Introduction
With the following data protection declaration, we would like to inform you about which types of your personal data (hereinafter also referred to as "data") we process for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").
The terms used are not gender-specific.
As of: January 10, 2025
Responsible person
Ramtin Zourmand → Contact
Relevant legal bases
Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are also relevant in individual cases, we will inform you of these in the data protection declaration.
Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR) — Processing is necessary for the fulfillment of a contract to which the data subject is a party or for the implementation of pre-contractual measures that are carried out at the request of the data subject.
Legitimate interests (Article 6, paragraph 1, sentence 1, letter f) GDPR) – Processing is necessary to protect the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.
In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection apply in Germany. This includes in particular the law on protection against misuse of personal data in data processing (Federal Data Protection Act — BDSG). The BDSG contains in particular special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission and automated decision-making in individual cases, including profiling. It also regulates data processing for the purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. In addition, state data protection laws of the individual federal states may apply.
Security measures
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, securing the availability and separation of the data. Furthermore, we have set up procedures that ensure the exercise of the rights of those affected, the deletion of data and reactions to threats to the data. Furthermore, we take the protection of personal data into account when developing or selecting hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.
SSL encryption (https): In order to protect the data you transmit via our online offering, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.
Deletion of data
The data we process is deleted in accordance with legal requirements as soon as the consents permitted for processing are revoked or other permissions no longer apply (e.g. if the purpose of processing this data no longer applies or it is no longer required for the purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.
Our data protection notices may also contain further information on the storage and deletion of data that apply primarily to the respective processing.
Provision of the online offer and web hosting
We process the user's data in order to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.
Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses); content data (e.g. entries in online forms).
Affected persons: Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); security measures.
Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR).
Further information on processing processes, procedures and services:
Provision of online services on rented storage space: To provide our online services, we use storage space, computing capacity and software that we rent from a corresponding server provider (also known as a "web host") or obtain from other sources; legal basis: legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR).
Collection of access data and log files: Access to our online services is logged in the form of so-called "server log files". The server log files may include the address and name of the websites and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. to avoid overloading the servers (particularly in the case of abusive attacks, so-called DDoS attacks) and to ensure the utilization of the servers and their stability; Legal basis: legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR); Deletion of data: log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.
E‑mail sending and hosting: The web hosting services we use also include the sending, receiving and storing of e‑mails. For these purposes, the addresses of the recipients and senders as well as other information regarding the e‑mail sending (e.g. the providers involved) and the contents of the respective e‑mails are processed. The aforementioned data can also be processed for the purposes of detecting SPAM. Please note that e‑mails are generally not sent encrypted on the Internet. As a rule, e‑mails are encrypted during transport, but (unless a so-called end-to-end encryption process is used) not on the servers from which they are sent and received. We cannot therefore accept any responsibility for the transmission path of the e‑mails between the sender and the reception on our server; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
STRATO: Services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacity); Service provider: STRATO AG, Pascalstraße 10,10587 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); Website: https://www.strato.de; Data protection declaration: https://www.strato.de/datenschutz; Order processing agreement: Provided by the service provider.
Contact and inquiry management
When contacting us (e.g. via contact form, email, telephone or via social media) and within the framework of existing user and business relationships, the details of the inquiring persons are processed to the extent necessary to answer the contact inquiries and any requested measures.
The answering of contact inquiries as well as the administration of contact and inquiry data within the framework of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to answer (pre)contractual inquiries and otherwise on the basis of the legitimate interests in answering inquiries and maintaining user or business relationships.
Types of data processed: Contact data (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
Affected persons: Communication partners.
Purposes of processing: Provision of contractual services and customer service; Contact requests and communication; Administration and response to requests; Feedback (e.g. collecting feedback via online form); Provision of our online offer and user-friendliness.
Legal bases: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 lit. b) GDPR); Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR).
Further information on processing processes, procedures and services:
Contact form: If users contact us via our contact form, email or other communication channels, we process the data communicated to us in this context to process the communicated request. For this purpose, we process personal data within the framework of pre-contractual and contractual business relationships, insofar as this is necessary to fulfill them and otherwise on the basis of our legitimate interests and the interests of the communication partners in answering the requests and our statutory retention periods; Legal bases: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Created with the data protection generator of Dr. Schwenke