With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites and within external online presences (hereinafter collectively referred to as "online offering").
The following overview summarises the types of data processed and the purposes of their processing, and refers to the data subjects concerned.
Types of Data Processed
Master data.
Contact data.
Content data.
Contract data.
Usage data.
Meta, communication and process data.
Log data.
Categories of Data Subjects
Recipients of services and clients.
Prospective customers.
Communication partners.
Users.
Business and contract partners.
Purposes of Processing
Provision of contractual services and fulfilment of contractual obligations.
Communication.
Security measures.
Reach measurement.
Office and organisational procedures.
Feedback.
Profiles with user-related information.
Provision of our online offering and user experience.
Information technology infrastructure.
Business processes and business management procedures.
Relevant Legal Bases
Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile.
Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
Performance of a contract and pre-contractual enquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.
Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
Security Measures
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing.
TLS/SSL encryption (HTTPS): To protect the data of users transmitted via our online services from unauthorised access, we use TLS/SSL encryption technology.
Transmission of Personal Data
In the course of processing personal data, it may be transferred to or disclosed to other entities, companies, legally independent organisational units or persons. Recipients of this data may include IT service providers or providers of services and content integrated into a website. In such cases, we observe the legal requirements and in particular conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.
International Data Transfers
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or this occurs as part of using third-party services, this is always done in compliance with legal requirements.
For data transfers to the USA, we rely primarily on the Data Privacy Framework (DPF), recognised as a safe legal framework by an adequacy decision of the EU Commission on 10 July 2023. Further information is available at https://www.dataprivacyframework.gov/.
General Information on Data Storage and Deletion
We delete personal data that we process in accordance with statutory provisions as soon as the underlying consents are revoked or no further legal bases for processing exist.
6 years – Other business documents, received commercial letters (§ 147 Para. 1 No. 2, 3 AO, § 257 Para. 1 No. 2, 3 HGB).
3 years – Data required for warranty and compensation claims (§§ 195, 199 BGB).
Rights of Data Subjects
As a data subject under the GDPR, you have various rights arising in particular from Art. 15 to 21 GDPR:
Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 Para. 1 lit. e or f GDPR.
Right to withdraw consent: You have the right to withdraw consent at any time.
Right of access: You have the right to request confirmation as to whether data concerning you is being processed and to information about this data.
Right to rectification: You have the right to request the completion or correction of data concerning you.
Right to erasure and restriction of processing: You have the right to request that data concerning you be erased immediately, or alternatively to request restriction of processing.
Right to data portability: You have the right to receive data concerning you in a structured, commonly used and machine-readable format.
Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence.
Business Services
We process personal data of our contractual and business partners, such as customers, clients and interested parties, for the purpose of initiating, performing and processing contractual relationships and comparable legal relationships.
Types of data processed: Master data; contact data; contract data.
Data subjects: Recipients of services and clients; prospective customers; business and contract partners.
Purposes of processing: Provision of contractual services; communication; business processes.
Legal bases: Performance of a contract (Art. 6 Para. 1 S. 1 lit. b) GDPR); Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Further notes:
Project and development services: We process client data to enable them to select, commission and receive the chosen services; Legal basis: Performance of a contract (Art. 6 Para. 1 S. 1 lit. b) GDPR).
Provision of the Online Offering and Web Hosting
We process user data to provide our online services, including the IP address of the user necessary to deliver content and functions to the user's browser or device.
Types of data processed: Usage data; meta, communication and process data; log data.
Data subjects: Users.
Purposes of processing: Provision of our online offering; IT infrastructure; security measures.
Web hosting on rented server space: We use server space, computing capacity and software rented from a hosting provider; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Collection of access data and log files: Access to our online offering is logged in the form of server log files (IP addresses, timestamps, browser type, operating system, referrer URL). Log files are stored for a maximum of 30 days and then deleted or anonymised; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Cookies are functions that store and retrieve information on users' devices. We use cookies in accordance with statutory provisions and, where required, obtain user consent in advance.
Storage duration: Permanent cookies remain stored after the device is closed and may be stored for up to two years. Users may revoke their consent at any time and object via their browser's privacy settings.
Types of data processed: Meta, communication and process data.
Data subjects: Users.
Legal bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).
Contact and Enquiry Management
When you contact us (e.g. via contact form or email), we process the personal data provided to the extent necessary to respond to the enquiry.
Types of data processed: Contact data; content data; meta, communication and process data.
Data subjects: Communication partners.
Purposes of processing: Communication; feedback; provision of our online offering.
Legal bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Performance of a contract (Art. 6 Para. 1 S. 1 lit. b) GDPR).
Further notes:
Contact form: When you contact us via our contact form or email, we process the personal data transmitted (name, email address, message content) solely for the purpose of responding to your enquiry; Legal bases: Performance of a contract (Art. 6 Para. 1 S. 1 lit. b) GDPR), Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Web Analysis, Monitoring and Optimisation
Web analysis (also referred to as "reach measurement") is used to evaluate visitor flows to our online offering. IP addresses are pseudonymised (IP masking). No clear-text data such as email addresses or names is stored.
Types of data processed: Usage data; meta, communication and process data.
Data subjects: Users.
Purposes of processing: Reach measurement; profiles with user-related information.
Storage duration: Cookies stored for up to 2 years.
Security measures: IP masking (pseudonymisation of IP address).
Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).
Further notes:
Google Analytics: We use Google Analytics to measure and analyse the use of our online offering on the basis of a pseudonymous user identification number. Google Analytics does not log or store individual IP addresses for EU users. For EU traffic, IP queries are processed on EU-based servers before traffic is forwarded to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website:https://marketingplatform.google.com/intl/en/about/analytics/; Privacy policy:https://business.safety.google/privacy/; Basis for third-country transfers: Data Privacy Framework (DPF); Opt-out:Opt-out plugin.
Changes and Updates
We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as the changes in the data processing carried out by us make this necessary.
Definitions
Master data: Essential information for identifying and managing contractual partners (names, contact information, customer numbers etc.).
Content data: Information generated in the course of creating and publishing content (texts, images, metadata etc.).
Contact data: Information that enables communication (phone numbers, email addresses, postal addresses).
Meta, communication and process data: Information about how data is processed, transmitted and managed (IP addresses, timestamps, identification numbers).
Usage data: Information capturing how users interact with digital products (page views, dwell time, click paths, device information).
Personal data: Any information relating to an identified or identifiable natural person.
Profiles with user-related information: Automated processing of personal data to analyse certain personal aspects (behaviour, interests, click behaviour).
Log data: Information about events or activities logged in a system (timestamps, IP addresses, user actions).
Reach measurement: Evaluation of visitor flows to an online offering to recognise when and how users use the offering.
Controller: The natural or legal person that determines the purposes and means of the processing of personal data.
Processing: Any operation performed in connection with personal data (collection, evaluation, storage, transmission, deletion).
Contract data: Information relating to the formalisation of an agreement (subject matter, term, customer category).