkedIn Ireland Unlim­ited Company, Wilton Place, Dublin 2, Ireland; website: https://www.linkedin.com; privacy policy: https://www.linkedin.com/legal/privacy-policy.
  • Snapchat: social network; service provider: Snap Inc, 3000 31st Street, Santa Monica, Cali­fornia 90405, USA; website: https://www.snapchat.com/; privacy policy: https://www.snap.com/de-DE/privacy/privacy-policy, cookie policy: https://www.snap.com/de-DE/cookie-policy; stan­dard contrac­tual clauses (ensuring a level of data protec­tion when processing in third coun­tries): https://www.snap.com/en-US/terms/standard-contractual-clauses.
  • TikTok: social network / video plat­form; service provider: musical.ly Inc., 10351 Santa Monica Blvd #310, Los Angeles, CA 90025 USA; website: https://www.tiktok.com; privacy policy: https://www.tiktok.com/de/privacy-policy.
  • Twitter: social network; service provider: Twitter Inc, 1355 Market Street, Suite 900, San Fran­cisco, CA 94103, USA; Privacy Policy: https://twitter.com/de/privacy, (Settings) https://twitter.com/personalization.
  • YouTube: Social network; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphithe­atre Parkway, Moun­tain View, CA 94043, USA; Privacy Policy: https://policies.google.com/privacy; Opt-out: https://adssettings.google.com/authenticated.
  • Xing: social network; service provider: XING AG, Damm­torstraße 29–32, 20354 Hamburg, Germany; Website: https://www.xing.de; Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.

Plugins and embedded func­tions and content

We inte­grate into our online offer func­tional and content elements that are obtained from the servers of their respec­tive providers (here­inafter referred to as “third party providers”). These may be, for example, graphics, videos or social media buttons and contri­bu­tions (here­inafter referred to uniformly as “content”).

The inte­gra­tion always presup­poses that the third party providers of this content process the IP address of the users, as without the IP address they would not be able to send the content to their browsers. The IP address is there­fore neces­sary for the display of these contents or func­tions. We make every effort to use only such content whose respec­tive providers use the IP address only to deliver the content. Third party providers may also use so-called pixel tags (invis­ible graphics, also known as “web beacons”) for statis­tical or marketing purposes. Pixel tags” can be used to eval­uate infor­ma­tion such as visitor traffic on the pages of this website. The pseu­do­ny­mous infor­ma­tion may also be stored in cookies on the user’s device and may contain tech­nical infor­ma­tion on the browser and oper­ating system, websites to be referred to, the time of visit and other details on the use of our online offer, as well as being linked to such infor­ma­tion from other sources.

Infor­ma­tion on legal bases: If we ask users for their consent to use the third party providers, the legal basis for processing data is consent. Other­wise, the users’ data will be processed on the basis of our legit­i­mate inter­ests (i.e. interest in effi­cient, economic and recip­ient-friendly services). In this context we would also like to draw your atten­tion to the infor­ma­tion on the use of cookies in this data protec­tion decla­ra­tion.

  • Processed data types: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device infor­ma­tion, IP addresses), content data (e.g. text entries, photographs, videos), loca­tion data (data indi­cating the loca­tion of an end user’s terminal device), contact data (e.g. e‑mail, tele­phone numbers), inven­tory data (e.g. names, addresses).
  • Persons concerned: Users (e.g. website visi­tors, users of online services), commu­ni­ca­tion part­ners.
  • Purposes of processing: Provi­sion of our online offer and user-friend­li­ness, contrac­tual bene­fits and service, contact enquiries and commu­ni­ca­tion, direct marketing (e.g. by e‑mail or post), tracking (e.g. interest/behavioural profiling, use of cookies), interest-based and behav­ioural marketing, profiling (creation of user profiles), feed­back (e.g. collec­tion of feed­back via online form), secu­rity measures, admin­is­tra­tion and answering of enquiries.
  • Legal bases: Legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO), consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), fulfil­ment of contract and pre-contrac­tual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO).

Services used and service providers:

  • Face­book plugins and content: Face­book social plugins and content — This can include content such as images, videos or text and buttons with which users can share content from this online offering within Face­book. The list and appear­ance of Face­book Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/; Service Provider: https://www.facebook.com, Face­book Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Face­book, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.facebook.com; privacy policy: https://www.facebook.com/about/privacy; opt-out: adver­tising settings: https://www.facebook.com/settings?tab=ads.
  • Giphy: Embedded plug-ins and content — This can include content such as images, videos or text and buttons; service providers: Giphy, Inc, 416 West 13th Street, Suite 207 New York, NY 10014, USA; website: https://giphy.com; privacy policy: https://support.giphy.com/hc/en-us/articles/360032872931.
  • Google Custom Search: Use of Google’s search engine tech­nology within our online offer; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphithe­atre Parkway, Moun­tain View, CA 94043, USA; website: https://developers.google.com/custom-search; privacy policy: https://policies.google.com/privacy.
  • Google Maps: We inte­grate the maps of the service “Google Maps” of the provider Google. The processed data may include, in partic­ular, IP addresses and loca­tion data of the users, which, however, cannot be collected without their consent (usually within the frame­work of the settings of their mobile devices); service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphithe­atre Parkway, Moun­tain View, CA 94043, USA; website: https://cloud.google.com/maps-platform; privacy policy: https://policies.google.com/privacy; opt-out: opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de, adver­tising display settings: https://adssettings.google.com/authenticated.
  • Getty Images content: inte­gra­tion of Getty Images images; service provider: Getty Images, Inc, 605 5th Avenue South, Suite 400, Seattle, Wash­ington 98104, USA; website: https://www.gettyimages.de; privacy policy: https://www.gettyimages.de/company/privacy-policy.
  • Insta­gram plugins and content: Insta­gram Plugins and Content — This may include content such as images, videos or text and buttons that allow users to share content from this online offering within Insta­gram. Service Provider: https://www.instagram.com, Insta­gram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/legal/privacy.
  • LinkedIn plugins and content: LinkedIn plugins and content — This can include content such as images, videos or text and buttons that allow users to share content from this online offering within LinkedIn. Service provider: LinkedIn Ireland Unlim­ited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.instagram.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • Reddit: Embedded plug-ins and content — This can include content such as images, videos or text and buttons; service providers: Reddit, Inc, 548 Market Street #16093, San Fran­cisco, Cali­fornia 94104, USA; Website: https://www.redditinc.com; Privacy Policy: https://www.redditinc.com/policies/privacy-policy-january-10–2020.
  • Spotify Music Player Widget: Spotify Music Player Widget; Service Provider: Spotify AB, Regerings­gatan 19, SE-111 53 Stock­holm, Sweden; Website: https://www.spotify.com/de; Privacy Policy: https://www.spotify.com/de/legal/privacy-policy/.
  • TikTok plugins and content: TikTok plugins and content — This can include content such as images, videos or text and buttons. Service Provider: musical.ly Inc, 10351 Santa Monica Blvd #310, Los Angeles, CA 90025 USA; Website: https://www.tiktok.com; Privacy Policy: https://www.tiktok.com/de/privacy-policy.
  • Twitter plugins and content: Twitter plugins and buttons — This can include content such as images, videos or text and buttons that allow users to share content from this online offering within Twitter. Service provider: Twitter Inc, 1355 Market Street, Suite 900, San Fran­cisco, CA 94103, USA; website: https://twitter.com/de; privacy policy: https://twitter.com/de/privacy.
  • YouTube videos: Video content; service providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphithe­atre Parkway, Moun­tain View, CA 94043, USA; website: https://www.youtube.com; privacy policy: https://policies.google.com/privacy; opt-out: opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de, adver­tising display settings: https://adssettings.google.com/authenticated.
  • Xing plugins and buttons: Xing plugins and buttons — These may include content such as images, videos or text and buttons that allow users to share content from this online offering within Xing. Service provider: XING AG, Damm­torstraße 29–32, 20354 Hamburg, Germany; website: https://www.xing.com; privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.
  • Vimeo videos: Video content; service provider: Vimeo Inc., Atten­tion: Legal Depart­ment, 555 West 18th Street New York, New York 10011, USA; Website: https://vimeo.com; Privacy Policy: https://vimeo.com/privacy; Opt-out: Please note that Vimeo may use Google Analytics and refer to the privacy policy (https://policies.google.com/privacy) and the opt-out options for Google Analytics (https://tools.google.com/dlpage/gaoptout?hl=de) or the settings of Google for the use of data for marketing purposes (https://adssettings.google.com/).

Plan­ning, organ­i­sa­tion and support tools

We use the services, plat­forms and soft­ware of other providers (here­inafter referred to as “third party providers”) for the purposes of organ­ising, managing, plan­ning and providing our services. When selecting third-party providers and their services, we observe the legal require­ments.

In this context, personal data may be processed and stored on the servers of third party providers. This may affect various data which we process in accor­dance with this data protec­tion decla­ra­tion. This data may include in partic­ular master data and contact details of users, data on proce­dures, contracts, other processes and their contents.

If users are referred to the third-party providers or their soft­ware or plat­forms in the course of commu­ni­ca­tion, busi­ness or other rela­tions with us, the third-party providers may process usage data and meta­data for secu­rity, service opti­mi­sa­tion or marketing purposes. We there­fore ask you to observe the data protec­tion notices of the respec­tive third party providers.

Infor­ma­tion on legal bases: If we ask users for their consent to use the third party providers, the legal basis for processing data is consent. Further­more, their use can be a compo­nent of our (pre-)contractual services, provided that the use of the third party providers has been agreed in this context. Other­wise, the users’ data will be processed on the basis of our legit­i­mate inter­ests (i.e. interest in effi­cient, economic and recip­ient-friendly services). In this context we would also like to draw your atten­tion to the infor­ma­tion on the use of cookies in this data protec­tion decla­ra­tion.

  • Processed data types: inven­tory data (e.g. names, addresses), contact data (e.g. e‑mail, tele­phone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Special cate­gories of personal data: Health data (Art. 9 para. 1 DGSVO).
  • Persons concerned: Commu­ni­ca­tion part­ners, users (e.g. website visi­tors, users of online services), patients, customers.
  • Purposes of processing: Contact requests and commu­ni­ca­tion, range measure­ment (e.g. access statis­tics, recog­ni­tion of returning visi­tors), tracking (e.g. interest/behavioural profiling, use of cookies), profiling (creation of user profiles), office and organ­i­sa­tional proce­dures, contrac­tual services and service, manage­ment and answering of requests, feed­back (e.g.e.g. collecting feed­back via online forms), surveys and ques­tion­naires (e.g. surveys with input options, multiple choice ques­tions), target group forma­tion (deter­mi­na­tion of target groups rele­vant for marketing purposes or other output of content), visitor action eval­u­a­tion, target group forma­tion, conver­sion measure­ment (measure­ment of the effec­tive­ness of marketing measures).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), perfor­mance of contract and pre-contrac­tual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO), legit­i­mate inter­ests (Art. 6 para. 1 sentence 1 lit. f. DSGVO), perfor­mance of contract and pre-contrac­tual enquiries (EKD) (Art. 6 No. 5 DSG-EKD).

Services used and service providers:

  • Base­camp: project manage­ment tool; service provider: Base­camp, LLC., 30 N. Racine Ave, Suite 200 Chicago, Illi­nois 60607, USA; Website: https://basecamp.com; Privacy Policy: https://basecamp.com/about/policies.
  • Bitly: URL short­ening service and link manage­ment plat­form; service provider: Bitly, Inc, 139 Fifth Avenue, 5th Floor, New York, NY 10010, USA; Website: https://bitly.com; Privacy Policy: https://bitly.com/pages/privacy.
  • calendly: Online sched­uling; service provider: Calendly LLC, 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA; Website: https://calendly.com/de; Privacy Policy: https://calendly.com/pages/privacy.
  • Conflu­ence: Soft­ware for the creation and admin­is­tra­tion of Wiki & knowl­edge plat­forms; service provider: Atlassian Inc. (San Fran­cisco, Harrison Street Loca­tion), 1098 Harrison Street, San Fran­cisco, Cali­fornia 94103, USA; Website: https://www.atlassian.com/software/confluence; Privacy Policy: https://www.atlassian.com/legal/privacy-policy.
  • Doctolib: online appoint­ment manage­ment; service provider: Doctolib GmbH, Wilhelm­straße 118, Aufgang C, 10963 Berlin, Germany, parent company: Doctolib SAS, 32 rue de Monceau 75008 Paris, France; website: https://www.doctolib.de; privacy policy: https://www.doctolib.de/terms/agreement.
  • Doodle: Online sched­uling; service provider: Doodle AG, Werd­strasse 21, P.O. Box, 8021 Zurich, Switzer­land; website: https://doodle.com/de; privacy policy: https://doodle.com/de/datenschutzrichtlinie.
  • Hoot­suite: Social Media Manage­ment Plat­form offering a range of inte­grated solu­tions for measure­ment & bench­marking, perfor­mance opti­miza­tion, visu­al­iza­tion & analysis, content creation and publishing and commu­nity main­te­nance; service provider: Hoot­Suite Media Inc, 5 East 8th Avenue. Vancouver, V5T 1R6, Canada; website: https://hootsuite.com; privacy policy: https://hootsuite.com/legal/privacy.
  • HubSpot: social media publishing, reporting (e.g. traffic sources, access figures, web analytics), contact manage­ment (e.g. contact forms, direct commu­ni­ca­tion and user segmen­ta­tion), landing pages; service providers: HubSpot, Inc. 25 First St., 2nd floor, Cambridge, Mass­a­chu­setts 02141, USA; website: https://www.hubspot.de; privacy policy: https://legal.hubspot.com/de/privacy-policy.
  • Jira: web appli­ca­tion for error manage­ment, trou­bleshooting and oper­a­tional project manage­ment; service provider: Atlassian Inc. (San Fran­cisco, Harrison Street Loca­tion), 1098 Harrison Street, San Fran­cisco, Cali­fornia 94103, USA; website: https://www.atlassian.com/software/jira; privacy policy: https://www.atlassian.com/legal/privacy-policy.
  • Trello: project manage­ment tool; service provider: Trello Inc, 55 Broadway New York, NY 10006, USA, parent company: Atlassian Inc. (San Fran­cisco, Harrison Street Loca­tion), 1098 Harrison Street, San Fran­cisco, Cali­fornia 94103, USA; website: https://trello.com/; privacy policy: https://trello.com/privacy.
  • Twilio: Twilio is a cloud commu­ni­ca­tions plat­form that allows users to program­mat­i­cally make and receive calls, send and receive text messages, and perform other commu­ni­ca­tion func­tions using the web service inter­faces. Service provider: Twilio Inc, 375 Beale Street, Suite 300, San Fran­cisco, Cali­fornia 94105, USA; website: https://www.twilio.com; privacy policy: https://www.twilio.com/legal/privacy.
  • WeTransfer: transfer of files over the Internet; service provider: WeTransfer BV, Oost­elijke Handel­skade 751, Amsterdam, 1019 BW, Nether­lands; website: https://wetransfer.com; privacy policy: https://wetransfer.com/legal/privacy.

Dele­tion of data

The data processed by us will be deleted in accor­dance with the legal require­ments as soon as their consent permitted for processing is revoked or other permis­sions cease to apply (e.g. if the purpose for which the data were processed ceases to apply or if they are not neces­sary for the purpose).

Unless the data are deleted because they are required for other and legally permis­sible purposes, their processing is limited to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commer­cial or tax law or that must be stored for the asser­tion, exer­cise or defence of legal claims or for the protec­tion of the rights of another natural or legal person.

Further infor­ma­tion on the dele­tion of personal data can also be found in the indi­vidual data protec­tion notes of this privacy policy.

Amend­ment and update of the privacy policy

We ask you to inform your­self regu­larly about the content of our data protec­tion decla­ra­tion. We will adapt the data protec­tion decla­ra­tion as soon as changes in the data processing carried out by us make this neces­sary. We will inform you as soon as the changes make it neces­sary for you to take action to coop­erate (e.g. to give your consent) or to receive other indi­vidual noti­fi­ca­tion.

If we provide addresses and contact infor­ma­tion of compa­nies and organ­i­sa­tions in this privacy policy, please note that the addresses may change over time and please check the infor­ma­tion before contacting us.

Rights of data subjects

As a data subject, you are enti­tled to various rights under the DSGVO, which result in partic­ular from Arti­cles 15 to 21 DSGVO:

  • Right of objec­tion: You have the right to object at any time, for reasons arising from your partic­ular situ­a­tion, to the processing of personal data concerning you that is carried out pursuant to Art. 6, para­graph 1, letter e or f of the DPA; this also applies to profiling based on these provi­sions. If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is linked to such direct marketing.
  • Right of with­drawal in case of consent: You have the right to revoke consents at any time.
  • Right of access: You have the right to obtain confir­ma­tion as to whether or not data in ques­tion is being processed and to obtain infor­ma­tion about this data and other infor­ma­tion and a copy of the data in accor­dance with the law.
  • Right of recti­fi­ca­tion: You have the right to ask for the comple­tion of the data concerning you or the recti­fi­ca­tion of incor­rect data concerning you, in accor­dance with the law.
  • Right to dele­tion and restric­tion of processing: You have the right, in accor­dance with the statu­tory provi­sions, to demand that data relating to you be deleted imme­di­ately, or alter­na­tively, in accor­dance with the statu­tory provi­sions, to demand restric­tion of the processing of the data.
  • Right to data trans­fer­ability: You have the right to receive data concerning you which you have provided to us in a struc­tured, common and machine-read­able format in accor­dance with legal require­ments or to request that it be trans­ferred to another respon­sible party.
  • Complaints to the super­vi­sory authority: You also have the right, in accor­dance with the law, to lodge a complaint with a super­vi­sory authority, in partic­ular in the Member State in which you are habit­u­ally resi­dent, your place of work or the place where the alleged infringe­ment occurred, if you consider that the processing of personal data concerning you is in breach of the DPA.

Defi­n­i­tions of terms

This section provides an overview of the terms used in this privacy policy. Many of the terms are taken from the law and defined above all in Art. 4 DSGVO. The legal defi­n­i­tions are binding. The following expla­na­tions, on the other hand, are primarily intended to help you under­stand them. The terms are sorted alpha­bet­i­cally.

 

  • Affil­iate tracking: As part of affil­iate tracking, links are logged with the help of which the linking websites refer users to websites with product or other offers. The oper­a­tors of the respec­tive linking websites can receive a commis­sion if users follow these so-called affil­iate links and then take advan­tage of the offers (e.g. buy goods or services). To this end, it is neces­sary for the providers to be able to track whether users who are inter­ested in certain offers subse­quently take notice of them at the insti­ga­tion of the affil­iate links. It is there­fore neces­sary for the func­tion­ality of affil­iate links that they are supple­mented by certain values which become part of the link or are stored in some other way, e.g. in a cookie. These values include in partic­ular the initial website (referrer), the time, an online iden­ti­fi­ca­tion of the oper­ator of the website on which the affil­iate link was located, an online iden­ti­fi­ca­tion of the respec­tive offer, an online iden­ti­fi­ca­tion of the user as well as tracking specific values, such as adver­tising mate­rial ID, partner ID and cate­gori­sa­tions.
  • Conver­sion tracking: Conver­sion tracking is a method of deter­mining the effec­tive­ness of marketing activ­i­ties. For this purpose, a cookie is usually stored on the user’s device within the websites on which the marketing measures are carried out and then retrieved again on the target website. For example, we can then track whether the ads we have placed on other websites have been successful).
  • Content Delivery Network (CDN): A “Content Delivery Network” (CDN) is a service that enables the contents of an online offer, espe­cially large media files such as graphics or programme scripts, to be deliv­ered more quickly and securely with the help of region­ally distrib­uted servers connected via the Internet.
  • Cross-Device Tracking: Cross-Device Tracking is a form of tracking in which the behav­iour and interest infor­ma­tion of users is recorded in so-called profiles across devices by assigning users an online iden­ti­fier. In this way, the user infor­ma­tion can be analysed for marketing purposes inde­pen­dently of the browsers or devices used (e.g. mobile phones or desktop computers). With most providers, the online iden­ti­fi­ca­tion is not linked to clear data, such as names, postal or e‑mail addresses.
  • IP masking: IP masking is a method of deleting the last octet, i.e. the last two numbers of an IP address, so that the IP address can no longer be used to uniquely iden­tify a person. IP masking is there­fore a means of pseu­do­nymising processing methods, partic­u­larly in online marketing
  • Interest-based and behav­ioural marketing: We speak of interest-based and/or behav­ioural marketing when the poten­tial inter­ests of users in adver­tise­ments and other content are prede­ter­mined as precisely as possible. This is done on the basis of infor­ma­tion about their previous behav­iour (e.g. visiting and staying on certain websites, purchasing behav­iour or inter­ac­tion with other users), which is stored in a so-called profile. As a rule, cookies are used for these purposes.
  • Click tracking: Click­tracking allows you to keep track of the move­ments of users within an entire online offering. Since the results of these tests are more accu­rate if the inter­ac­tion of the users can be tracked over a certain period of time (e.g. so that we can find out whether a user likes to return), cookies are usually stored on the users’ computers for these test purposes.
  • Conver­sion measure­ment: Conver­sion measure­ment is a method of deter­mining the effec­tive­ness of marketing measures. For this purpose, a cookie is usually stored on the user’s devices within the websites on which the marketing measures are carried out and then retrieved again on the target website. For example, we are able to track whether the ads we have placed on other websites have been successful.
  • Personal data: “personal data” means any infor­ma­tion relating to an iden­ti­fied or iden­ti­fi­able natural person (here­inafter referred to as “data subject”); an iden­ti­fi­able person is one who can be iden­ti­fied, directly or indi­rectly, in partic­ular by refer­ence to an iden­ti­fier such as a name, an iden­ti­fi­ca­tion number, loca­tion data, an online iden­ti­fier (e.g. a cookie) or one or more factors specific to the phys­ical, phys­i­o­log­ical, genetic, mental, economic, cultural or social iden­tity of that natural person
  • Profiling: “Profiling” is any auto­mated processing of personal data which consists of using personal data to analyse, eval­uate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include infor­ma­tion on age, gender, loca­tion and move­ment data, inter­ac­tion with websites and their content, shop­ping behav­iour, social inter­ac­tions with other people) (e.g. inter­ests in certain content or prod­ucts, click behav­iour on a website or loca­tion). Cookies and web beacons are often used for profiling purposes.
  • Reach measure­ment: Reach measure­ment (also known as web analytics) is used to eval­uate the flow of visi­tors to an online offering and can include the behav­iour or inter­ests of visi­tors in certain infor­ma­tion, such as the content of websites. With the help of reach analysis, website owners can, for example, iden­tify at what time visi­tors visit their website and what content they are inter­ested in. This enables them to better adapt the contents of the website to the needs of their visi­tors. Pseu­do­ny­mous cookies and web beacons are often used for the purpose of range analysis in order to recog­nise returning visi­tors and thus obtain more precise analyses of the use of an online offer.
  • Remar­keting: We speak of “remar­keting” or “retar­geting”, for example, when it is noted for adver­tising purposes which prod­ucts a user has been inter­ested in on a website in order to remind the user of these prod­ucts on other websites, e.g. in adver­tise­ments.
  • Server moni­toring and error detec­tion: With the help of server moni­toring and error detec­tion we ensure the avail­ability and integrity of our online offer and use the processed data to tech­ni­cally opti­mise our online offer. Perfor­mance, capacity util­i­sa­tion and compa­rable tech­nical values are processed, which provide infor­ma­tion about the stability and any conspic­uous features of our online offer. In the event of errors and anom­alies, indi­vidual enquiries from users of our online service are recorded in order to iden­tify and elim­i­nate sources of prob­lems.
  • Tracking: We speak of “tracking” when the behav­iour of users can be traced across several online offers. As a rule, behav­ioural and interest infor­ma­tion regarding the online offers used is stored in cookies or on servers of the providers of the tracking tech­nolo­gies (so-called profiling). This infor­ma­tion can then be used, for example, to display adver­tise­ments to users that are likely to corre­spond to their inter­ests.
  • Controller: “Controller” means the natural or legal person, public authority, agency or any other body which alone or jointly with others deter­mines the purposes and means of the processing of personal data.
  • Processing: “processing” means any oper­a­tion or set of oper­a­tions which is performed upon personal data, whether or not by auto­matic means. The term is broad and covers virtu­ally all processing of data, whether it be collec­tion, analysis, storage, commu­ni­ca­tion or dele­tion.
  • Target group forma­tion: One speaks of target group forma­tion (or “custom audi­ences”) when target groups are deter­mined for adver­tising purposes, e.g. inser­tion of adver­tise­ments. For example, based on a user’s interest in certain prod­ucts or topics on the Internet, it can be concluded that the user is inter­ested in adver­tise­ments for similar prod­ucts or the online shop where he viewed the prod­ucts. Looka­like Audi­ences” (or similar target groups) are again referred to when the content deemed suit­able is displayed to users whose profiles or inter­ests presum­ably corre­spond to the users for whom the profiles were created. Cookies and web beacons are gener­ally used to create custom audi­ences and looka­like audi­ences.