Introduction and overview
We have written this privacy statement (version 06.04.2022-311993327) in order to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as the controller - and the processors (e.g. providers) commissioned by us - process, will process in the future and what lawful options you have. The terms used are to be understood as gender-neutral.
In short, we provide you with comprehensive information about data we process about you.
Privacy statements usually sound very technical and use legal terminology. This privacy statement, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. To the extent that it is conducive to transparency, technical terms are explained in a reader-friendly manner, links to further information are provided and graphics are used. In this way, we inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible by providing the most concise, unclear and legalistic explanations possible, as is often standard practice on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative and perhaps there is one or the other piece of information that you did not know yet.
If you still have questions, we would like to ask you to contact the responsible office mentioned below or in the imprint, to follow the existing links and to look at further information on third party sites. Our contact details can of course also be found in the imprint.
- all online presences (websites, online stores) that we operate
- Social media appearances and e-mail communication
- mobile apps for smartphones and other devices.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation online on EUR-Lex, the gateway to EU law, at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679.
We only process your data if at least one of the following conditions applies:
- Consent (Article 6(1) lit. a DSGVO): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data of a contact form.
- Contract (Article 6(1) lit. b DSGVO): In order to fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we need personal information in advance.
- Legal obligation (Article 6(1) lit. c DSGVO): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
- Legitimate interests (Article 6(1) lit. f DSGVO): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website in a secure and economically efficient manner. This processing is therefore a legitimate interest.
Further conditions such as the performance of recordings in the public interest and the exercise of official authority as well as the protection of vital interests do not generally occur with us. If such a legal basis should be relevant, it will be indicated at the appropriate place.In addition to the EU regulation, national laws also apply:
- In Austria, this is the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.
- In Germany, the Federal Data Protection Act, or BDSG for short, applies.If other regional or national laws apply, we will inform you about them in the following sections.
Contact details of the responsible person
If you have any questions about data protection or the processing of personal data, you will find the contact details of the responsible person or office below:
Dietz Consultants GmbH
Dipl.-Ing. Winfried Dietz
Eichendorff Street 4
The fact that we only store personal data for as long as is absolutely necessary for the provision of our services and products applies as a general criterion at our company. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are required by law to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.
Should you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as soon as possible and insofar as there is no obligation to store it.
We will inform you about the specific duration of the respective data processing below, provided that we have further information on this.
Rights under the General Data Protection Regulation
According to Article 13 of the GDPR, you have the following rights to ensure fair and transparent processing of data:
According to Article 15 of the GDPR, you have the right to know whether we are processing data about you. If this is the case, you have the right to receive a copy of the data and the following information:
- for which purpose we carry out the processing;
- the categories, that is, the types of data that are processed;
- who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
- how long the data will be stored;
- the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
- that you can complain to a supervisory authority (links to these authorities can be found below);
- the origin of the data if we have not collected it from you;
- whether profiling is carried out, i.e. whether data is automatically evaluated in order to arrive at a personal profile of you.
You have a right to rectify data according to Article 16 of the GDPR, which means that we must correct data if you find errors.
According to Article 17 of the GDPR, you have the right to erasure ("right to be forgotten"), which specifically means that you may request the deletion of your data.
According to Article 18 of the GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it any further.
According to Article 19 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a common format upon request.
According to Article 21 of the GDPR, you have a right to object, which, once enforced, entails a change in processing.
- If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then check as soon as possible whether we can legally comply with this objection.
- If data is used to conduct direct marketing, you may object to this type of data processing at any time. We may not use your data for direct marketing thereafter.
- If data is used to perform profiling, you can object to this type of data processing at any time. We may not use your data for profiling thereafter.
According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (for example, profiling).
In short, you have rights - do not hesitate to contact the responsible party listed above with us!If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the data protection authority, whose website can be found at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:
Lower Saxony Data Protection Authority
State Commissioner for Data Protection: Barbara Thiel
Address: Prinzenstraße 5, 30159 Hanover
Telephone no.: 05 11/120-45 00
Email address: firstname.lastname@example.org
Data transfer to third countries
We only transfer or process data to countries outside the EU (third countries) if you consent to this processing, if this is required by law or contractually necessary and in any case only to the extent that this is generally permitted. Your consent is in most cases the most important reason that we have data processed in third countries. Processing personal data in third countries such as the U.S., where many software vendors provide services and have their server locations, may mean that personal data is processed and stored in unexpected ways.
We expressly point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. Data processing by US services (such as Google Analytics) may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. In addition, it may happen that collected data is linked with data from other services of the same provider, if you have a corresponding user account. Where possible, we try to use server locations within the EU, if this is offered.
Data processing security
To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. In this way, we make it as difficult as possible for third parties to infer personal information from our data.Article 25 of the GDPR speaks here of "data protection through technical design and through data protection-friendly default settings" and thus means that both software (e.g., forms) and hardware (e.g., access to the server room) should always be designed with security in mind and that appropriate measures should be taken. If necessary, we will go into more detail on specific measures below.
TLS encryption with https
TLS, encryption and https sound very technical and they are. We use HTTPS (the Hypertext Transfer Protocol Secure stands for "secure hypertext transfer protocol") to transfer data over the Internet in a tap-proof way.This means that the complete transmission of all data from your browser to our web server is secured - no one can "listen in".
In this way, we have introduced an additional layer of security and fulfill data protection through technology design Article 25(1) DSGVO). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data.
You can recognize the use of this data transmission protection by the small lock symbol at the top left of the browser, to the left of the Internet address (e.g. examplepage.de) and the use of the https scheme (instead of http) as part of our Internet address.
If you would like to know more about encryption, we recommend doing a Google search for "Hypertext Transfer Protocol Secure wiki" to get good links to more in-depth information.
When you contact us and communicate by phone, e-mail or online form, personal data may be processed.
The data will be processed for the handling and processing of your question and the related business transaction. The data is stored for as long as it is required by law.
All those who seek contact with us via the communication channels provided by us are affected by the aforementioned processes.
When you call us, the call data is stored pseudonymously on the respective terminal device and with the telecommunications provider used. In addition, data such as name and telephone number may subsequently be sent by e-mail and stored for the purpose of responding to inquiries. The data is deleted as soon as the business case has been terminated and legal requirements permit.
If you communicate with us by e-mail, data may be stored on the respective end device (computer, laptop, smartphone,...) and data is stored on the e-mail server. The data is deleted as soon as the business case has been terminated and legal requirements allow it.
If you communicate with us using an online form, data is stored on our web server and, if necessary, forwarded to an e-mail address of ours. The data is deleted as soon as the business case has been terminated and legal requirements permit.
The processing of the data is based on the following legal bases:
- Art. 6 para. 1 lit. a DSGVO (consent): You give us your consent to store your data and to use it for purposes related to the business case;
- Art. 6 para. 1 lit. b DSGVO (contract): There is a need for the performance of a contract with you or a processor such as the telephone provider or we need to process the data for pre-contractual activities, such as the preparation of an offer;
- Art. 6 para. 1 lit. f DSGVO (Legitimate Interests): We want to operate customer inquiries and business communication in a professional framework. For this purpose, certain technical facilities such as e-mail programs, exchange servers and mobile operators are necessary in order to be able to operate the communication efficiently.
What are cookies?
Our website uses HTTP cookies to store user-specific data.
Whenever you browse the Internet, you use a browser. Popular browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
Cookies store certain user data about you, such as language or personal page settings. When you return to our site, your browser transmits the "user-related" information back to our site. Thanks to cookies, our site knows who you are and offers you the setting you are used to. In some browsers, each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.The following graphic shows a possible interaction between a web browser such as Chrome and the web server. Here, the web browser requests a website and receives a cookie back from the server, which the browser uses again as soon as another page is requested.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. Also, the expiration time of a cookie varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other "pests". Cookies also cannot access information on your PC.
For example, cookie data can look like this:
Intended use: Differentiation of website visitors.
Expiration date: after 2 years
A browser should be able to support these minimum sizes:
- At least 4096 bytes per cookie
- At least 50 cookies per domain
- At least 3000 cookies in total
What are the types of cookies?
We can distinguish 4 types of cookies:
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user adds a product to the shopping cart, then continues surfing on other pages and later goes to the checkout. Through these cookies, the shopping cart is not deleted even if the user closes his browser window.
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and the behavior of the website with different browsers.
These cookies provide a better user experience. For example, entered locations, font sizes or form data are stored.
These cookies are also called targeting cookies. They are used to deliver customized advertising to the user. This can be very convenient, but also very annoying.
Usually, when you visit a website for the first time, you are asked which of these cookie types you want to allow. And, of course, this decision is also stored in a cookie.
If you want to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Internet Engineering Task Force (IETF) Request for Comments called "HTTP State Management Mechanism".
Purpose of processing via cookies
The purpose ultimately depends on the cookie in question. You can find more details below or from the manufacturer of the software that sets the cookie.
What data is processed?
Storage duration of cookies
The storage period depends on the particular cookie and is specified further below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.
You can also influence the storage period yourself. You can manually delete all cookies at any time via your browser (see also "Right of objection" below). Furthermore, cookies that are based on consent will be deleted at the latest after revocation of your consent, whereby the legality of the storage remains unaffected until then.
Right to object - how can I delete cookies
If you want to determine which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:
Chrome: Delete, enable, and manage cookies in Chrome
Safari: Managing cookies and website data with Safari.
Firefox: Delete cookies to remove data that websites have placed on your computer.
Internet Explorer: Delete and manage cookies.
Microsoft Edge: Delete and manage cookies.
If you do not want to have cookies in principle, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you allow the cookie or not. The procedure varies depending on the browser. It is best to search for the instructions in Google using the search term "delete cookies Chrome" or "disable cookies Chrome" in the case of a Chrome browser.
The so-called "Cookie Guidelines" have been in place since 2009. These state that the storage of cookies requires your consent (Article 6 (1) a DSGVO). Within the EU countries, however, there are still very different reactions to these directives. In Austria, however, this directive was implemented in Section 96 (3) of the Telecommunications Act (TKG). In Germany, the Cookie Directives were not implemented as national law. Instead, this directive was largely implemented in Section 15 (3) of the Telemedia Act (TMG).
For absolutely necessary cookies, even in the absence of consent. there are legitimate interests (Article 6(1)(f) DSGVO), which in most cases are economic in nature. We want to provide visitors to the website with a pleasant user experience and for this purpose certain cookies are often absolutely necessary.
Web hosting introduction
What is Web Hosting?
When you visit websites nowadays, certain information - including personal data - is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By the way, by website we mean the totality of all web pages on a domain, i.e. everything from the home page (homepage) to the very last subpage (like this one). By domain, we mean, for example, example.de or sampleexample.com.
When you want to view a website on a screen, you use a program called a web browser to do it. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. This web browser must connect to another computer where the website's code is stored: the web server. Operating a web server is a complicated and costly task, which is why this is usually done by professional providers, the providers. These offer web hosting and thus ensure reliable and error-free storage of website data.When the browser on your computer (desktop, laptop, smartphone) connects and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data, on the other hand, the web server must also store data for a while to ensure proper operation.
Why do we process personal data?
The purposes of data processing are:
- Professional hosting of the website and securing the operationto maintain operational and IT security.
- Anonymous evaluation of access behavior to improve our offer and, if necessary, for law enforcement or prosecution of claims.
What data is processed?
Even while you are visiting our website right now, our web server, which is the computer on which this website is stored, usually automatically stores data such as
- the complete Internet address (URL) of the accessed web page.
- Browser and browser version (e.g. Chrome 87)
- the operating system used (e.g. Windows 10)
- the address (URL) of the previously visited page (referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen.html/)
- the hostname and IP address of the device being accessed from (e.g. COMPUTERNAME and 188.8.131.52)
- Date and time
- in files called web server log files.
How long is data stored?
As a rule, the above data is stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot exclude the possibility that this data may be viewed by authorities in the event of unlawful conduct.
In short, your visit is logged by our provider (company that runs our website on special computers (servers)), but we do not share your information without consent!
The lawfulness of the processing of personal data in the context of web hosting results from Art. 6 para. 1 lit. f DSGVO (protection of legitimate interests), because the use of professional hosting with a provider is necessary to present the company on the Internet in a secure and user-friendly manner and to be able to pursue attacks and claims from this if necessary.
As a rule, there is a contract between us and the hosting provider for commissioned processing pursuant to Art. 28 f. DSGVO, which ensures compliance with data protection and guarantees data security.
Introduction to Web Analytics
What is web analytics?
We use software to evaluate visitor behavior on our website. The use of such software for this purpose is called web analytics or web analysis for short. By doing so, data is collected that the respective analytic tool provider (also called tracking tool) stores, manages and processes. The data is used to analyze user behavior on our website and provide us, as the website operator, with analyses concerning such user behavior. Furthermore, most tools offer various testing options. For example, we can test which offers or content are best received by our visitors. In order to accomplish this, we will display two different offers for a limited period of time to you. After the test is completed (so-called A/B testing), we will know which product or content our website visitors find more interesting. User profiles can also be created and the associated data can be stored in cookies for the purposes of such testing procedures and for other analytical procedures.
Why do we use web analytics?
We operate our website with a clear goal in mind: we want to deliver the best web offering on the market for our industry. In order to achieve this goal, we want to not only offer the best and most interesting offers, but we also want to make sure that you feel completely comfortable on our website. By using web analysis tools, we are able to take a closer look at visitor behavior and improve our web offering for both you and us accordingly. For example, we can see how old our visitors are on average, where they come from, when our website is most visited, or which content or products are particularly popular. We use all this information to optimize the website and best adapt it to your needs, interests and wishes.
What data is processed?
The exact data that is stored depends on the analysis tools used. Generally, however, the following is stored and processed: the content that you view on our website, the buttons or links that you click on, the time that you access a page, the browser that you use, the device that you use (PC, tablet, smartphone, etc.) to visit the website, and/or the computer system that you use. If you agreed to the collection of location data, this data may also be processed by the web analytics tool provider.
Furthermore, your IP address is also stored. Pursuant to the General Data Protection Regulation (GDPR), IP addresses are considered personal data. However, your IP address is usually stored pseudonymously (i.e. in an unrecognizable and truncated form). No personally identifiable data, such as your name, age, address or e-mail address are stored for the purposes of testing, web analysis and web optimization. If collected, all this data is stored pseudonymously. This way you cannot be personally identified.
The duration for which the respective data is stored always depends on the provider. Some cookies store data only for a few minutes or until you leave the website. Other cookies can store data for up to several years.
Duration of data processing
We will inform you about the duration of the data processing below, provided that we have further information on this matter. We normally process personal data for only as long as it is absolutely necessary for the provision of our services and products. If it is required by law, as in the case of accounting, for example, this storage period may also be exceeded.
Right to object
The use of web analytics requires your consent, which we have obtained through our cookie pop-up. According to Art. 6Ppara. 1 lit. a GDPR (consent), your consent constitutes the legal basis for the processing of your personal data, as may be the case when your personal data is collected by web analytics tools.
In addition to your consent, there is a legitimate interest on our part in analyzing the behavior of the visitors of our website and using said analyses to improve our offering in a technical and economical manner. With the help of web analytics, we can find and fix website errors, identify attacks and improve economic viability. The legal basis for this is Art. 6 Para. 1 lit. f GDPR (legitimate interests). However, these tools are only used to the extent that consent has been given for their use.
Information concerning specific web analytics tools, if any information is available, is provided below.
What is Google Analytics?
We use the analysis tracking tool Google Analytics (GA) of the American company Google Inc. on our website. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your behavior on our website. If you, for example, click on a link, this action will be stored in a cookie and sent to Google Analytics. With the help of the reports that we receive from Google Analytics, we can better customize our website and services to meet your needs. We will go into more detail below about the tracking tool and shall inform you about what data is stored and how you can prevent it from being stored if you so wish.
Google Analytics is a tracking tool used to analyze the traffic on our website. In order for Google Analytics to perform its functions, a tracking code is built into the code of our website. When you visit our website, this code records various actions of yours, as well as your behavior, on our website. When you leave our website, this data will be sent to the Google Analytics servers and stored there.
Google processes the data and issues us reports about your user behavior. These reports may include, but are not limited to, the following:
- Target group reports: Target group reports allow us to get to know our users better and know more precisely which of our services our visitors are are more interested in.
- Advertising reports: We can analyze and improve our online advertising with the help of advertising reports.
- Acquisition reports: Acquisition reports give us helpful information on how to get more people interested in our service.
- Behavioral reports: We can find out how you interact with our website through behavioral reports. We can also track how you visited our website, i.e. the internal path you traveled while visiting our website, and which links you clicked on.
- Conversion reports: Conversion is when you take a desired action due to our marketing efforts. For example, if you go from being a website visitor to a buyer or newsletter subscriber. These reports help us find out more about how our marketing efforts are resonating with you. We seek to use the reports to increase our conversion rate.
- Real-time reports: Here we can find out in real time what is happening on our website. For example, we can see how many users are currently reading this text.
Why do we use Google Analytics on our website?
Our goal with this website is clear: We want to offer you the best possible service. The statistics and data that we receive from Google Analytics help us achieve this goal.
The statistically evaluated data gives us a clear picture of the strengths and weaknesses of our website. First, we can optimize our site to make it easier for people who are interested in it to find it on Google. Second, the data helps us better understand you as a visitor. Therefore, we are able to better know what we need to improve on our website in order to provide you with the best possible service. The data also help us carry out our advertising and marketing measures in a more customized and cost-effective manner, as it only makes sense to display our products and market our services to people who are interested in them.
What data is stored by Google Analytics?
Google Analytics uses a tracking code to create a random, unique ID that is associated with your browser cookie. This is how Google Analytics recognizes you as a new user. If you visit our site again, you will be recognized as a “returning” user. All data that is collected is stored together with this user ID. This is what makes it possible to evaluate pseudonymous user profiles in the first place.
In order to analyze our website using Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For each new property created, Google Analytics 4 is used by default. Alternatively, you can also create the Universal Analytics Property. Depending on the property used, data is stored for different lengths of time.
Your interactions on our website is measured using identifiers such as cookies and app instance IDs. Interactions are all types of actions that you perform on our website. If you also use other Google services (e.g. a Google account), data generated via Google Analytics may be linked to third-party cookies. Google does not share Google Analytics data unless we, as the website owner, authorize Google to share said data. There may be exceptions if required by law.
The following cookies are used by Google Analytics:
Purpose: By default, Google Analytics.js uses the _ga cookie to store the user ID. It is essentially used to distinguish website visitors.
Expiration: after 2 years
Purpose: The cookie is also used to distinguish website visitors
Expiration: after 24 hours
Purpose: Used for lowering the request rate. If Google Analytics is in use via Google Tag Manager, then the cookie is named _dc_gtm_ .
Expiration: after 1 minute
Value: not specified
Purpose: The cookie has a token that can be used to retrieve a user ID from the AMP Client ID service. Other possible values can indicate logouts, requests, or errors.
Expiration: after 30 seconds up to one year
Purpose: This cookie can be used to track your behavior on the website and measure performance. The cookie is updated every time that information is sent to Google Analytics.
Expiration: after 2 years
Purpose: The cookie is used, like _gat_gtag_UA_, to restrict the request rate.
Expiration: after 10 minutes
Purpose: This cookie is used to determine when a new session is taking place. It is updated every time new data or information is sent to Google Analytics.
Expiration: after 30 minutes
Purpose: This cookie is used to create new sessions for returning visitors. This is a session cookie and is deleted once you have closed the browser.
Expiration: after closing the browser
Purpose: The cookie is used to identify the source of visitor traffic to our website. The cookie stores from where, for example another site or an advertisement, you were directed to our website.
Expiration: after 6 months
Value: not specified
Purpose: The cookie is used to store user-defined data. It is updated whenever information is sent to Google Analytics.
Expiration: after 2 years
Note: This list is not complete because Google constantly changes the choice of its cookies.
Here, we will inform you about the most important data collected by Google Analytics:
Heatmaps: Google creates so-called heat maps. We can see exactly those areas you click on through the use of heatmaps. This is how we get information about where you are on our website.
Session duration: According to Google, session duration refers to the time you spend on our website without leaving the website. If you have been inactive for 20 minutes, the session will end automatically.
Bounce rate : Bouncing is when you only view one page on our website and then leave our website immediately thereafter.
Account creation: When you create an account on our website or place an order, Google Analytics collects this data.
IP address: The IP address is only displayed in truncated form so that no clear assignment to a person is possible.
Location: The IP address can be used to determine the country that you are in and your approximate location. This process is also referred to as IP geolocation.
Technical information: Technical information may include your browser type, Internet service provider, and/or screen resolution.
Source of origin: Google Analytics, as well as ourselves, are interested in knowing via which website or advertisement you arrived at our website.
This includes any contact information, ratings, the playing of media (e.g. if you play a video on our site), the sharing of any content on social media, or adding to your favorites. The list is not complete and only serves as a general orientation of the data stored by Google Analytics.
For how long and where is the data stored?
Google has their servers located all over the world. However, most servers are located in the United States of America and consequently your data is mostly stored on servers there. You can find out exactly where Google's data centers are located here: https://www.google.com/about/datacenters/locations/?hl=de
Your data is distributed over different physical media. This allows the data to be retrieved more quickly and better protected against manipulation. There are emergency programs for your data in every Google data center. For example, if Google's hardware fails or a natural disaster cripples the servers, the overall risk of an interruption of services at Google will still be low.
The storage period of the data depends on the properties used. When using the newer Google Analytics 4 properties, the storage period of your user data is set at 14 months. For so-called event data, we have the option to choose a storage period of 2 or 14 months.
For Universal Analytics properties, Google Analytics has a default storage period of 26 months for your user data. Afterwards, your user data will be deleted. We do, nonetheless, have the option to choose the storage period for user data. We have five options for storage periods:
- Deletion after 14 months
- Deletion after 26 months
- Deletion after 38 months
- Deletion after 50 months
- No automatic deletion
Furthermore, there is also the possibility that your personal data will only be deleted if you no longer visit our website within the period that we have chosen. In this case, the storage period will start anew each time you visit our website within the period that we have chosen.
Once the specified storage period has expired, the data will be deleted one time a month. This storage period applies to your data that concerns cookies, user recognition and advertising IDs (e.g. DoubleClick domain cookies). The results of the reports are based on aggregated data and are stored independently of user data. Aggregated data is a merging of individual data into a larger unit.
How can I delete my data or prevent the storage of my data?
If you would like to disable, delete or manage cookies, you can find the necessary instructions to do so for the most popular browsers via the corresponding links under the section “Cookies”.
The use of Google Analytics requires your consent, which we have obtained through our cookie pop-up. According to Art. 6 Para. 1 lit. a GDPR (consent), your consent constitutes the legal basis for the processing of your personal data, as may be the case when your personal data is collected by web analytics tools.
In addition to your consent, there is a legitimate interest on our part in analyzing the behavior of the visitors of our website and using said analyses to improve our offering in a technical and economical manner. With the help of Google Analytics, we can find and fix website errors, identify attacks and improve economic viability. The legal basis for this is Art. 6 Para. 1 lit. f GDPR (legitimate interests). However, Google Analytics is only used to the extent that consent has been given for its use.
Google also processes your personal data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no appropriate level of data protection for transfers to the USA. Any such transfer of data may be exposed to various risks in regard to the lawfulness and security of the data processing.
The basis for any processing of data at the recipient’s location (in third countries outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for any transfer of data there is the use of so-called standard contractual clauses by Google (= Art. 46. Paras. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data is protected in compliance with European data protection standards even if it is transferred to and stored in third countries (such as the USA). By using these clauses, Google shall comply with the standard European level of data protection when processing your data, even if said data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Ads Data Processing Terms and Conditions, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.
We hope that we have been able to provide you with the most important information about the processing of data carried out by Google Analytics. If you would like to learn more about this tracking service, we recommend the following links: https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/answer/6004245?hl=de.
Email marketing introduction
What is email marketing?
In order to keep you always up to date, we also use the possibility of e-mail marketing. If you have agreed to receive our e-mails or newsletters, your data will also be processed and stored. E-mail marketing is a sub-area of online marketing. It involves sending news or general information about a company, products or services by e-mail to a specific group of people who are interested in them.
If you want to participate in our email marketing (mostly via newsletter), you usually just have to register with your email address. To do this, you fill out an online form and send it off. However, it may also happen that we ask you for your salutation and name, for example, so that we can also write to you personally.
Basically, the registration for newsletters works with the help of the so-called "double opt-in procedure". After you have registered for our newsletter on our website, you will receive an e-mail via which you confirm the newsletter registration. This ensures that the e-mail address belongs to you and that no one has registered with a third-party e-mail address. We or a notification tool we use logs each individual subscription. This is necessary so that we can also prove the legally correct registration process. As a rule, the time of registration, the time of the registration confirmation and your IP address are stored. In addition, it is also logged when you make changes to your stored data.
Why do we use email marketing?
We naturally want to stay in touch with you and always present you with the most important news about our company. To do this, we use, among other things, e-mail marketing - often just referred to as "newsletters" - as an essential part of our online marketing. If you agree to it or if it is permitted by law, we will send you newsletters, system e-mails or other notifications by e-mail. When we use the term "newsletter" in the following text, we mainly mean regularly sent e-mails. Of course, we do not want to bother you in any way with our newsletters. That's why we really always try to provide only relevant and interesting content. For example, you will learn more about our company, our services or products. Since we are always improving our offers, our newsletter will also tell you when there is news or when we are offering special, lucrative promotions. If we use a service provider that offers a professional mailing tool for our e-mail marketing, we do so in order to be able to offer you fast and secure newsletters. The purpose of our email marketing is basically to inform you about new offers and also to get closer to our business goals.
What data is processed?
When you become a subscriber to our newsletter via our website, you confirm by e-mail that you are a member of an e-mail list. In addition to IP address and e-mail address, your title, name, address and telephone number may also be stored. However, only if you agree to this data storage. The data marked as such are necessary for you to participate in the service offered. Providing this information is voluntary, but failure to provide it will result in you not being able to use the service. In addition, information about your device or your preferred content on our website may be stored. You can find out more about the storage of data when you visit a website in the section "Automatic data storage". We record your declaration of consent so that we can always prove that this complies with our laws.
Duration of the data processing
If you unsubscribe your e-mail address from our e-mail/newsletter distribution list, we may store your address for up to three years based on our legitimate interests so that we can still prove your consent at that time. We may only process this data if we need to defend ourselves against any claims.
However, if you confirm that you have given us your consent to subscribe to the newsletter, you can submit an individual deletion request at any time. If you permanently object to the consent, we reserve the right to store your e-mail address in a blacklist. As long as you have voluntarily subscribed to our newsletter, we will of course also keep your e-mail address.
Right of objection
You have the option to cancel your newsletter subscription at any time. All you have to do is revoke your consent to the newsletter subscription. This usually takes only a few seconds or one or two clicks. Most of the time, you will find a link to cancel your newsletter subscription right at the end of each email. If you really can't find the link in the newsletter, please contact us by mail and we will cancel your newsletter subscription immediately.
The sending of our newsletter is based on your consent (Article 6 para. 1 lit. a DSGVO). This means that we may only send you a newsletter if you have actively registered for it beforehand. If applicable, we may also send you advertising messages on the basis of Section 7 (3) of the German Unfair Competition Act (UWG), provided that you have become our customer and have not objected to the use of your e-mail address for direct advertising.For information about specific email marketing services and how they process personal data, if any, see the sections below.
You can sign up for our newsletter for free on our website. To make this work, we use the email delivery service Sendinblue for our newsletter. This is a service of the German company Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin.
You can revoke your consent to this data processing at any time. For example, if you click on the unsubscribe link directly in the newsletter. After unsubscribing, the personal data will be deleted from our server and from the Sendinblue servers, which are located in Germany. You have a right to free information about your stored data and, if applicable, also a right to deletion, blocking or correction.
Social media introduction
What is social media?
In addition to our website, we are also active on various social media platforms. In this context, user data may be processed so that we can target users who are interested in us via the social networks. In addition, elements of a social media platform may also be embedded directly in our website. This is the case, for example, when you click on a so-called social button on our website and are redirected directly to our social media presence. So-called social media or social media are websites and apps through which registered members can produce content, share content openly or in specific groups, and network with other members.
Why do we use social media?
For years, social media platforms have been the place where people communicate and get in touch online. Our social media presences enable us to bring our products and services closer to prospective customers. The social media elements embedded on our website help you switch to our social media content quickly and without complications.
The data that is stored and processed through your use of a social media channel is primarily for the purpose of being able to perform web analyses. The aim of these analyses is to be able to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, appropriate conclusions can be drawn about your interests with the help of the evaluated data and so-called user profiles can be created. This also enables the platforms to present you with tailored advertisements. In most cases, cookies are set in your browser for this purpose, which store data about your usage behavior.
We generally assume that we remain responsible under data protection law, even if we use services of a social media platform. However, the European Court of Justice has ruled that in certain cases the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 DSGVO. Insofar as this is the case, we point this out separately and work on the basis of an agreement in this regard. The essence of the agreement is then reproduced below for the platform concerned.
Please note that when using the social media platforms or our built-in elements, data of you may also be processed outside the European Union, as many social media channels, for example Facebook or Twitter, are American companies. This may make it less easy for you to claim or enforce your rights regarding your personal data.
What data is processed?
Exactly what data is stored and processed depends on the provider of the social media platform. But usually it is data such as phone numbers, email addresses, data you enter in a contact form, user data such as which buttons you click, who you like or follow, when you visited which pages, information about your device and your IP address. Most of this data is stored in cookies. Especially if you yourself have a profile on the visited social media channel and are logged in, data can be linked to your profile.All data collected via a social media platform is also stored on the servers of the providers. Thus, only the providers have access to the data and can give you the appropriate information or make changes.
Duration of data processing
We will inform you about the duration of data processing below, provided we have further information on this. For example, the social media platform Facebook stores data until it is no longer needed for its own purpose. However, customer data that is matched with our own user data is already deleted within two days. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If it is required by law, for example in the case of accounting, this storage period may be exceeded.
If you have consented that data from you can be processed and stored by integrated social media elements, this consent is considered the legal basis of the data processing (Art. 6 para. 1 lit. a DSGVO). In principle, if consent is given, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 (1) (f) DSGVO) in fast and good communication with you or other customers and business partners.
What are Facebook tools?
We use selected tools from Facebook on our website. Facebook is a social media network of the company Meta Platforms Inc. or for the European area of the company Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With the help of these tools, we can offer you and people who are interested in our products and services the best possible offer.
If data is collected from you and forwarded via our embedded Facebook elements or via our Facebook page (Fanpage), both we and Facebook Ireland Ltd. are responsible for this. Facebook is solely responsible for the further processing of this data. Our joint obligations have also been set out in a publicly available agreement at https://www.facebook.com/legal/controller_addendum. This states, for example, that we must clearly inform you about the use of Facebook tools on our site. Furthermore, we are also responsible for ensuring that the tools are securely integrated into our website in accordance with data protection law. Facebook, on the other hand, is responsible for the data security of Facebook products, for example. If you have any questions about data collection and data processing by Facebook, you can contact the company directly. If you direct the question to us, we are obliged to forward it to Facebook.
Below we provide an overview of the different Facebook tools, what data is sent to Facebook and how you can delete this data.
Among many other products, Facebook also offers the so-called "Facebook Business Tools". This is the official name of Facebook. However, since the term is hardly known, we have decided to simply call them Facebook Tools. Among them are:
- Facebook Pixel
- social plug-ins (such as the "Like" or "Share" button)
- Facebook Login
- Account Kit
- APIs (programming interface)
- SDKs (collection of programming tools)
- Platform integrations
- Technologies and services
Through these tools, Facebook extends services and has the ability to obtain information about user activity outside of Facebook.
Why do we use Facebook tools on our website?
We only want to show our services and products to people who are really interested in them. With the help of advertisements (Facebook ads), we can reach precisely these people. However, in order to show users suitable ads, Facebook needs information about people's wishes and needs. Thus, information about user behavior (and contact data) on our website is made available to the company. As a result, Facebook collects better user data and can show interested people the appropriate advertising about our products or services. The tools thus enable tailored advertising campaigns on Facebook.
Data about your behavior on our website is called "event data" by Facebook. This is also used for measurement and analysis services. Facebook can thus create "campaign reports" on our behalf about the impact of our advertising campaigns. Furthermore, analytics give us better insight into how you use our services, website or products. As a result, we use some of these tools to optimize your user experience on our website. For example, social plug-ins allow you to share content on our site directly on Facebook.
What data is stored by Facebook tools?
By using individual Facebook tools, personal data (customer data) can be sent to Facebook. Depending on the tools used, customer data such as name, address, phone number and IP address may be sent.
Facebook uses this information to match the data with the data it itself has from you (if you are a Facebook member). Before customer data is transmitted to Facebook, a so-called "hashing" takes place. This means that a data record of any size is transformed into a character string. This also serves to encrypt data.
In addition to contact data, "event data" is also transmitted. Event data" refers to the information that we receive about you on our website. For example, which subpages you visit or which products you buy from us. Facebook does not share the information it receives with third parties (such as advertisers) unless it has explicit permission or is legally required to do so. "Event data" may also be associated with contact information. This allows Facebook to offer better personalized advertising. After the matching process already mentioned, Facebook deletes the contact data again.In order to deliver ads in an optimized manner, Facebook uses Event Data only when it has been aggregated with other data (collected by Facebook in other ways). Facebook also uses this event data for security, protection, development, and research purposes. Much of this data is transferred to Facebook via cookies. Cookies are small text files used to store data or information in browsers. Depending on the tools you use and whether you are a Facebook member, different numbers of cookies are created in your browser. We go into more detail about individual Facebook cookies in the descriptions of each Facebook tool. General information about the use of Facebook cookies can also be found at https://www.facebook.com/policies/cookies.
How long and where is the data stored?
Basically, Facebook stores data until it is no longer needed for its own services and Facebook products. Facebook has servers all over the world where its data is stored. However, customer data is deleted within 48 hours after it has been compared with its own user data.
How can I delete my data or prevent data storage?
In accordance with the Basic Data Protection Regulation, you have the right to information, correction, transferability and deletion of your data.
A complete deletion of the data will only occur if you delete your Facebook account completely. And this is how deleting your Facebook account works:1) Click Settings on the right side of Facebook.2) Then click "Your Facebook information" in the left column.3) Now click "Deactivation and deletion".4) Now select "Delete account" and then click "Next and delete account".5) Now enter your password, click "Next" and then click "Delete account".
The storage of data that Facebook receives via our site takes place, among other things, via cookies (e.g. for social plugins). In your browser, you can deactivate, delete or manage individual or all cookies. Depending on which browser you use, this works in different ways. Under the section "Cookies" you will find the corresponding links to the respective instructions of the most popular browsers.If you generally do not want cookies, you can set your browser so that it always informs you when a cookie is to be set. This way, you can decide for each individual cookie whether you allow it or not.
Facebook also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.
Facebook uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Facebook undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
Facebook's data processing terms and conditions, which comply with the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.
We hope we have brought you closer to the most important information about the use and data processing by Facebook tools. If you want to learn more about how Facebook uses your data, we recommend that you read the data policies at https://www.facebook.com/about/privacy/update.
What is Xing?
Why do we use Xing on our website?
There is now a flood of social media channels and we are well aware that your time is very precious. Not every company's social media channel can be scrutinized closely. That's why we want to make your life as easy as possible, so you can share or follow interesting content directly from our website on Xing. With such "social plug-ins" we expand our service on our website. In addition, the data collected by Xing helps us to carry out targeted advertising measures on the platform. This means that our service is only shown to people who are really interested in it.
What data is stored by Xing?
Xing offers the share button, the follow button, and the log-in button as plug-ins for websites. As soon as you open a page where a social plug-in from Xing is installed, your browser connects to servers in a data center used by Xing. In the case of the share button, no data is to be stored - according to Xing - that could infer a direct reference to a person. In particular, Xing does not store your IP address. Furthermore, no cookies are set in connection with the share button. Thus, no evaluation of your user behavior takes place. You can find more information about this at https://dev.xing.com/plugins/share_button/privacy_policy.For the other Xing plug-ins, cookies are only set in your browser when you interact with the plug-in or click on it. Here, personal data such as your IP address, browser data, date and time of your page view on Xing may be stored. If you have a XING account and are logged in, collected data will be assigned to your personal account and the data stored therein.
The following cookies are set in your browser when you click on the follow or log-in button and are not yet logged in to Xing. Please keep in mind that this is an exemplary list and we cannot claim completeness:
Intended use: This cookie is used to create and store website visitor identifiers.
Expiration date: after end of session
Intended use: We were unable to find out any more detailed information about this cookie.
Expiration date: after one day
Purpose: This cookie stores the URL of the previous web page you visited.
Expiration date: after 30 minutes
Purpose: This Adobe Site Catalyst cookie determines whether cookies are generally enabled in the browser.
Expiration date: after end of session
Purpose: This cookie is used to identify a unique visitor.
Expiration date: after 5 years
Purpose: The visitor cookie contains a unique visitor ID and the unique identifier for your account.
Expiration date: after 2 years
Purpose: This cookie creates a temporary session ID that is used as an in-session user ID. The cookie is absolutely necessary to provide the features of Xing.
Expiration date: after end of session
As soon as you are logged in to Xing or become a member, further personal data is definitely collected, processed and stored. Xing also discloses personal data to third parties if this is necessary for the fulfillment of its own business purposes, if you have given your consent, or if there is a legal obligation.
How long and where is the data stored?
Xing stores the data on various servers in various data centers. The company stores this data until you delete the data or until a user account is deleted. Of course, this only affects users who are already Xing members.
How can I delete my data or prevent data storage?
You have the right to access and also delete your personal data at any time. Even if you are not a Xing member, you can use your browser to prevent possible data processing or manage it according to your wishes. Most data is stored via cookies. Depending on which browser you have, the management works slightly differently. Under the section "Cookies" you will find the corresponding links to the respective instructions of the most popular browsers.
You can also basically set up your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to allow the cookie or not.
We have tried to bring you closer to the most important information about data processing by Xing. At https://privacy.xing.com/de/datenschutzerklaerung you can learn even more about the data processing of the social media network Xing.
Payment provider introduction
What is a payment processor?
We use online payment systems on our website that allow us and you a secure and smooth payment process. Among other things, personal data may be sent to the respective payment provider, stored and processed there. Payment providers are online payment systems that allow you to place an order via online banking. In this case, the payment processing is carried out by the payment provider you have chosen. We then receive information about the payment made. This method can be used by any user who has an active online banking account with PIN and TAN. There are hardly any banks left that do not offer or accept such payment methods.
Why do we use payment providers on our website?
Of course, we want to offer the best possible service with our website and our integrated online store, so that you feel comfortable on our site and use our offers. We know that your time is precious and especially payment processes must work quickly and smoothly. For these reasons we offer you various payment providers. You can choose your preferred payment provider and pay in the usual way.
What data is processed?
Exactly which data is processed depends, of course, on the respective payment provider. But basically, data such as name, address, bank data (account number, credit card number, passwords, TANs, etc.) are stored. These are necessary data to be able to carry out a transaction at all. In addition, any contractual data and user data, such as when you visit our website, what content you are interested in or which sub-pages you click on, may also be stored. Your IP address and information about the computer you are using are also stored by most payment providers.
Duration of data processing
We will inform you about the duration of data processing below if we have further information on this. In general, we process personal data only as long as it is absolutely necessary for the provision of our services and products. If it is required by law, for example in the case of accounting, this storage period may be exceeded. For example, we keep accounting documents relating to a contract (invoices, contract documents, account statements, etc.) for 10 years (§ 147 AO) and other relevant business documents for 6 years (§ 247 HGB) after they are created.
Right of objection
You can delete, disable, or manage cookies that payment providers use for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that the payment process may then no longer work.
We therefore offer other payment service providers in addition to the traditional banking/credit institutions for the processing of contractual or legal relationships (Art. 6 para. 1 lit. b DSGVO). The privacy statements of the individual payment providers (such as Amazon Payments, Apple Pay or Discover) will provide you with a detailed overview of data processing and data storage. In addition, you can always contact the responsible parties if you have any questions about data protection-related topics.
Information on the specific payment providers - if available - can be found in the following sections.
We use American Express, a global financial services provider, on our website. The service provider is the American Express Company. For the European region, the company American Express Europe S.A.. (Avenida Partenón 12-14, 28042, Madrid, Spain) is responsible.
American Express also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of the data processing.
American Express uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a transfer of data there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, American Express undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
See the "European Implementing Principles (https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing-principles/) for more detailed information on the standard contractual clauses at American Express.
We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. The company PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) is responsible for the European region.
PayPal also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.
As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, PayPal uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, PayPal undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
We use Visa, a global payment provider, on our website. The service provider is the American company Visa Inc. The company responsible for the European region is Visa Europe Services Inc. (1 Sheldon Square, London W2 6TT, United Kingdom) is responsible for Europe.
Visa also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.
Visa uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to and stored in third countries (such as the USA). Through these clauses, Visa undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=deMore information on Visa's standard contractual clauses can be found at https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.
Audio & Video Introduction
What are audio and video elements?
We have included audio or video elements on our website so that you can watch videos or listen to music/podcasts directly via our website. The content is provided by service providers. All content is therefore also obtained from the corresponding servers of the providers.
These are embedded functional elements of platforms such as YouTube, Vimeo or Spotify. The use of these portals is usually free of charge, but paid content can also be published. With the help of these embedded elements, you can listen to or view the respective content via our website.
When you use audio or video elements on our website, personal data about you may also be transmitted to, processed and stored by the service providers.
Why do we use audio & video elements on our website?
Of course, we want to provide you with the best offer on our website. And we realize that content is no longer conveyed merely in text and static images. Instead of just giving you a link to a video, we offer audio and video formats directly on our website that are entertaining or informative and ideally even both. This expands our service and makes it easier for you to access interesting content. Thus, in addition to our text and images, we also offer video and/or audio content.
What data is stored by audio & video elements?
Duration of the data processing
Right of objection
If you have consented that data from you can be processed and stored by integrated audio and video elements, this consent is considered the legal basis for data processing (Art. 6 para. 1 lit. a DSGVO). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f DSGVO) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated audio and video elements if you have given your consent.
What is YouTube?
We have incorporated YouTube videos on our website. This way we can present you interesting videos directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you call up a page on our website that has a YouTube video embedded, your browser automatically connects to the YouTube or Google servers. In the process, various data are transferred (depending on the settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in the European area.
In the following, we would like to explain in more detail what data is processed, why we have embedded YouTube videos and how you can manage or delete your data.
On YouTube, users can watch, rate, comment on and upload videos for free. Over the last few years, YouTube has become one of the most important social media channels in the world. In order for us to display videos on our website, YouTube provides a code snippet that we have built into our site.
Why do we use YouTube videos on our website?
YouTube is the video platform with the most visitors and the best content. We are committed to providing you with the best possible user experience on our website. And of course, we can't do without interesting videos. With the help of our embedded videos, we provide you with other helpful content in addition to our text and images. In addition, the embedded videos make our website easier to find on the Google search engine. Also, when we run ads via Google Ads, Google - thanks to the collected data - can really only show these ads to people who are interested in our offers.
What data is stored by YouTube?
As soon as you visit one of our pages that has a YouTube video embedded, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can usually assign your interactions on our website to your profile using cookies. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution or your internet provider. Other data may include contact details, any ratings, sharing of content via social media or adding to your favorites on YouTube.
If you are not signed in to a Google Account or YouTube account, Google stores data with a unique identifier associated with your device, browser, or app. For example, your preferred language setting is retained. But a lot of interaction data can't be stored because fewer cookies are set.In the following list, we show cookies that were set in a test in the browser. On the one hand, we show cookies that are set without a logged-in YouTube account. On the other hand, we show cookies that are set with a logged-in account. The list cannot claim to be complete, because the user data always depends on the interactions on YouTube.
Purpose: This cookie registers a unique ID to store statistics of the viewed video.
Expiration date: after end of session
Purpose: This cookie also registers your unique ID. Google gets statistics about how you use YouTube videos on our website via PREF.
Expiration date: after 8 months
Purpose: This cookie registers your unique ID on mobile devices to track GPS location.
Expiration date: after 30 minutes
Intended use: This cookie attempts to estimate the user's bandwidth on our web pages (with embedded YouTube video).
Expiration date: after 8 months
Other cookies that are set when you are logged in with your YouTube account:
Purpose: This cookie is used to create a profile about your interests. The data is used for personalized advertisements.
Expiration date: after 2 years
Purpose: The cookie stores the status of a user's consent to use various Google services. CONSENT is also used for security purposes to verify users and protect user data from unauthorized attacks.
Expiration date: after 19 years
Purpose: This cookie is used to create a profile about your interests. This data helps to display personalized advertising.
Expiration date: after 2 years
Purpose: This cookie stores information about your login data.
Expiration date: after 2 years
Purpose: This cookie works by uniquely identifying your browser and device. It is used to create a profile about your interests.
Expiration date: after 2 years
Purpose: This cookie stores your Google account ID and your last login time in digitally signed and encrypted form.
Expiration date: after 2 years
Purpose: This cookie stores information about how you use the website and what advertisements you may have seen before visiting our site.
Expiration date: after 3 months
How long and where is the data stored?
The data that YouTube receives from you and processes is stored on Google servers. Most of these servers are located in America. You can see exactly where Google data centers are located at https://www.google.com/about/datacenters/inside/locations/?hl=de. Your data is distributed on the servers. This means that the data can be accessed more quickly and is better protected against manipulation.
Google stores the collected data for different lengths of time. Some data you can delete at any time, others are automatically deleted after a limited time, and still others are stored by Google for a longer period of time. Some data (such as items from "My Activity", photos or documents, products) stored in your Google Account will remain stored until you delete them. Even if you are not signed into a Google account, you can delete some data associated with your device, browser, or app.
How can I delete my data or prevent data storage?
Basically, you can delete data in Google Account manually. With the automatic deletion function of location and activity data introduced in 2019, information is stored depending on your decision - either 3 or 18 months and then deleted.
Whether you have a Google account or not, you can configure your browser to delete or disable cookies from Google. Depending on which browser you use, this works in different ways. Under the section "Cookies" you will find the corresponding links to the respective instructions of the most popular browsers.
If you do not want to have cookies in principle, you can set up your browser so that it always informs you when a cookie is to be set. This way, you can decide for each individual cookie whether you allow it or not.
YouTube also processes data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.
As a basis for data processing at recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, YouTube uses standard contractual clauses approved by the EU Commission (= Art. 46. para. 2 and 3 DSGVO). These clauses oblige YouTube to comply with the EU level of data protection when processing relevant data outside the EU as well. These clauses are based on an implementing decision of the EU Commission. You can find the decision as well as the clauses here, among other places: https://germany.representation.ec.europa.eu/index_de.
All texts are protected by copyright.
Source: Created with the Privacy Generator by AdSimple
Processing of personal data in the company
We process personal data that we receive from you in the context of an inquiry, the initiation of business or our business relationship. We further process, to the extent necessary for the performance of the contract, personal data that we have permissibly received from other companies or from other third parties (e.g. for the execution of orders, for the performance of contracts or on the basis of consent given by you). Relevant personal data are personal details (name, address and other contact details, birthday, etc.). In addition, this may also include order data, data from the fulfillment of our contractual obligations, advertising and sales data, documentation data, as well as other data comparable to the categories mentioned.
1. purposes and legal bases of the processing
The purposes of the processing are primarily based on the service you have commissioned or requested.
1.1 Processing is necessary for the performance of a contract or for the implementation of pre-contractual measures ((Art. 6 para. 1 letter b DSGVO).- The processing of personal data is carried out for the initiation and/or conclusion of a contract with our company (inquiries, orders, contract, etc.).
1.2 The processing takes place within the framework of the balancing of interests (Art. 6 para. 1 letter f DSGVO). To the extent necessary, we process your data beyond the actual performance of the contract to protect legitimate interests of us or third parties.- Advertising or market and opinion research, insofar as you have not objected to the use of your data.- Assertion of legal claims and defense in legal disputes- Ensuring IT security- Prevention and investigation of criminal offences- Measures for business management and further development of services and products.
1.3 You have given your consent to the processing of personal data concerning you for one or more specific purposes (Art. 6 para. 1 letter A DSGVO).- Insofar as you have given us consent to process personal data for specific purposes (e.g. advertising, newsletter mailing), the lawfulness of this processing is based on your consent.- Consent given can be revoked at any time.- The revocation shall only apply with effect for the future. Processing that took place before the revocation is not affected by this.
2. recipients or categories of recipients of the data (if a data transfer takes place)
2.1 Within the company, those departments will receive your data that need it to fulfill our contractual and legal obligations. Processors used by us (Art. 28 DS-GVO) may also receive data for these purposes. These are companies in the categories of IT services, printing services, telecommunications, advice and consulting, and sales and marketing.
2.2 Outside the company may receive your data, if necessary, companies that require it to fulfill our contractual obligations. Under these conditions, recipients of personal data may be, for example:- Tax advisors, auditors, consultants- Lawyers (disputes, debt collection, etc.)- Banks/savings banks- Transport and/or logistics companies
3. storage period or criteria for determining the period
To the extent necessary, we process and store your personal data for the duration of our business relationship, which includes, for example, the initiation and execution of a contract. In addition, we are subject to various retention and documentation obligations, which are mainly based on the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods specified there are six to ten years.
Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are generally 3 years; if it is necessary to preserve evidence, for example in the context of legal proceedings, the limitation periods of the German Civil Code (BGB) can be up to 30 years if a legal title exists.
After termination of the contractual relationship, the data will be deleted after expiry of the statutory retention periods.
The storage period of the data for the newsletter dispatch takes place until the data subject objects to the sending of the newsletter with effect for the future.
4. Voluntariness and obligation to provide personal data
Within the scope of our business relationship, those personal data must be provided that are necessary for the establishment and implementation of a business relationship and the fulfillment of the associated contractual obligations or that we are legally obligated to collect. Without this data, we are not able to conclude a contract or carry it out.
5. Automated decision-making including profiling
For the establishment and implementation of the business relationship, we generally do not use exclusively automated decision-making in the sense of Art. 22 DSGVO.
We reserve the right to adjust the above data protection provisions from time to time in accordance with future changes regarding the collection and processing of personal data.