Last Update: 27. September 2019

The following table summarises the types of data processed, the purposes for which they are processed and the concerned data subjects

In the context of our processing of personal data, it may happen that the data is transferred to other places, companies or persons or that it is disclosed to them. Recipients of this data may include, for example, payment institutions within the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are embedded in a website. In such a case, the legal requirements will be respected and in particular corresponding contracts or agreements, which serve the protection of your data, will be concluded with the recipients of your data.
Data Transmission within the Group of Companies: We may transfer personal data to other companies within our group of companies or otherwise grant them access to this data. Insofar as this disclosure is for administrative purposes, the disclosure of the data is based on our legitimate business and economic interests or otherwise, if it is necessary to fulfill our contractual obligations or if the consent of the data subjects or otherwise a legal permission is present.

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third party services or disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements.
Subject to express consent or transfer required by contract or law, we process or have processed the data only in third countries with a recognised level of data protection, which includes US processors certified under the “Privacy Shield” or on the basis of special guarantees, such as a contractual obligation through so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Article 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

“Cookies” are small files that are stored on the user’s devices. Different data can be stored within the cookies. The information can include, for example, the language settings on a website, the login status, a shopping cart or the point to which a video was viewed.
In general, cookies are also used when the interests of users or their behaviour (e.g. viewing certain content, use of functions, etc.) are secured via individual websites in a user profile. These profiles are used, for example, to display ads to users that correspond to their potential interests. This procedure is also referred to as “tracking”, meaning tracking the potential interests of users. The term “cookies” also includes other technologies that perform the same functions as cookies (e.g. when user information is stored using pseudonymous online identifiers, also referred to as “user IDs”).
If we use cookies or “tracking” technologies, we will inform you about this in our privacy policy.
Information on Legal basis: The legal basis on which we process your personal data with the help of cookies depends on whether we ask you for your consent. If this is the case and you accept the use of cookies, the legal basis for processing your data is your declared consent. Otherwise, the data processed with the help of cookies will be processed on the basis of our legitimate interests (e.g., in a business operation of our online services and their improvement) or if the use of cookies is necessary to fulfill our contractual obligations.
Withdrawal of consent and objection (Opt-Out): Irrespective of whether processing is based on consent or legal permission, you have the option at any time to object to the processing of your data using cookie technologies or to revoke consent (collectively referred to as “opt-out”).
You can initially explain your objection using the settings of your browser, e.g. by deactivating the use of cookies (which may also restrict the functionality of our online services).
An objection to the use of cookies for online marketing purposes can be raised for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website: www.youronlinechoices.com/ or generally on http://optout.aboutads.info.
Further information on the possibility of opposition is also given to Se in the context of the information on the respective processing operations in this privacy policy.
Processed data types: Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).
Data subjects: Users (e.g. website visitors, users of online services).
Legal Basis: Consent (Article 6 (1) (a) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as “contractual partners”) within the context of contractual and comparable legal relationships as well as associated actions and communication with the contractual partners or pre-contractually, e.g. to answer inquiries. We process this data in order to fulfil our contractual obligations, safeguard our rights and for the purposes of the administrative tasks associated with this data and the business-related organisation. We will only pass on the data of the contractual partners within the scope of the applicable law to third parties insofar as this is necessary for the aforementioned purposes or for the fulfilment of legal obligations or with the consent of the contractual partners (e.g. telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). The contractual partners will be informed about further processing, e.g. for marketing purposes, as part of this privacy policy. Which data are necessary for the aforementioned purposes, we inform the contracting partners before or in the context of the data collection, e.g. in on-line forms by special marking (e.g. colors), and/or symbols (e.g. asterisks or the like), or personally. We delete the data after expiry of statutory warranty and comparable obligations, i.e. in principle after expiry of 4 years, unless the data is stored in a customer account or must be kept for legal reasons of archiving (e.g., as a rule 10 years for tax purposes). In the case of data disclosed to us by the contractual partner within the context of an assignment, we delete the data in accordance with the specifications of the assignment, in general after the end of the assignment. If we use third-party providers or platforms to provide our services, the terms and conditions and privacy policies of the respective third-party providers or platforms shall apply in the relationship between the users and the providers. · Processed data types: Inventory data (e.g. names, addresses), Payment Data (e.g. bank details, invoices, payment history), Contact data (e.g. e-mail, telephone numbers), Contract data (e.g. contract object, duration, customer category). · Data subjects: Prospective customers, Business and contractual partners. · Purposes of Processing: Contractual services and support, contact requests and communication, Office and organisational procedures, Managing and responding to inquiries. · Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Compliance with a legal obligation (Article 6 (1) (c) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

Provision of online services and web hosting
In order to provide our online services securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers they manage) the online services can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security and technical maintenance services. The data processed within the framework of the provision of the hosting services may include all information relating to the users of our online services that is collected in the course of use and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of online services to browsers, and all entries made within our online services or from websites.
· Collection of Access Data and Log Files: We, ourselves or our web hosting provider, collect data on the basis of each access to the server (so-called server log files). Server log files may include the address and name of the web pages and files accessed, the date and time of access, data volumes transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a general rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure the stability and optimal load balancing of the servers .
· Processed data types: Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).
· Data subjects: Users (e.g. website visitors, users of online services).
· Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

We send newsletters, e-mails and other electronic communications (hereinafter referred to as “newsletters”) only with the consent of the recipient or a legal permission. Insofar as the contents of the newsletter are specifically described within the framework of registration, they are decisive for the consent of the user. Otherwise, our newsletters contain information about our services and us. In order to subscribe to our newsletters, it is generally sufficient to enter your e-mail address. We may, however, ask you to provide a name for the purpose of contacting you personally in the newsletter or to provide further information if this is required for the purposes of the newsletter.
· Double opt-in procedure: The registration to our newsletter takes place in general in a so-called Double-Opt-In procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that no one can register with external e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes storing the login and confirmation times as well as the IP address. Likewise the changes of your data stored with the dispatch service provider are logged. Deletion and restriction of processing: We may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to provide evidence of prior consent. The processing of these data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of a consent is confirmed at the same time. In the case of an obligation to permanently observe an objection, we reserve the right to store the e-mail address solely for this purpose in a blacklist.
· Information on legal bases: The sending of the newsletter is based on the consent of the recipients or, if consent is not required, on the basis of our legitimate interests in direct marketing. Insofar as we engage a service provider for sending e-mails, this is done on the basis of our legitimate interests. The registration procedure is recorded on the basis of our legitimate interests for the purpose of demonstrating that it has been conducted in accordance with the law.
· Contents:Information about us, our services, promotions and offers.
· Performance measurement: The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file, which is retrieved from our server when the newsletter is opened or, if we use a mailing service provider, from its server. Within the scope of this retrieval, technical information such as information about the browser and your system, as well as your IP address and time of retrieval are first collected. This information is used for the technical improvement of our newsletter on the basis of technical data or target groups and their reading behaviour on the basis of their retrieval points (which can be determined with the help of the IP address) or access times. This analysis also includes determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. It is, however, neither our endeavour nor, if used, that of the shipping service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. The evaluation of the newsletter and the measurement of success is carried out, subject to the express consent of the user, on the basis of our legitimate interests for the purposes of using a user-friendly and secure newsletter system which serves both our business interests and the expectations of the user. A separate objection to the performance measurement is unfortunately not possible, in this case the entire newsletter subscription must be cancelled or objected to.
· Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Meta/communication data (e.g. device information, IP addresses), Usage data (e.g. websites visited, interest in content, access times).
· Data subjects: Communication partner (Recipients of e-mails, letters, etc.). Purposes of Processing: Direct marketing (e.g. by e-mail or postal).
· Legal Basis: Consent (Article 6 (1) (a) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
· Opt-Out: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can otherwise use one of the contact options listed above, preferably e-mail.
Services and service providers being used:
Mailchimp: Email marketing platform; Service provider: “Mailchimp” – Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; Website: https://mailchimp.com; Privacy Policy: https://mailchimp.com/legal/privacy/; Privacy Shield (Safeguarding the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active.

Web analysis is used to evaluate the visitor traffic on our website and may include the behaviour, interests or demographic information of users, such as age or gender, as pseudonymous values. With the help of web analysis we can e.g. recognize, at which time our online services or their functions or contents are most frequently used or requested for repeatedly, as well as which areas require optimization. In addition to web analysis, we can also use test procedures, e.g. to test and optimize different versions of our online services or their components. For these purposes, so-called user profiles can be created and stored in a file (so-called “cookie”) or similar procedures in which the relevant user information for the aforementioned analyses is stored. This information may include, for example, content viewed, web pages visited and elements and technical data used there, such as the browser used, computer system used and information on times of use. If users have consented to the collection of their location data, these may also be processed, depending on the provider. The IP addresses of the users are also stored. However, we use any existing IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect the user. In general, within the framework of web analysis, A/B testing and optimisation, no user data (such as e-mail addresses or names) is stored, but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective processes.
· Information on legal basis: If we ask the users for their consent to the use of third party providers, the legal basis of the processing is consent. Furthermore, the processing can be a component of our (pre)contractual services, provided that the use of the third party was agreed within this context. Otherwise, user data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.
· Data subjects: Users (e.g. website visitors, users of online services).
· Purposes of Processing: Web Analytics (e.g. access statistics, recognition of returning visitors), Targeting (e.g. profiling based on interests and behaviour, use of cookies), Conversion Tracking, Profiling (Creating user profiles).
· Security measures: IP Masking (Pseudonymization of the IP address).
· Legal Basis: Consent (Article 6 (1) (a) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

We process personal data for the purposes of online marketing, which may include in particular the marketing of advertising space or the display of advertising and other content (collectively referred to as “Content”) based on the potential interests of users and the measurement of their effectiveness.

We maintain online presences within social networks in order to communicate with the users active there or to offer ind information about us there.

Within our online services, we integrate functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may, for example, be graphics, videos or social media buttons as well as contributions (hereinafter uniformly referred to as “Content”).

We kindly ask you to inform yourself regularly about the contents of our data protection declaration. We will adjust the privacy policy as changes in our data processing practices make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

 86-519 68976665