1. General information on data processing
  2. Scope of processing personal data

We generally process our users’ personal data only to the extent necessary for providing a functional website and our content and services. Personal data is usually processed only with the user’s consent. An exception applies if obtaining prior consent is not possible for practical reasons and the data processing is permitted by law. 

  1. Legal basis for the processing of personal data

If we obtain the consent of the data subject to the processing of personal data, Article 6 paragraph 1 letter a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary for carrying out pre-contractual measures.

If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6 paragraph 1 letter c GDPR serves as the legal basis.

Where the processing of personal data is necessary due to the vital interests of the data subject or of another natural person, Article 6 paragraph 1 letter d GDPR serves as the legal basis.

If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, and the interests or fundamental rights and freedoms of the data subject do not override those interests, then Article 6(1)(f) GDPR serves as the legal basis for the processing. 

  1. Data deletion and storage period

The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Storage may also occur if this is provided for by European or national legislation in EU regulations, laws, or other provisions applicable to the controller. The data will also be blocked or erased when a storage period prescribed in the aforementioned regulations expires, unless further storage is necessary for the performance of a contract.

  1. Provision of the website and creation of log files
  2. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. 

The following data will be collected:

The following data will be collected:

This section needs to be adjusted accordingly. Inapplicable data must be removed and missing data added.

  1. The user’s operating system
  2. Information about the browser type and version used.
  3. The user’s internet service provider
  4. The user’s IP address
  5. Date and time of access
  6. Websites from which the user’s system accesses our website. 
  7. Websites that the user’s system accesses via our website.

The data is also stored in our system’s log files. This data is not stored together with other personal data of the user.

  1. Legal basis for data processing 

The legal basis for the temporary storage of the data is Article 6 paragraph 1 letter f GDPR. 

Purpose of data processing

The temporary storage of the IP address by the system is necessary to deliver the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session. 

The data is stored in log files to ensure the website’s functionality. It also helps us optimize the website and secure our IT systems. The data is not used for marketing purposes. This data processing is also based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

Storage period

The data will be deleted as soon as it is no longer needed for the purpose for which it was collected. If the data was collected to provide the website, this is the case as soon as the respective session ends. 

Possibility of objection and removal

The collection of data for the provision of the website and its storage in log files is necessary for the operation of the website. Therefore, objection by the user is not possible. 

Use of cookies

  1. a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored on the user’s computer system by the internet browser. When visiting a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string that makes it possible to uniquely identify the browser when revisiting the website. 

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change. 

The following data is stored and transmitted in the cookies:

The following is a list of the stored data. Examples include:

  1. Language settings
  2. Items in shopping cart
  3. Login information

Previously, Section 15 Paragraph 3 of the German Telemedia Act (TMG) allowed for the pseudonymization of processed personal data for technically non-essential cookies and the notification of users regarding the use of these cookies, as well as their right to object and have their data erased (“opt-out solution”). However, legal scholars disagree on whether this standard remains valid after the GDPR came into effect. In cases of doubt, it should therefore be assumed that only the provisions of the GDPR now apply. In this case, only Article 6 Paragraph 1 of the GDPR needs to be considered. Even under this standard, continuing the previous practice is conceivable if the data processor has a “legitimate interest” within the meaning of Article 6 Paragraph 1 Letter f of the GDPR. If user consent is not obtained before setting and accessing technically non-essential cookies:

The user data collected in this way is pseudonymized using technical measures. Therefore, it is no longer possible to link the data to the accessing user. The data is not stored together with other personal data of the users.

When you visit our website, a banner informs you about the use of cookies for analytical purposes and refers you to this privacy policy. The banner also explains how you can prevent cookies from being stored in your browser settings.

It is currently unclear whether the common practice of the “opt-out solution” meets the requirements of Article 6(1)(f) GDPR. The planned ePrivacy Regulation could provide clarity in this regard. Until then, however, obtaining the user’s prior consent (“opt-in solution”) remains the legally safest option. 

When you visit our website, you will be informed about the use of cookies for analytical purposes and your consent to the processing of the personal data used in this context will be obtained. Reference is also made to this privacy policy in this context. 

  1. b) Legal basis for data processing 

The legal basis for the processing of personal data using cookies is Article 6 paragraph 1 letter f GDPR.

The legal basis for the processing of personal data using cookies for analytical purposes is, provided the user has given his consent, Article 6 paragraph 1 letter a GDPR.

  1. c) Purpose of data processing

The purpose of technically necessary cookies is to simplify your use of our website. Some functions of our website cannot be offered without cookies. For this to work, it is necessary that your browser is recognized even after you change pages.

We require cookies for the following applications:

The following is a list of application areas. Examples include:

  1. Shopping cart
  2. Language settings applied
  3. Remember search terms.

The user data collected via technically necessary cookies is not used to create user profiles.

  1. e) Duration of storage, possibility of objection and removal

Cookies are stored on the user’s computer and transmitted from there to our website. Therefore, as a user, you have full control over the use of cookies. By changing your internet browser settings, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, you may no longer have full access to all of its functions.

If Flash cookies are also used:

The transmission of Flash cookies cannot be prevented via browser settings, but it can be prevented by changing the Flash Player settings. 

  1. Newsletter
  2. Description and scope of data processing

The newsletter will be sent as soon as the user registers on the website:

You can subscribe to a free newsletter on our website. When you subscribe to the newsletter, the data from the input form will be transmitted to us.

At this point, the data collected should be specifically named. In the simplest case, this concerns the user’s email address. 

The following data is also collected during registration:

The additional data collected must be specified. This could include, for example, the following:

  1. IP address of the accessing computer
  2. Date and time of registration

Your consent to data processing will be obtained during the registration process, and you will be referred to this privacy policy.

The newsletter is sent based on the sale of goods or services:

If you purchase goods or services on our website and provide your email address, we may subsequently use it to send you a newsletter. In this case, the newsletter will be used exclusively for direct advertising of similar goods or services.

In connection with data processing for sending newsletters, the data will not be passed on to third parties. The data will be used exclusively for sending the newsletter.

  1. Legal basis for data processing

The newsletter will be sent as soon as the user registers on the website:

The legal basis for the processing of data after the user registers for the newsletter is Art. 6 para. 1 lit. a GDPR, provided the user has given his consent.

The newsletter is sent based on the sale of goods or services:

The legal basis for sending the newsletter as a consequence of the sale of goods or services is Section 7 Paragraph 3 of the German Unfair Competition Act (UWG).

  1. Purpose of data processing

The purpose of collecting the user’s email address is to send the newsletter. 

The newsletter will be sent as soon as the user registers on the website:

The collection of further personal data during the registration process serves to prevent misuse of the services or the email address used.

  1. Storage period

The data will be deleted as soon as it is no longer needed for the purpose for which it was collected. The user’s email address will therefore be stored for as long as the newsletter subscription is active. 

The newsletter will be sent as soon as the user registers on the website:

The remaining personal data collected during the registration process is usually deleted after seven days.

  1. Possibility of objection and removal

The newsletter subscription can be cancelled by the user at any time. A corresponding link can be found in every newsletter. 

The newsletter will be sent as soon as the user registers on the website.

This also gives you the option to withdraw your consent to the storage of personal data collected during the registration process.

  1. Registration
  2. Description and scope of data processing

On our website, we offer users the opportunity to register by providing personal data. The data is entered into an input form, transmitted to us, and stored. The data will not be shared with third parties. The following data is collected during the registration process:

The relevant data should be listed here.

The following data is also stored at the time of registration:

The data must be listed accordingly at this point. Examples include:

  1. The user’s IP address
  2. Date and time of registration

As part of the registration process, the user’s consent to the processing of this data is obtained.

  1. Legal basis for data processing 

The legal basis for the processing of the data is, provided the user has given his consent, Article 6 paragraph 1 letter a GDPR.

Registration serves the purpose of fulfilling a contract to which the data subject is a party, or of carrying out pre-contractual measures.

If the registration serves the purpose of fulfilling a contract to which the user is a party or of carrying out pre-contractual measures, the additional legal basis for the processing of the data is Article 6 paragraph 1 letter b GDPR.

  1. Purpose of data processing

Registration does not constitute a contract with the user:

User registration is required to access certain content and services on our website.

Below you will find a more detailed description of the content and services. Why is user identification necessary for availability in certain cases?

Registration serves the purpose of concluding a contract with the user:

User registration is required to fulfill a contract with the user or to carry out pre-contractual measures.

Below you will find a more detailed description of the contract offered on the website. Why is the collected data required for these contracts?

If the processing of the contractual partner’s personal data is legally required for the contracts you offer at the time of contract conclusion, the respective standards from which the obligation arises must be specified.

  1. Storage period

The data will be deleted as soon as it is no longer needed for the purpose for which it was collected.

Registration does not constitute a contract with the user:

This applies to data collected during the registration process if the registration on our website is cancelled or changed. 

Registration serves the purpose of concluding a contract with the user:

This applies to registration for the purpose of contract fulfillment or for carrying out pre-contractual measures, provided the data is no longer needed for contract fulfillment. Even after the conclusion of the contract, it may be necessary to store the personal data of the contractual partner to fulfill contractual or legal obligations.

Ongoing obligations require the storage of personal data for the duration of the contract. Furthermore, warranty periods must be observed, and the data must be stored for tax purposes. The applicable retention periods cannot be generally defined but must be determined individually for each concluded contract and each contracting party.

  1. Possibility of objection and removal

As a user, you have the option to cancel your registration at any time. You can change your saved data at any time. 

Below you will find a more detailed description of how to delete the account and change data.

Registration serves the purpose of concluding a contract with the user:

If the data is required for the performance of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible if contractual or legal obligations preclude deletion. 

  1. Contact form and email contact.
  2. Description and scope of data processing

On our website you will find a contact form that allows you to contact us electronically. If you use this option, the data you enter into the form will be transmitted to us and stored. This data includes:

The following is a list of the data in the input form.

The following data is also stored at the time the message is sent:

The following is a list of relevant data. Examples include:

  1. The user’s IP address
  2. Date and time of registration

Your consent to data processing will be obtained during the shipping process, and you will be referred to this privacy policy.

Alternatively, you can contact us via the provided email address. In this case, the user’s personal data transmitted with the email will be stored. 

In this context, the data will not be shared with third parties. It will be used exclusively for processing the conversation.

  1. Legal basis for data processing 

The legal basis for the processing of the data is, provided the user has given his consent, Article 6 paragraph 1 letter a GDPR.

The legal basis for processing data transmitted via email is Article 6(1)(f) GDPR. If the email contact serves the purpose of concluding a contract, Article 6(1)(b) GDPR is also a legal basis for processing.

  1. Purpose of data processing

We process the personal data from the input form solely for the purpose of handling your inquiry. If you contact us by email, this also constitutes a legitimate interest in data processing.

The remaining personal data processed during the transmission process serves to prevent misuse of the contact form and to ensure the security of our IT systems.

  1. Storage period

The data will be deleted as soon as it is no longer needed for the purpose for which it was collected. For personal data from the contact form and data transmitted by email, this is the case as soon as the respective communication with the user is concluded. Communication is considered concluded when it is clear from the circumstances that the matter has been resolved. 

The additional personal data collected during the shipping process will be deleted no later than seven days after collection.

  1. Possibility of objection and removal

The user has the right to withdraw their consent to the processing of their personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In this case, communication may not be able to continue.

  1. Legal basis for the processing of personal data

The legal basis for the processing of users’ personal data is Article 6 paragraph 1 letter f GDPR.

  1. Purpose of data processing

Processing our users’ personal data allows us to analyze their browsing behavior. By evaluating the data obtained, we can compile information about the use of individual components of our website. This helps us to continuously improve our website and its user-friendliness. This also constitutes our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR. Anonymizing the IP address adequately protects the user’s interest in the protection of their personal data.

  1. Storage period

The data will be deleted as soon as it is no longer needed for our documentation purposes.
In our case, this is after the strategy meeting.

  1. Possibility of objection and removal

Cookies are stored on the user’s computer and transmitted from there to our website. Therefore, as a user, you have full control over the use of cookies. By changing your internet browser settings, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, you may no longer have full access to all of its functions.

If the option to opt out is offered on the website:

We offer our users the option to deactivate analytics on our website. Simply follow the corresponding link. This will save another cookie on your system, which signals to our system not to save your data. If you delete this cookie in the meantime, you will need to set the deactivation cookie again.

  1. Rights of the data subject

The following list contains all the rights of data subjects under the GDPR. Rights that are not relevant to your website do not need to be listed. The list can be shortened in this case.

If your personal data is processed, you are the data subject within the meaning of the GDPR and have the following rights vis-à-vis the controller:

  1. Right to information provision

You can request confirmation from the responsible person as to whether your personal data is being processed by us. 

If such processing takes place, you can request information from the responsible person about the following:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data processed;

(3) the recipients or categories of recipients to whom your personal data have been or will be disclosed;

(4) the planned duration of the storage of personal data concerning you or, if no specific information is available on this, the criteria for determining the storage period;

(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing; 

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) all available information on the source of the data if the personal data were not collected from the data subject;

(8) the existence of automated decision-making, including profiling, as defined in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the underlying logic and the scope and intended effects of such processing for the data subject.

You have the right to request information about whether your personal data is being transferred to a third country or an international organization. In this context, you can request to be informed about the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

When processing data for scientific, historical or statistical research purposes:

This right to information may be restricted insofar as it makes the achievement of the research or statistical purposes impossible or seriously impairs them, and the restriction is necessary for the fulfillment of the research or statistical purposes.

  1. Right to rectification 

You have the right to request that the data controller correct and/or complete your personal data if it is inaccurate or incomplete. The data controller must carry out the correction without undue delay.

When processing data for scientific, historical or statistical research purposes:

Your right to rectification may be restricted to the extent that this makes the achievement of the research or statistical objectives impossible or seriously impairs it, and the restriction is necessary for the fulfillment of the research or statistical objectives.

  1. Right to restriction of processing

You can request the restriction of the processing of your personal data under the following conditions:

(1) if you contest the accuracy of the personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;

(3) the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims, or

(4) if you have objected to the processing pursuant to Article 21(1) GDPR and it is not yet clear whether the legitimate grounds of the controller override your grounds.

If the processing of your personal data has been restricted, this data – apart from being stored – may only be used with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If processing has been restricted in accordance with the above conditions, you will be informed by the responsible person before the restriction is lifted.

When processing data for scientific, historical or statistical research purposes:

Your right to restrict processing may be limited insofar as this is likely to make the achievement of the research or statistical purposes impossible or seriously impair it, and the restriction is necessary for the fulfillment of the research or statistical purposes.

  1. Right to erasure
  2. Duty to delete.

You can request that the controller erase your personal data without undue delay, and the controller is obliged to erase such data without undue delay if one of the following grounds applies:

(1) The personal data concerning you are no longer needed for the purposes for which they were collected or otherwise processed.

(2) You withdraw your consent on which the processing was based according to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal basis for the processing. 

(3) You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR. 

(4) Your personal data has been processed unlawfully. 

(5) The erasure of personal data concerning you is necessary in order to comply with a legal obligation under Union or Member State law to which the controller is subject. 

(6) The personal data concerning you were collected in connection with the information society services offered pursuant to Article 8(1) GDPR.

  1. Information to third parties

If the controller has made your personal data public and is obliged to erase it pursuant to Article 17(1) GDPR, the controller shall, taking account of available technology and the cost of implementation, take appropriate measures, including technical measures, to ensure that the controller informs those processing the personal data that you, as the data subject, have requested the erasure of all links to, copies of, or replications of that personal data. 

  1. Exceptions

There is no right to erasure if the processing is necessary.

(1) to exercise the right to freedom of expression and information;

(2) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of ​​public health in accordance with Article 9(2)(h) and (i) and Article 9(3) GDPR;

(4) for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) GDPR, insofar as the right referred to in paragraph (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or

(5) for the establishment, exercise or defense of legal claims.

  1. Right to information

If you have asserted your right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort.

You have the right to be informed by the responsible person about these recipients.

  1. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

(1) the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and

(2) processing is carried out using automated procedures.

When exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be adversely affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

  1. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions. 

The controller will no longer process your personal data unless they can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling insofar as it is related to such direct marketing.

If you object to the processing of your personal data for direct marketing purposes, this data will no longer be processed for these purposes.

In connection with the use of information society services, you have the option – irrespective of Directive 2002/58/EC – to exercise your right to object by automated means using technical specifications.

When processing data for scientific, historical or statistical research purposes:

You also have the right, on grounds relating to your particular situation, to object pursuant to Article 89(1) GDPR to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes.

Your right to object may be restricted insofar as this would make the achievement of the research or statistical purposes impossible or seriously impair it, and the restriction is necessary for the fulfillment of the research or statistical purposes.

  1. Right to withdraw consent in accordance with data protection law

You have the right to withdraw your consent to data processing at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

  1. Automated decision-making in individual cases, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision 

(1) is necessary for the conclusion or performance of a contract between you and the controller,

(2) this is permitted under Union or Member State law to which the controller is subject and this right includes appropriate measures to safeguard your rights and freedoms and legitimate interests;

(3) is done with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) GDPR, unless Article 9(2)(a) or (g) GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, in particular the right to obtain intervention on the part of the controller, to express his or her point of view and to contest the decision.

  1. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR. 

The supervisory authority to which the complaint has been submitted will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.