Security measures
We take appropriate technical and organizational measures in accordance
with the legal requirements, taking into account the state of the art, the
implementation costs and the nature, scope, circumstances and purposes of the
processing, as well as the different probabilities of occurrence and the extent
of the threat to the rights and freedoms of natural persons, in order to ensure
a level of protection appropriate to the risk. The measures include, in
particular, safeguarding the confidentiality, integrity and availability of
data by controlling physical and electronic access to the data as well as
access to, input of, disclosure of, assurance of availability of and
segregation of the data. Furthermore, we have established procedures to ensure
the exercise of data subjects' rights, the deletion of data, and responses to
data compromise. Furthermore, we take the protection of personal data into
account as early as the development or selection of hardware, software and
processes in accordance with the principle of data protection, through
technology design and through data protection-friendly default settings.
Transmission of personal data
In the course of our processing of personal data, it may happen that the
data is transferred to or disclosed to other bodies, companies, legally
independent organizational units or persons. Recipients of this data may
include, for example, service providers commissioned with IT tasks or providers
of services and content that are integrated into a
website. In such cases, we comply with the legal requirements and, in
particular, conclude appropriate contracts or agreements that serve to protect
your data with the recipients of your data.
Data processing in third countries
If we process data in a third country (i.e., outside the European Union
(EU), the European Economic Area (EEA)) or the processing takes place in the
context of using third-party services or disclosing or transferring data to
other persons, entities or companies, this will only be done in accordance with
legal requirements. Subject to express consent or contractually or legally
required transfer, we only process or have the data processed in third
countries with a recognized level of data protection, contractual obligation
through so-called standard protection clauses of the EU Commission, in the
presence of certifications or binding internal data protection regulations
(Art. 44 to 49 DSGVO, information page of the EU Commission:
https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
Deletion of data
The data processed by us will be deleted in accordance with the legal
requirements as soon as their consents permitted for processing are revoked or
other permissions cease to apply (e.g. if the purpose of processing this data
has ceased to apply or it is not required for the purpose). If the data are not
deleted because they are required for other and legally permissible purposes,
their processing will be limited to these purposes. That is, the data is
blocked and not processed for other purposes. This applies, for example, to
data that must be retained for reasons of commercial or tax law or whose
storage is necessary for the assertion, exercise or defense
of legal claims or for the protection of the rights of another natural or legal
person. Our data protection notices may also contain further details on the
retention and deletion of data, which take priority for the respective
processing operations.
Use of cookies
Cookies are small text files, or other memory notes, which store
information on end devices and read information from the end devices. For
example, to store the login status in a user account, a shopping cart content
in an e-shop, the content accessed or functions used of an online offer.
Cookies can further be used for various purposes, e.g. for purposes of
functionality, security and comfort of online offers as well as the creation of
analyses of visitor flows. Notes on consent: We use cookies in accordance with
legal requirements. Therefore, we obtain prior consent from users except where
it is not required by law. In particular, consent is not required if the
storage and reading of information, including cookies, is absolutely necessary
to provide the user with a telemedia service (i.e.,
our online offering) that they have expressly requested. The revocable consent
is clearly communicated to the users and contains the information on the
respective cookie use. Notes on legal bases under data protection law: the
legal basis under data protection law on which we process users' personal data
using cookies depends on whether we ask users for consent. If users consent,
the legal basis for processing their data is their declared consent. Otherwise,
the data processed with the help of cookies is processed on the basis of our
legitimate interests (e.g. in a business operation of our online offer and
improvement of its usability) or, if this is done in the context of the fulfillment of our contractual obligations, if the use of
cookies is necessary to fulfill our contractual obligations.
For what purposes the cookies are processed by us, we clarify in the course of
this privacy policy or in the context of our consent and processing procedures.
Storage duration: With regard to the storage duration, the following types of
cookies are distinguished:
- Temporary
cookies (also: session cookies): temporary cookies are deleted at the
latest after a user has left an online offer and closed his end device
(e.g. browser or mobile application).
- Permanent
cookies: Permanent cookies remain stored even after the end device is
closed. For example, the login status can be saved or preferred content
can be displayed directly when the user visits a website again. Likewise,
user data collected with the help of cookies can be used for reach
measurement. Unless we provide users with explicit information about the
type and storage duration of cookies (e.g., as part of obtaining consent),
users should assume that cookies are permanent and that the storage period
can be up to two years. General information on revocation and objection
(opt-out): Users can revoke the consent they have given at any time and
also file an objection to processing in accordance with the legal
requirements in Art. 21 DSGVO (further information on objection is
provided as part of this privacy policy). Users can also declare their
objection using the settings of their browser. Further notes on processing
processes, procedures and services:
- Processing
of cookie data based on consent: We use a cookie consent management
procedure, under which the consent of users to the use of cookies, or the
processing and providers mentioned in the cookie consent management
procedure, can be obtained and managed and revoked by users. Here, the
declaration of consent is stored in order not to have to repeat its query
and to be able to prove the consent in accordance with the legal
obligation. The storage can take place on the server side and/or in a
cookie (so-called opt-in cookie, or with the help of comparable technologies),
in order to be able to assign the consent to a user or their device.
Subject to individual information on the providers of cookie management
services, the following information applies: The duration of the storage
of consent can be up to two years. A pseudonymous user identifier is
created and stored with the time of consent, information about the scope
of consent (e.g., which categories of cookies and/or service providers),
as well as the browser, system and end device used.
Provision of the online offer and web
hosting
In order to provide our online offer securely and efficiently, we use
the services of one or more web hosting providers from whose servers (or
servers managed by them) the online offer can be accessed. For these purposes,
we may use infrastructure and platform services, computing capacity, storage
space and database services, as well as security services and technical
maintenance services. The data processed as part of the provision of the
hosting offer may include all information relating to the users of our online
offer, which is generated as part of the use and communication. This regularly
includes the IP address, which is necessary to be able to deliver the contents
of online offers to browsers, and all entries made within our online offer or
from websites.
- Types
of data processed: Content data (e.g. entries in online forms); Usage data
(e.g. web pages visited, interest in content, access times);
Meta/communication data (e.g. device information, IP addresses).
- Data
subjects: Users (e.g. website visitors, users of online services).
- Purposes
of processing: provision of our online offer and user-friendliness.
- Legal
grounds: Legitimate interests (Art. 6 para. 1 p.
1 lit. f. DSGVO). Further notes on processing processes, procedures and services:
- Collection
of access data and log files: we ourselves (or our web hosting provider)
collect data on each access to the server (so-called server log files).
The server log files may include the address and name of the web pages and
files accessed, the date and time of access, the volume of data
transferred, notification of successful access, browser type and version,
the user's operating system, referrer URL (the previously visited page)
and, as a rule, IP addresses and the requesting provider. The server log
files may be used, on the one hand, for security purposes, e.g., to
prevent server overload (especially in the event of abusive attacks,
so-called DDoS attacks) and, on the other hand,
to ensure the utilization of the servers and their stability; deletion of
data: Log file information is stored for a maximum period of 30 days and
then deleted or anonymized. Data whose further
retention is required for evidentiary purposes is exempt from deletion
until final clarification of the respective incident. Contact and inquiry
management When contacting us (e.g. via contact form, e-mail, telephone or
via social media) as well as in the context of existing user and business
relationships, the information of the inquiring persons is processed to
the extent necessary to respond to the contact requests and any requested
measures. The response to the contact inquiries as well as the management
of contact and inquiry data in the context of contractual or
pre-contractual relationships is carried out to fulfill
our contractual obligations or to respond to (pre)contractual inquiries
and otherwise on the basis of legitimate interests in responding to the
inquiries and maintaining user or business relationships.
- Types
of data processed: inventory data (e.g. names, addresses); contact data
(e.g. e-mail, telephone numbers); content data (e.g. entries in online
forms).
- Data
subjects: Communication partners.
- Purposes
of processing: contact requests and communication; provision of
contractual services and customer service.
- Legal
basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO); Legitimate interests
(Art. 6 para. 1 p. 1 lit. f. DSGVO); Legal
obligation (Art. 6 para. 1 p. 1 lit. c. DSGVO).
Further guidance on processing
operations, procedures and services:
- Contact
form: If users contact us via our contact form, e-mail or other
communication channels, we process the data communicated to us in this
context for the purpose of processing the communicated request. For this
purpose, we process personal data in the context of pre-contractual and
contractual business relationships, insofar as this is necessary for their
fulfillment, and otherwise on the basis of our
legitimate interests as well as the interests of the communication
partners in responding to the concerns and our legal retention
obligations. Web analysis, monitoring and optimization Web analytics (also
referred to as "reach measurement") is used to evaluate the flow
of visitors to our online offering and may include behavior, interests or
demographic information about visitors, such as age or gender, as
pseudonymous values. With the help of reach analysis, we can recognize,
for example, at what time our online offer or its functions or content are
most frequently used or invite re-use. Likewise, we can understand which
areas need optimization. In addition to web analytics, we may also use
testing procedures, for example, to test and optimize different versions
of our online offering or its components. Unless otherwise stated below,
profiles, i.e. data summarized for a usage process, may be created for
these purposes and information may be stored in a browser, or in a
terminal device, and read from it. The information collected includes, in
particular, websites visited and elements used there as well as technical
information such as the browser used, the computer system used and
information on usage times. If users have agreed to the collection of
their location data from us or from the providers of the services we use,
location data may also be processed. The IP addresses of the users are
also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to
protect users. Generally, in the context of web analysis, A/B testing and
optimization, no clear data of the users (such as e-mail addresses or
names) are stored, but pseudonyms. This means that we, as well as the
providers of the software used, do not know the actual identity of the
users, but only the information stored in their profiles for the purposes
of the respective procedures. Notes on legal bases: If we ask users for
their consent to use the third-party providers, the legal basis for
processing data is consent. Otherwise, users' data is processed on the
basis of our legitimate interests (i.e. interest in efficient, economical
and recipient-friendly services). In this context, we would also like to
refer you to the information on the use of cookies in this Privacy Policy.
- Types
of data processed: Usage data (e.g. websites visited, interest in content,
access times); meta/communication data (e.g. device information, IP
addresses).
- Data
subjects: Users (e.g., website visitors, users of online services).
- Purposes
of processing: reach measurement (e.g. access statistics, recognition of
returning visitors); profiles with user-related information (creation of
user profiles).
- Security
measures: IP masking (pseudonymization of the IP
address).
- Legal
basis: Consent (Art. 6 para. 1 p. 1 lit. a.
DSGVO); Legitimate interests (Art. 6 para. 1 p.
1 lit. f. DSGVO). Further notes on processing processes, procedures and
services:
- Google
Analytics: App analytics, reach measurement as well as measurement of user
flows; service provider: Google Ireland Limited, Gordon House, Barrow
Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre
Parkway, Mountain View, CA 94043, USA; Website:
https://marketingplatform.google.com/intl/de/about/analytics/; Privacy
policy: https://policies.google.com/privacy; Further information: Types of
processing as well as data processed:
https://privacy.google.com/businesses/adsservices; Data processing terms
for Google advertising products and standard contractual clauses for third
country transfers of data:
https://business.safety.google/adsprocessorterms.
Google AdMob:
This app uses Google AdMob
https://www.google.de/admob/ (1600 Amphitheatre Parkway, Mountain View, CA
94043, USA; hereinafter "Google") to display advertising. Google uses
the Apple Advertising Identifier (hereafter Apple Ad-ID) for advertising tax purposes.
A pseudonymous user profile is created under the Apple Ad-ID so that the user
can be assigned to different advertising segments on the Apple advertising
platform in order to display actual or supposedly interest-based advertising.
The Apple Ad-ID is a pseudonym that prevents the disclosure of personal
data to Google. The Apple Ad-ID is transferred to a Google server in the USA
and stored there. Google complies with the data protection provisions of the US
Safe Harbor Agreement and is registered with the US
Department of Commerce's Safe Harbor program.
You can prevent the use of the Apple Ad ID opting out from
"Tracking" under "Privacy" in System Preferences. You can
find further information on data protection in connection with Google here.
http://www.google.com/policies/privacy/partners/
The use of Google AdMob and the related data
processing is based on our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f DSGVO. Through the use of Google AdMob,
we want to ensure that you are only shown advertising on your end devices that
is oriented towards your actual or supposed interests. These interests are to
be regarded as legitimate within the meaning of the aforementioned provision.
Online marketing
We process personal data for online marketing purposes, which may
include, in particular, the marketing of advertising space or presentation of
promotional and other content (collectively, "content") based on
potential user interests and the measurement of its effectiveness. For these purposes,
so-called user profiles are created and stored in a file (so-called
"cookie") or similar procedures are used, by means of which the
information about the user relevant to the presentation of the aforementioned
content is stored. This information may include, for example, content viewed,
websites visited, online networks used, but also communication partners and
technical information, such as the browser used, the computer system used and
information on usage times and functions used. If users have consented to the
collection of their location data, this may also be processed. The IP addresses
of users are also stored. However, we use available IP masking procedures
(i.e., pseudonymization by shortening the IP address)
to protect users. In general, no clear data of the users (such as e-mail
addresses or names) are stored in the context of the online marketing process,
but pseudonyms. This means that we, as well as the providers of the online
marketing procedures, do not know the actual identity of the users, but only
the information stored in their profiles. The information in the profiles is
usually stored in the cookies or by means of similar procedures. These cookies
can later generally be read on other websites that use the same online
marketing procedure and analyzed for the purpose of
displaying content as well as supplemented with further data and stored on the
server of the online marketing procedure provider. Exceptionally, clear data
can be assigned to the profiles. This is the case if, for example, the users
are members of a social network whose online marketing procedure we use and the
network links the users' profiles with the aforementioned data. We ask to note
that users may make additional arrangements with the providers, e.g., by giving
consent as part of the registration process. In principle, we only receive
access to summarized information about the success of our advertisements.
However, in the context of so-called conversion measurements, we can check
which of our online marketing processes have led to a so-called conversion,
i.e., for example, to a conclusion of a contract with us. The conversion
measurement is used solely to analyze the success of
our marketing measures. Unless otherwise stated, we ask you to assume that
cookies used will be stored for a period of two years. Notes on legal bases: if
we ask users for their consent to use third-party providers, the legal basis
for processing data is consent. Otherwise, users' data is processed on the
basis of our legitimate interests (i.e. interest in efficient, economical and
recipient-friendly services). In this context, we would also like to refer you
to the information on the use of cookies in this Privacy Policy.
- Types
of data processed: Usage data (e.g. websites visited, interest in content,
access times); meta/communication data (e.g. device information, IP
addresses).
- Data
subjects: Users (e.g., website visitors, users of online services).
- Purposes
of processing: marketing; profiling with user-related information
(creating user profiles).
- Security
measures: IP masking (pseudonymization of the IP
address).
- Legal
grounds: consent (Art. 6 para. 1 p. 1 lit. a.
DSGVO); legitimate interests (Art. 6 para. 1 p.
1 lit. f. DSGVO).
- Possibility
of objection (opt-out): We refer to the data protection notices of the
respective providers and the objection options given to the providers
(so-called "opt-out"). If no explicit opt-out option has been
specified, you have the option of switching off cookies in your browser
settings. However, this may restrict functions of our online offer. We
therefore recommend the following additional opt-out options, which are
offered in summary for the respective areas: a) Europe:
https://www.youronlinechoices.eu. b) Canada:
https://www.youradchoices.ca/choices. c) USA:
https://www.aboutads.info/choices. d) Cross-territory:
https://optout.aboutads.info.
Affiliate programs and affiliate
links
We include so-called affiliate links or other references (which may
include, for example, search masks, widgets or discount codes) to the offers
and services of third-party providers in our online offer (collectively
referred to as "affiliate links"). If users follow the Affiliate
Links or subsequently take advantage of the offers, we may receive a commission
or other benefits from those third parties (collectively,
"Commission"). In order to be able to track whether users have taken
advantage of the offers of an affiliate link used by us, it is necessary that the
respective third-party providers learn that the users have followed an
affiliate link used within our online offer. The assignment of the affiliate
links to the respective business transactions or to other actions (e.g.
purchases) serves the sole purpose of commission accounting and will be
cancelled as soon as it is no longer necessary for the purpose. For the
purposes of the aforementioned assignment of the affiliate links, the affiliate
links may be supplemented by certain values that are a component of the link or
may be stored elsewhere, e.g. in a cookie. The values may include, in
particular, the source website (referrer), the time, an online identifier of
the operator of the website on which the affiliate link was located, an online
identifier of the respective offer, the type of link used, the type of offer
and an online identifier of the user. Notes on legal bases: if we ask users for
their consent to the use of third-party providers, the legal basis for the
processing of data is consent. Furthermore, their use may be a component of our
(pre)contractual services, provided that the use of the third-party providers
has been agreed within this framework. Otherwise, user data is processed on the
basis of our legitimate interests (i.e. interest in efficient, economical and
recipient-friendly services). In this context, we would also like to refer you
to the information on the use of cookies in this privacy policy.
- Types
of data processed: contractual data (e.g. subject matter of contract,
term, customer category); usage data (e.g.
websites visited, interest in content, access times); meta/communication
data (e.g. device information, IP addresses).
- Data
subjects: Users (e.g., website visitors, users of online services).
- Purposes
of processing: affiliate tracking.
- Legal
grounds: consent (Art. 6 para. 1 p. 1 lit. a.
DSGVO); contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. DSGVO); legitimate interests
(Art. 6 para. 1 p. 1 lit. f. DSGVO). Amendment
and updating of the privacy policy We ask you to
regularly inform yourself about the content of our privacy policy. We
adapt the data protection declaration as soon as the changes in the data
processing carried out by us make this necessary. We will inform you as
soon as the changes require an act of cooperation on your part (e.g.
consent) or other individual notification. If we provide addresses and
contact information of companies and organizations in this privacy
statement, please note that the addresses may change over time and please
check the information before contacting us.
Rights of the data subjects
As a data subject, you are entitled to various rights under the GDPR,
which arise in particular from Art. 15 to 21 GDPR:
- Right
to object: you have the right to object at any time, on grounds relating
to your particular situation, to the processing of personal data
concerning you which is carried out on the basis
of Art. 6(1)(e) or (f) DSGVO; this also applies
to profiling based on these provisions. If the personal data concerning
you is processed for the purpose of direct marketing, you have the right
to object at any time to the processing of personal data concerning you
for the purpose of such marketing; this also applies to profiling insofar
as it is related to such direct marketing.
- Right
to withdraw consent: You have the right to revoke any consent given at any
time.
- Right
to information: you have the right to request confirmation as to whether
data in question is being processed and to information about this data, as
well as further information and a copy of the data in accordance with the
legal requirements.
- Right
to rectification: you have the right, in accordance with the law, to
request that data concerning you be completed or that inaccurate data
concerning you be rectified.
- Right
to erasure and restriction of processing: In accordance with the legal
requirements, you have the right to demand that data concerning you be
erased without delay or, alternatively, to demand restriction of the
processing of the data in accordance with the legal requirements.
- Right
to data portability: You have the right to receive data concerning you,
which you have provided to us, in a structured, common and
machine-readable format in accordance with the legal requirements, or to
demand its transfer to another responsible party.
- Complaint
to the supervisory authority: Without prejudice to any other
administrative or judicial remedy, you have the right to lodge a complaint
with a supervisory authority, in particular in the Member State of your
habitual residence, your place of work or the place of the alleged
infringement, if you consider that the processing of personal data
relating to you infringes the requirements of the GDPR.
Definitions of terms
This section provides you with an overview of the terms used in this
privacy statement. Many of the terms are taken from the law and defined
primarily in Art. 4 of the GDPR. The legal definitions
are binding. The following explanations, on the other hand, are primarily
intended to aid understanding. The terms are sorted alphabetically.
- Affiliate
tracking: In the context of affiliate tracking, links with the help of
which the linking websites refer users to websites with product or other
offers are logged. The operators of the respective linking websites may
receive a commission if users follow these so-called affiliate links and
subsequently take advantage of the offers (e.g. buy goods or use
services). For this purpose, it is necessary for the providers to be able
to track whether users who are interested in certain offers subsequently take
advantage of them at the instigation of the affiliate links. It is
therefore necessary for the functionality of affiliate links that they are
supplemented with certain values that become part of the link or are
stored elsewhere, e.g. in a cookie. The values include, in particular, the
source website (referrer), the time, an online identifier of the operator
of the website on which the affiliate link was located, an online
identifier of the respective offer, an online identifier of the user as
well as tracking-specific values, such as, for example, advertising media
ID, affiliate ID and categorizations.
- Personal
data: "Personal data" means any information relating to an
identified or identifiable natural person (hereinafter "data
subject"); an identifiable natural person is one who can be
identified, directly or indirectly, in particular by reference to an
identifier such as a name, an identification number, location data, an
online identifier (e.g. cookie) or to one or more factors specific to the
physical, physiological, genetic, mental, economic, cultural or social
identity of that natural person.
- Profiles
with user-related information: The processing of "profiles with
user-related information", or "profiles" for short,
includes any type of automated processing of personal data that consists
of using such personal data to analyse, evaluate or to predict certain
personal aspects relating to a natural person (depending on the type of
profiling, this may include different information concerning demographics,
behavior and interests, such as interaction with websites and their
content, etc.) (e.g., interests in certain content or products, click
behavior on a website or location). Cookies and web beacons are often used
for profiling purposes.
- Reach
measurement: Reach measurement (also known as web analytics) is used to
evaluate the flow of visitors to an online offering and can include
visitors' behaviour or interests in certain information, such as website
content. With the help of reach analysis, website owners can see, for
example, at what time visitors visit their website and what content they
are interested in. This enables them, for example, to better adapt the
content of the website to the needs of their visitors. For reach analysis
purposes, pseudonymous cookies and web beacons are often used to recognize
returning visitors and thus obtain more precise analyses of the use of an
online offer.
- Controller:
"Controller" is the natural or legal person, public authority,
agency or other body which alone or jointly with others determines the
purposes and means of the processing of personal data.
- Processing:
"Processing" means any operation or set of operations which is
performed upon personal data, whether or not by automatic means. The term
is broad and includes virtually any handling of data, be it collection,
analysis, storage, transmission or deletion.