Privacy & Data

Encrypted payment transactions

Payment data, such as account or credit card numbers, is particularly sensitive. For this reason, payment transactions with common means of payment are also carried out exclusively via an encrypted SSL or TLS connection.

How long do we store your data?

In some places in this privacy policy, we inform you about how long we or the companies that process your data on our behalf store your data. If no such information is provided, we will store your data until the purpose of the data processing no longer applies, you object to the data processing or you withdraw your consent to the data processing.

In the event of an objection or revocation, however, we may continue to process your data if at least one of the following conditions is met:

We have compelling legitimate grounds for continuing the data processing which override your interests, rights and freedoms (only if you object to the data processing; if the objection is to direct marketing, we cannot provide any legitimate grounds)

.

Data processing is necessary for the establishment, exercise or defense of legal claims (does not apply if your objection is to direct marketing).

We are legally obliged to retain your data.

In this case, we will delete your data as soon as the requirement(s) cease(s) to apply.

Data transfer to the USA

We also use tools on our website from companies that transfer your data to the USA, store it there and process it further if necessary. The European Commission has adopted an adequacy decision for the EU-US data protection framework. This establishes that the US ensures an adequate level of protection for personal data from the EU that is transferred to US companies. This decision is based on new safeguards and measures introduced by the US to meet data protection requirements. The adequacy decision includes, among other things, restrictions and safeguards on access to the data by US intelligence services. Binding safeguards have been introduced to limit the access of US intelligence agencies to what is necessary and proportionate to protect national security. In addition, increased oversight of the activities of the US intelligence services has been established to ensure that the restrictions on surveillance activities are complied with. An independent redress mechanism has also been established to handle and resolve complaints from European citizens about access to their data. The EU-US Privacy Shield Framework thus allows European companies to transfer data to certified US companies without having to introduce additional data protection safeguards. You can view a list of all certified companies at the following link: https://www.dataprivacyframework.gov/s/participant-search

A change to the European Commission's decision cannot be ruled out.

Your rights

Objection to data processing

IF YOU READ IN THIS PRIVACY STATEMENT THAT WE HAVE A LEGITIMATE INTEREST IN THE PROCESSING OF YOUR DATA AND THEREFORE OBJECT TO IT ON THE BASIS OF ART. 6 ABS. 1 SENTENCE 1 LIT. F) GDPR, YOU HAVE THE RIGHT UNDER ART. 21 GDPR THE RIGHT TO OBJECT TO THIS. THIS ALSO APPLIES TO PROFILING BASED ON THE AFOREMENTIONED PROVISION. THE PREREQUISITE IS THAT YOU STATE REASONS FOR THE OBJECTION THAT ARISE FROM YOUR PARTICULAR SITUATION. a statement of reasons is not required if the objection is directed against the use of your data for direct marketing purposes.

the consequence of the objection is that we may no longer process your data. this only does not apply if one of the following conditions is met:

• we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms
.
• the processing is for the establishment, exercise or defense of legal claims.

THESE EXCEPTIONS DO NOT APPLY IF YOUR OBJECTION IS TO DIRECT ADVERTISING OR PROFILING RELATED TO SUCH ADVERTISING.

Other rights

Revocation of your consent to data processing

Many data processing operations are carried out on the basis of your consent. You give this consent, for example, by ticking the appropriate box on online forms before you send the form or by allowing certain cookies when you visit our website. You can withdraw your consent at any time without giving reasons (Art. 7 para. 3 GDPR). We may then no longer process your data from the time you withdraw your consent. The only exception: We are legally obliged to retain the data for a certain period of time. Such retention periods exist in particular in tax and commercial law.

If you believe that we are in breach of the General Data Protection Regulation (GDPR), you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. You can contact a supervisory authority in the member state of your place of residence, your place of work or the place where the alleged infringement took place. The right to lodge a complaint exists in addition to administrative or judicial remedies.

We must provide you or a third party with data that we process automatically on the basis of your consent or in fulfillment of a contract in a commonly used, machine-readable format if you request this. We can only transfer the data to another controller if this is technically feasible.

In accordance with Art. 15 GDPR, you have the right to receive information free of charge about what personal data we have stored about you, where the data comes from, to whom we transfer the data and for what purpose it is stored. If the data is incorrect, you have the right to rectification (Art. 16 GDPR); under the conditions of Art. 17 GDPR, you may request that we erase the data.

Right to restriction of processing

In certain situations, you can request that we restrict the processing of your data in accordance with Art. 18 GDPR. The data may then - apart from being stored - only be processed as follows:

• with your consent
• for the establishment, exercise or defense of legal claims
• to protect the rights of another natural or legal person
• for reasons of important public interest of the European Union or of a Member State

The right to restriction of processing applies in the following situations:

• You have contested the accuracy of your personal data stored by us and we need time to verify this. In this case, you have the right for the duration of the review.
Your personal data is being processed unlawfully or has been processed unlawfully in the past. In this case, you have the right to have the data erased as an alternative.We no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims. In this case, you have the right to have the data erased as an alternative.
• You have lodged an objection pursuant to Art. 21 para. 1 GDPR and now your interests and ours must be weighed against each other. You have the right to object as long as the outcome of the balancing exercise has not yet been determined.

Data collection on this website

Server log files

Server log files log all requests and access to our website and record error messages. They also include personal data, in particular your IP address. However, this is anonymized by the provider after a short time so that we cannot assign the data to you personally. The data is automatically transmitted from your browser to our provider.

Our provider stores the server log files in order to be able to track the activities on our website and identify errors. The files contain the following data:

• Browser type and version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address (anonymized if necessary)

We do not merge this data with other data, but only use it for statistical analysis and to improve our website.

On what legal basis do we process your data?

We have a legitimate interest in ensuring that our website runs smoothly. It is also in our legitimate interest to obtain an anonymized overview of access to our website. Data processing is therefore lawful pursuant to Art. 6 (1) (f) GDPR.

Contact form

You can send us a message using the contact form on this website.

We store your message and the information from the form in order to be able to process your request, including follow-up questions. This also applies to the contact details provided. We will not pass the data on to other persons without your consent.

We delete your data as soon as one of the following points occurs:

• Your request has been finally processed
.
• You request us to delete the data
.
• You revoke your consent to storage.

This only does not apply if we are legally obliged to retain the data.

On what legal basis do we process your data?

If your request is related to our contractual relationship or serves the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b) GDPR. In all other cases, it is in our legitimate interest to process inquiries addressed to us effectively. The legal basis for data processing is therefore Art. 6 para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 para. 1 lit. a) GDPR is the legal basis. In this case, you can withdraw your consent at any time with effect for the future.

Request by email, telephone or fax

You can send us a message by email or fax or give us a call.

How we process your data

We store your message and the contact details you have provided or the transmitted telephone number in order to be able to process your request including follow-up questions. We will not pass the data on to other persons without your consent.

How long do we store your data?

We delete your data as soon as one of the following points occurs:

• Your request has been finally processed
.
• You request us to delete the data
.
• You revoke your consent to storage.

This only does not apply if we are legally obliged to retain the data.

On what legal basis do we process your data?

If your request is related to our contractual relationship or serves the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b) GDPR. In all other cases, it is in our legitimate interest to process inquiries addressed to us effectively. The legal basis for data processing is therefore Art. 6 para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 para. 1 lit. a) GDPR is the legal basis. In this case, you can withdraw your consent at any time with effect for the future.

Communication via WhatsApp

What is WhatsApp

Instant messaging service

Who processes your data

WhatsApp Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Where can you find more information about data protection at WhatsApp?

https://www.whatsapp.com/legal/#privacy-policy

On what basis do we transfer your data to the USA?

How we process your data

We use the instant messaging service WhatsApp in the "WhatsApp Business" version to communicate with our customers and other people outside our company.

Communication takes place via end-to-end encryption (peer-to-peer). This prevents WhatsApp or other third parties from gaining access to the communication content. We have also set up our accounts so that there is no automatic synchronization with the address book on the smartphones used. However, WhatsApp gains access to the metadata of the communication process (e.g. sender, recipient and time of communication) and, according to its own statement, shares this data with Meta, its parent company based in the USA.

How long do we store your data?

We delete your data as soon as one of the following occurs:

• The purpose of the data processing no longer applies
.
• You request us to delete the data
.
• You revoke your consent to storage.

This only does not apply if we are legally obliged to retain the data.

If our exchange via WhatsApp is related to our contractual relationship or serves the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b) GDPR. In all other cases, it is in our legitimate interest to process inquiries addressed to us effectively and to maintain business contact with other persons. The legal basis for data processing is therefore Art. 6 para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 para. 1 lit. a) GDPR is the legal basis. In this case, you can withdraw your consent at any time with effect for the future.

Comment function

You have the option of commenting on content on our website via corresponding input windows. To use the comment function, you must enter your e-mail address. It is also possible to subscribe to the comments of others

How we process your data

When you leave comments on our website, we store the following data:

• Your comment
• Your e-mail address
• the time of the comment
• other data that you provide in the course of commenting, e.g. your user name
• your IP address

We store data that can be used to identify you so that we can take legal action against you if your comment is offensive, inciting hatred or otherwise criminally relevant.

If you subscribe to comments, we will send you an e-mail to check whether you are the owner of the e-mail address provided. You can unsubscribe from receiving comments at any time via a link in this email.

How long do we store your data?

We store your comments and the associated data until the commented content has been completely deleted or the comments have to be deleted for legal reasons, e.g. because they violate criminal law.

If you have subscribed to comments and unsubscribe from the notification, all data provided as part of the subscription will be deleted. If we have also stored your data for another reason, e.g. because you have subscribed to our newsletter, this data is not affected by the deletion.

On what legal basis do we process your data?

By using the comment function, you consent to the storage of your data. The basis for data processing is therefore Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time by sending us an email in which you declare your revocation. From this point on, we may no longer process your data.

Analysis tools and advertising

We use the following tools to analyze the behavior of our website visitors and to show you advertising

Matomo Analytics (installed locally)

How we process your data

We are always interested in optimizing our website for users and placing advertising in the best possible way. Matomo Analytics, an open source tool that analyzes user behavior and thus provides us with the necessary database for adjustments, helps us to do this. Matomo uses cookies, device fingerprinting and other technologies that enable cross-page recognition of the user to analyze user behavior. Matomo records the page views, the region they come from, the IP address, referrer, browser used and operating systems. The tool can also measure whether our website visitors perform certain actions (e.g. click on links or make purchases). Once your IP address has been anonymized, the data collected is stored exclusively on our server.

On what legal basis do we process your data?