Privacy Policy

Introduction

With the fol­low­ing data pro­tec­tion dec­la­ra­tion, we would like to inform you about which types of your per­son­al data (here­inafter also referred to as "data") we process for what pur­pos­es and to what extent. The data pro­tec­tion dec­la­ra­tion applies to all pro­cess­ing of per­son­al data car­ried out by us, both in the con­text of the pro­vi­sion of our ser­vices and in par­tic­u­lar on our web­sites, in mobile appli­ca­tions and with­in exter­nal online pres­ences, such as our social media pro­files (here­inafter col­lec­tive­ly referred to as "online offer").

The terms used are not gender-specific.

As of: Jan­u­ary 10, 2025

Responsible person

Ramtin Zour­mand → Con­tact

Relevant legal bases

Below you will find an overview of the legal bases of the GDPR on the basis of which we process per­son­al data. Please note that in addi­tion to the pro­vi­sions of the GDPR, nation­al data pro­tec­tion reg­u­la­tions may apply in your or our coun­try of res­i­dence or domi­cile. If more spe­cif­ic legal bases are also rel­e­vant in indi­vid­ual cas­es, we will inform you of these in the data pro­tec­tion declaration.

Con­tract ful­fill­ment and pre-​contractual inquiries (Art. 6 Para. 1 Clause 1 Let­ter b) GDPR) — Pro­cess­ing is nec­es­sary for the ful­fill­ment of a con­tract to which the data sub­ject is a par­ty or for the imple­men­ta­tion of pre-​contractual mea­sures that are car­ried out at the request of the data subject.

Legit­i­mate inter­ests (Arti­cle 6, para­graph 1, sen­tence 1, let­ter f) GDPR) – Pro­cess­ing is nec­es­sary to pro­tect the legit­i­mate inter­ests of the con­troller or a third par­ty, unless the inter­ests or fun­da­men­tal rights and free­doms of the data sub­ject, which require the pro­tec­tion of per­son­al data, prevail.

In addi­tion to the data pro­tec­tion reg­u­la­tions of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion, nation­al reg­u­la­tions on data pro­tec­tion apply in Ger­many. This includes in par­tic­u­lar the law on pro­tec­tion against mis­use of per­son­al data in data pro­cess­ing (Fed­er­al Data Pro­tec­tion Act — BDSG). The BDSG con­tains in par­tic­u­lar spe­cial reg­u­la­tions on the right to infor­ma­tion, the right to era­sure, the right to object, the pro­cess­ing of spe­cial cat­e­gories of per­son­al data, pro­cess­ing for oth­er pur­pos­es and trans­mis­sion and auto­mat­ed decision-​making in indi­vid­ual cas­es, includ­ing pro­fil­ing. It also reg­u­lates data pro­cess­ing for the pur­pos­es of the employ­ment rela­tion­ship (Sec­tion 26 BDSG), in par­tic­u­lar with regard to the estab­lish­ment, imple­men­ta­tion or ter­mi­na­tion of employ­ment rela­tion­ships and the con­sent of employ­ees. In addi­tion, state data pro­tec­tion laws of the indi­vid­ual fed­er­al states may apply.

Security measures

We take appro­pri­ate tech­ni­cal and orga­ni­za­tion­al mea­sures in accor­dance with the legal require­ments, tak­ing into account the state of the art, the imple­men­ta­tion costs and the nature, scope, cir­cum­stances and pur­pos­es of the pro­cess­ing as well as the dif­fer­ent prob­a­bil­i­ties of occur­rence and the extent of the threat to the rights and free­doms of nat­ur­al per­sons, in order to ensure a lev­el of pro­tec­tion appro­pri­ate to the risk.

The mea­sures include in par­tic­u­lar ensur­ing the con­fi­den­tial­i­ty, integri­ty and avail­abil­i­ty of data by con­trol­ling phys­i­cal and elec­tron­ic access to the data as well as the access, input, trans­fer, secur­ing the avail­abil­i­ty and sep­a­ra­tion of the data. Fur­ther­more, we have set up pro­ce­dures that ensure the exer­cise of the rights of those affect­ed, the dele­tion of data and reac­tions to threats to the data. Fur­ther­more, we take the pro­tec­tion of per­son­al data into account when devel­op­ing or select­ing hard­ware, soft­ware and pro­ce­dures in accor­dance with the prin­ci­ple of data pro­tec­tion, through tech­nol­o­gy design and through data protection-​friendly default settings.

SSL encryp­tion (https): In order to pro­tect the data you trans­mit via our online offer­ing, we use SSL encryp­tion. You can rec­og­nize such encrypt­ed con­nec­tions by the pre­fix https:// in the address bar of your browser.

Deletion of data

The data we process is delet­ed in accor­dance with legal require­ments as soon as the con­sents per­mit­ted for pro­cess­ing are revoked or oth­er per­mis­sions no longer apply (e.g. if the pur­pose of pro­cess­ing this data no longer applies or it is no longer required for the pur­pose). If the data is not delet­ed because it is required for oth­er legal­ly per­mis­si­ble pur­pos­es, its pro­cess­ing will be restrict­ed to these pur­pos­es. This means that the data will be blocked and not processed for oth­er pur­pos­es. This applies, for exam­ple, to data that must be retained for com­mer­cial or tax law rea­sons or whose stor­age is nec­es­sary to assert, exer­cise or defend legal claims or to pro­tect the rights of anoth­er nat­ur­al or legal person.

Our data pro­tec­tion notices may also con­tain fur­ther infor­ma­tion on the stor­age and dele­tion of data that apply pri­mar­i­ly to the respec­tive processing.

Provision of the online offer and web hosting

We process the user's data in order to be able to pro­vide them with our online ser­vices. For this pur­pose, we process the user's IP address, which is nec­es­sary to trans­mit the con­tent and func­tions of our online ser­vices to the user's brows­er or device.

Types of data processed: Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times); meta/​communication data (e.g. device infor­ma­tion, IP address­es); con­tent data (e.g. entries in online forms).

Affect­ed per­sons: Users (e.g. web­site vis­i­tors, users of online services).

Pur­pos­es of pro­cess­ing: Pro­vi­sion of our online offer and user-​friendliness; Infor­ma­tion tech­nol­o­gy infra­struc­ture (oper­a­tion and pro­vi­sion of infor­ma­tion sys­tems and tech­ni­cal devices (com­put­ers, servers, etc.)); secu­ri­ty measures.

Legal basis: Legit­i­mate inter­ests (Art. 6 Para. 1 Clause 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

Pro­vi­sion of online ser­vices on rent­ed stor­age space: To pro­vide our online ser­vices, we use stor­age space, com­put­ing capac­i­ty and soft­ware that we rent from a cor­re­spond­ing serv­er provider (also known as a "web host") or obtain from oth­er sources; legal basis: legit­i­mate inter­ests (Art. 6 Para. 1 Clause 1 Let­ter f) GDPR).

Col­lec­tion of access data and log files: Access to our online ser­vices is logged in the form of so-​called "serv­er log files". The serv­er log files may include the address and name of the web­sites and files accessed, the date and time of access, the amount of data trans­ferred, noti­fi­ca­tion of suc­cess­ful access, brows­er type and ver­sion, the user's oper­at­ing sys­tem, refer­rer URL (the pre­vi­ous­ly vis­it­ed page) and, as a rule, IP address­es and the request­ing provider. The serv­er log files can be used for secu­ri­ty pur­pos­es, e.g. to avoid over­load­ing the servers (par­tic­u­lar­ly in the case of abu­sive attacks, so-​called DDoS attacks) and to ensure the uti­liza­tion of the servers and their sta­bil­i­ty; Legal basis: legit­i­mate inter­ests (Art. 6 Para. 1 Clause 1 Let­ter f) GDPR); Dele­tion of data: log file infor­ma­tion is stored for a max­i­mum of 30 days and then delet­ed or anonymized. Data that needs to be retained for evi­den­tiary pur­pos­es is exempt from dele­tion until the respec­tive inci­dent has been final­ly clarified.

E‑mail send­ing and host­ing: The web host­ing ser­vices we use also include the send­ing, receiv­ing and stor­ing of e‑mails. For these pur­pos­es, the address­es of the recip­i­ents and senders as well as oth­er infor­ma­tion regard­ing the e‑mail send­ing (e.g. the providers involved) and the con­tents of the respec­tive e‑mails are processed. The afore­men­tioned data can also be processed for the pur­pos­es of detect­ing SPAM. Please note that e‑mails are gen­er­al­ly not sent encrypt­ed on the Inter­net. As a rule, e‑mails are encrypt­ed dur­ing trans­port, but (unless a so-​called end-​to-​end encryp­tion process is used) not on the servers from which they are sent and received. We can­not there­fore accept any respon­si­bil­i­ty for the trans­mis­sion path of the e‑mails between the sender and the recep­tion on our serv­er; legal basis: legit­i­mate inter­ests (Art. 6 para. 1 sen­tence 1 lit. f) GDPR).

STRATO: Ser­vices in the field of pro­vid­ing infor­ma­tion tech­nol­o­gy infra­struc­ture and relat­ed ser­vices (e.g. stor­age space and/​or com­put­ing capac­i­ty); Ser­vice provider: STRATO AG, Pas­cal­straße 10,10587 Berlin, Ger­many; Legal basis: Legit­i­mate inter­ests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); Web­site: https://​www​.stra​to​.de; Data pro­tec­tion dec­la­ra­tion: https://​www​.stra​to​.de/​d​a​t​e​n​s​c​h​utz; Order pro­cess­ing agree­ment: Pro­vid­ed by the ser­vice provider.

Contact and inquiry management

When con­tact­ing us (e.g. via con­tact form, email, tele­phone or via social media) and with­in the frame­work of exist­ing user and busi­ness rela­tion­ships, the details of the inquir­ing per­sons are processed to the extent nec­es­sary to answer the con­tact inquiries and any request­ed measures.

The answer­ing of con­tact inquiries as well as the admin­is­tra­tion of con­tact and inquiry data with­in the frame­work of con­trac­tu­al or pre-​contractual rela­tion­ships is car­ried out to ful­fill our con­trac­tu­al oblig­a­tions or to answer (pre)contractual inquiries and oth­er­wise on the basis of the legit­i­mate inter­ests in answer­ing inquiries and main­tain­ing user or busi­ness relationships.

Types of data processed: Con­tact data (e.g. email, tele­phone num­bers); Con­tent data (e.g. entries in online forms); Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times); Meta/​communication data (e.g. device infor­ma­tion, IP addresses).

Affected persons: Communication partners.

Pur­pos­es of pro­cess­ing: Pro­vi­sion of con­trac­tu­al ser­vices and cus­tomer ser­vice; Con­tact requests and com­mu­ni­ca­tion; Admin­is­tra­tion and response to requests; Feed­back (e.g. col­lect­ing feed­back via online form); Pro­vi­sion of our online offer and user-friendliness.

Legal bases: Con­tract ful­fill­ment and pre-​contractual inquiries (Art. 6 Para. 1 Clause 1 lit. b) GDPR); Legit­i­mate inter­ests (Art. 6 Para. 1 Clause 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

Con­tact form: If users con­tact us via our con­tact form, email or oth­er com­mu­ni­ca­tion chan­nels, we process the data com­mu­ni­cat­ed to us in this con­text to process the com­mu­ni­cat­ed request. For this pur­pose, we process per­son­al data with­in the frame­work of pre-​contractual and con­trac­tu­al busi­ness rela­tion­ships, inso­far as this is nec­es­sary to ful­fill them and oth­er­wise on the basis of our legit­i­mate inter­ests and the inter­ests of the com­mu­ni­ca­tion part­ners in answer­ing the requests and our statu­to­ry reten­tion peri­ods; Legal bases: Con­tract ful­fill­ment and pre-​contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legit­i­mate inter­ests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Cre­at­ed with the data pro­tec­tion gen­er­a­tor of Dr. Schwenke