Privacy policy (GDPR)

As of April 5th, 2024

Preamble

With the following data protection declaration we would like to inform you about which types of your personal data (hereinafter also referred to as “data”) we process, for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as B. our social media profiles  hereinafter collectively referred to as “online offering”). The terms used are not gender specific.

 

Table of Contents

  • Preamble
  • Responsible person
  • Overview of processing
  • Relevant legal bases
  • Safety measures
  • Transfer of personal data
  • Deletion of data
  • Provision of the online offering and web hosting
  • Use of cookies
  • Blogs and publication media
  • Contact and inquiry management
  • Video conferences, online meetings,
    Webinars and screen sharing
  • Cloud services
  • Web analysis, monitoring and optimization
  • Customer reviews and rating process
  • Presences in social networks (social media)
  • Plug-ins and embedded functions and content
  • Management, organization and support tools
  • Changes and updates to the data protection declaration
  • Definitions of terms and acronyms

 

Responsible person

Paul Karnowka 
PAAN-Group Consulting
Lloyd-G.-Wells-Str. 21
14163 Berlin

Vertretungsberechtigte Personen: Paul Karnowka
E-Mail-Adresse: info@paan-group.com
Impressum: https://paan-group.com/impressum/

 

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

 

Types of Processed Data

  • Inventory data.
  • Payment details.
  • Contact details.
  • Content data.
  • Contract data.
  • Usage Data.
  • Meta, communication and procedural data.
  • Event data.

 

Categories of Data Subjects

  • Customers.
  • Employees.
  • Interested persons.
  • Communication partner.
  • User.
  • Business and contractual partners.
  • People depicted.

 

Purposes of Processing

Provision of contractual services and fulfillment of contractual obligations.

  • Contact inquiries and communication.
  • Safety measures.
  • Range measurement.
  • Office and organizational procedures.
  • Managing and responding to inquiries.
  • Firewall.
  • Feedback.
  • Marketing.
  • Profiles with user-related information.
  • Provision of our online offering and user-friendliness.
  • Information technology infrastructure.

 

Legal Bases for Processing

Relevant legal bases according to the GDPR: Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are relevant in individual cases, we will inform you about them in the
Data protection declaration with.

Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR) – The data subject has their consent to the processing of personal data concerning them for one or more specific purposes
given specific purposes.

Fulfillment of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or to carry out pre-contractual measures at the request of the data subject take place.

Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) – processing is necessary to safeguard the legitimate interests of the controller or a third party, provided that the interests, fundamental rights and freedoms of the data subject require protection requesting personal data does not predominate.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes in particular the law to protect against misuse of personal data during data processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes and transmission and automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may apply.

 

Safety measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, disclosure, ensuring availability and its separation. We have also set up procedures to exercise the rights of those affected, delete data and respond to threats
ensure the data. We also take the protection of personal data into account when developing or selecting hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Securing online connections using TLS/SSL encryption technology (HTTPS): In order to protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or
App and the user’s browser (or between two servers), which protects the data from unauthorized access. TLS, as the advanced and more secure version of SSL, ensures that all data transfers meet the highest security standards. If a website is secured by an SSL/TLS certificate, this is signaled by displaying HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.

 

Transfer of personal data

As part of our processing of personal data, it may be transmitted to or disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data can include: B. include service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such a case we take this into account legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

Data transfer within our group of companies: We may transfer personal data to other companies within our group of companies or grant them access to this data. If this transfer is made for administrative purposes, the transfer of the data is based on our legitimate entrepreneurial and business interests or takes place if it is necessary to fulfill our contractual obligations or if there is consent from those affected or legal permission.

Data transfer within the organization: Data transfer within the group of companies: We may transfer personal data to other companies within our group of companies or grant them access to it. If the data is passed on for administrative purposes, it is based on our legitimate entrepreneurial and business interests or takes place if it is necessary to fulfill our contractual obligations or if there is consent from those affected or legal permission.

 

Deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as their consent for processing is revoked or other permissions no longer apply (e.g. if the purpose of the processing this data has been omitted or is not required for the purpose). Unless the data is deleted because it is required for other legally permissible purposes, its processing will be limited to these purposes. This means that the data is blocked and not processed for other purposes. This applies e.g. B. for data that must be stored for commercial or tax reasons or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person. As part of our data protection information, we can provide users with further information about the deletion and storage of data that specifically applies to the respective processing processes.

 

Use of Cookies

Cookies are small text files or other storage notes that store and read information from end devices. For example, to save the log-in status in a user account, the contents of a shopping cart in an e-shop, the content accessed or the functions used in an online offer. Cookies can also be used for various purposes, such as the functionality, security and convenience of online offerings and the creation of analyzes of visitor flows.

Information on consent: We use cookies in accordance with legal regulations. We therefore obtain prior consent from users unless it is not required by law. In particular, permission is not necessary if the storage and reading of the information, including cookies, is absolutely necessary in order to provide users with a telemedia service they have expressly requested (i.e. our online offering). The revocable consent will be clearly communicated to you and contains information on the respective cookie use.

Notes on data protection legal bases: The data protection basis on which we process users’ personal data using cookies depends on whether we ask them for consent. If users accept, the legal basis for the use of their data is their declared consent. Otherwise, the data used using cookies will be processed on the basis of our legitimate interests (e.g. in the commercial operation of our online offering and improving its usability) or, if this is within the scope of fulfilling our contractual obligations, if the use of cookies is necessary is over
to fulfill our contractual obligations. We will explain the purposes for which we use cookies in the course of this data protection declaration or as part of our consent and processing processes.

Storage period: With regard to the storage period, a distinction is made between the following types of cookies:
Temporary cookies (also: session or session cookies):

  • Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their device (e.g. browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the device is closed. For example, the log-in status can be saved and preferred content can be displayed directly when the user visits a website again. The user data collected using cookies can also be used to measure reach. Unless we provide users with explicit information about the type and storage period of cookies (e.g. when obtaining consent), they should assume that they are permanent and that the storage period can be up to two years.

General information on revocation and objection (opt-out): Users can revoke the consent they have given at any time and can also declare an objection to the processing in accordance with the legal requirements, including using the privacy settings of their browser.

  • Types of data processed: Usage data (e.g. websites visited, interest in content, access times). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR).

 

Further information on processing processes, procedures and services:

  • Processing of cookie data based on consent: We use a consent management solution in which users’ consent to the use of cookies or to the procedures and providers mentioned as part of the consent management solution is obtained. This procedure is used to obtain, record, manage and revoke consent, particularly with regard to the use of cookies and similar technologies that are used to store, read and process information on users’ end devices. As part of this procedure, users’ consents are obtained for the use of cookies and the related processing of information, including the specific processing and providers mentioned in the consent management procedure. Users also have the option to manage and revoke their consent. The declarations of consent are stored in order to avoid repeated queries and to be able to provide proof of consent in accordance with legal requirements. The storage takes place on the server side and/or in a cookie (so-called opt-in cookie) or using comparable technologies in order to be able to assign the consent to a specific user or their device. If there is no specific information about the providers of consent management services, the following general information applies: The duration of the storage of consent is up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, information on the scope of consent (e.g. relevant categories of cookies and/or service providers) and information about the browser, the system and the device used becomes; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR).
  • Cookie opt-out: In the footer of our website you will find a link through which you can change your cookie settings and revoke the corresponding consent; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
  • CookieYes: Consent management: Procedure for obtaining, logging, managing and revoking consent, in particular for the use of cookies and similar technologies to store, read and process information on users’ devices and their processing; Service provider: CookieYes Limited, 3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.cookieyes.com; Privacy policy: https://www.cookieyes.com/privacy-policy/. Order processing contract: https://www.cookieyes.com/dpa/.

 

Provision of online offerings and web hosting

We process users’ data in order to be able to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary for the content and functions of our online services
to the user’s browser or device.

  • Types of data processed: Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Content data (e.g. entries in online forms); Inventory data (e.g. names, addresses); Payment details (e.g.
    bank details, invoices, payment history); Contact details (e.g. email, telephone numbers). Contract data (e.g. subject matter of the contract, term, customer category).
  • Data subjects: users (e.g. website visitors, users of online services); Customers; Interested persons; Business and contractual partners. Communication partner.
  • Purposes of processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.); Safety measures; firewall; Provision of contractual services and fulfillment of contractual obligations; Contact inquiries and communication; office and organizational procedures; Managing and responding to inquiries. Feedback (e.g. collecting feedback via online form).
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

 

Further information on processing processes, procedures and services:

  • Provision of online offerings on rented storage space: To provide our online offerings, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also known as a “web host”); Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
  • Collection of access data and log files: Access to our online offering is logged in the form of so-called “server log files”. The server log files include the address and name of the websites and files accessed, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP address. Addresses and the requesting provider belong. The server log files can be used for security purposes, e.g. B. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and on the other hand to ensure the utilization of the servers and their stability; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or
    anonymized. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
  • Email sending and hosting: The web hosting services we use also include sending, receiving and storing emails. For these purposes, the addresses of the recipients and senders as well as other information regarding the sending of emails (e.g. the providers involved) as well as the contents of the respective emails are processed. The aforementioned data can also be used for the purposes of:
    SPAM detection is processed. We ask you to note that emails on the Internet are generally not sent encrypted. As a rule, emails are encrypted during transport, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore assume no responsibility for the transmission path of emails between the sender and receipt on our server; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
  • Hetzner: Services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacity); Service provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR); Website: https://www.hetzner.com; Data protection declaration: https://www.hetzner.com/de/rechts/datenschutz. Order processing contract: https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privac
    y-faq/.
  • WordPress.com: hosting and software for creating, providing and operating websites, blogs and other online offerings; Service provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR); Website: https://wordpress.com; Data protection declaration: https://automattic.com/de/privacy/; Order processing agreement: https://wordpress.com/support/data-processing-agreements/. basis
    Third country transfers: Data Privacy Framework (DPF).
    Wordfence: Firewall and security and error detection functions to detect and prevent unauthorized access attempts and technical vulnerabilities that could enable such access. For these purposes, cookies and similar storage methods necessary for this purpose may be used and security logs may be created during the audit and in particular in the event of unauthorized access. In this context, the IP addresses of the users, a user identification number and their activities
    processed and stored, including the time of access, and compared with the data provided by the provider of the firewall and security function and transmitted to them; Service provider: Defiant, Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR); Website: https://www.wordfence.com; Privacy policy: https://www.wordfence.com/privacy-policy/; Basis for third country transfers: Standard contractual clauses (https://www.wordfence.com/standard-contractual-clauses/). More information: https://www.wordfence.com/help/general-data-protection-regulation/.
  • Yoast SEO: optimization of websites for search engines; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR); Further information: Operation within your own hosting environment; Service provider: Yoast B.V., Don Emanuelstraat 3, 6602 GX Wijchen, Netherlands; Website: https://yoast.com/. Privacy policy: https://yoast.com/privacy-notice/.
  • Matomo (without cookies): Matomo is a privacy-friendly web analysis software that is used without cookies and in which returning users are identified using a so-called “digital fingerprint”, which is stored anonymously and changed every 24 hours; With the “digital fingerprint” user movements within our online offering are recorded using pseudonymized IP addresses in combination with the user’s browser settings in such a way that conclusions about the identity of individual users are not possible. The user data collected when using Matomo is only processed by us and is not shared with third parties; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Website: https://matomo.org/.
  • Nextcloud: cloud storage, cloud infrastructure services and cloud-based application software; Service provider: Nextcloud GmbH, Hauptmannsreute 44a, 70192 Stuttgart, Germany; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR); Website: https://nextcloud.com/de/. Data protection:
    https://nextcloud.com/de/privacy/.
  • Amelia: Software for scheduling and managing appointments, with functions for payment processing, customer management and interfaces for integration with external calendars and online platforms; Service provider: Touch Me Soft doo, Milutina Milankovica street no. 11B, Belgrade, Serbia; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR); Website: https://wpamelia.com/de/. Privacy policy: https://wpamelia.com/privacy-policy/.
  • CookieYes: Consent management: Procedure for obtaining, logging, managing and revoking consent, in particular for the use of cookies and similar technologies to store, read and process information on users’ devices and their processing; Service provider: CookieYes Limited, 3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR); Website: https://www.cookieyes.com; Privacy policy: https://www.cookieyes.com/privacy-policy/. Order processing contract: https://www.cookieyes.com/dpa/.
  • Elementor Forms: Online forms (capturing, storing and processing entries); Service Provider: Elementor Ltd., 40 Tuval St, Ramat Gan, Israel; Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://elementor.com/features/form-builder/; Privacy Policy: https://elementor.com/about/privacy/; Order processing agreement: https://elementor.com/terms/cloud-toc/elementor-data-processing-agreement/;
    Basis for third country transfers: adequacy decision (Israel). More information: https://elementor.com/trust/.
  • Advanced Custom Fields: Customize WordPress with powerful, professional and intuitive fields; Service Provider: WP Engine Irongate House, 22-30 Duke’s Place London, EC3A 7LP United Kingdom; Website: https://www.advancedcustomfields.com/; Privacy policy: https://wpengine.com/legal/privacy/. Basis for third country transfers: adequacy decision (United Kingdom).

 

Blogs and publication media

We use blogs or comparable means of online communication and publication (hereinafter “publication medium”). Readers’ data will only be processed for the purposes of the publication medium to the extent necessary for its presentation and communication between authors and readers or for security reasons. Furthermore, we refer to the information on the processing of visitors to our publication medium within the scope of this data protection notice.

  • Types of data processed: inventory data (e.g. names, addresses); Contact details (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status).
  • Data subjects: Users (e.g. website visitors, users of online services).
    Purposes of processing: provision of contractual services and fulfillment of contractual obligations; Feedback (e.g. collecting feedback via online form); Provision of our online offering and user-friendliness. Information technology infrastructure (operation and provision of information systems and technical devices
    (computers, servers, etc.).).
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

 

Further information on processing processes, procedures and services:

  • WordPress.com: hosting and software for creating, providing and operating websites, blogs and other online offerings; Service provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, 02 AY86, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR); Website: https://wordpress.com; Data protection declaration: https://automattic.com/de/privacy/; Order processing agreement: https://wordpress.com/support/data-processing-agreements/. Basis for third country transfers: Data Privacy Framework (DPF).

 

Contact and inquiry management

When you contact us (e.g. by post, contact form, email, telephone or via social media) as well as within the framework of existing user and business relationships, the information provided by the inquiring person is processed to the extent necessary to answer contact inquiries and any requested measures is required.

  • Types of data processed: Contact details (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Inventory data (e.g. names, addresses); Payment data (e.g. bank details, invoices, payment history). Contract data (e.g. subject matter of the contract, term, customer category).
  • Affected persons: communication partner; Customers; Users (e.g. website visitors, users of online services); Interested persons. Business and contractual partners.
  • Purposes of processing: contact requests and communication; managing and responding to inquiries; Feedback (e.g. collecting feedback via online form); Provision of our online offering and user-friendliness; Provision of contractual services and fulfillment of contractual obligations. Office and organizational procedures.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

 

Further information on processing processes, procedures and services:

  • Contact form: If users contact us via our contact form, email or other communication channels, we process the data provided to us in this context to process the request communicated; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
  • Elementor Forms: Online forms (capturing, storing and processing entries); Service Provider: Elementor Ltd., 40 Tuval St, Ramat Gan, Israel; Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website:
    https://elementor.com/features/form-builder/; Privacy Policy: https://elementor.com/about/privacy/; Order processing agreement: https://elementor.com/terms/cloud-toc/elementor-data-processing-agreement/; Basis for third country transfers: adequacy decision (Israel). More information: https://elementor.com/trust/.
  • Amelia: Software for scheduling and managing appointments, with functions for payment processing, customer management and interfaces for integration with external calendars and online platforms; Service provider: Touch Me Soft doo, Milutina Milankovica street no. 11B, Belgrade, Serbia; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR); Website: https://wpamelia.com/de/. Privacy Policy:  https://wpamelia.com/privacy-policy/.

 

Video conferences, online meetings, webinars and Screen sharing​

We use platforms and applications from other providers (hereinafter referred to as “conference platforms”) for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings (hereinafter collectively referred to as “conference”). When selecting conference platforms and their services, we observe the legal requirements.

  • Data processed by conference platforms: As part of participation in a conference, the conference platforms process the following personal data of participants. The scope of processing depends, on the one hand, on what data is required as part of a specific conference (e.g. providing access data or real names) and what optional information is provided by the participants. In addition to processing to carry out the conference, the participants’ data can also be processed by the conference platforms for security purposes or service optimization. The data processed includes personal data (first name, last name), contact information (email address, telephone number), access data (access codes or passwords), profile pictures, information about professional status/function, the IP address of the Internet access, information about the participants’ end devices, their operating system, the browser and its technical and linguistic settings, information about the content of communication processes, d. H. Entries in chats as well as audio and video data, as well as the use of other available functions (e.g. surveys). The content of the communications is determined by the
    encrypted to the extent technically provided by the conference provider. If the participants are registered as users on the conference platforms, then further data can be processed in accordance with the agreement with the respective conference provider.
  • Logging and recordings: If text entries, participation results (e.g. from surveys) as well as video or audio recordings are logged, this will be transparently communicated to the participants in advance and they will be asked for consent – if necessary.
  • Participants’ data protection measures: Please note the details of the processing of your data by the conference platforms in their data protection information and select the security and data protection settings that are optimal for you within the framework of the conference platforms’ settings. Please also ensure data and privacy protection in the background of your recording for the duration of a video conference (e.g. by informing roommates, locking doors and using, where technically possible, the function to obscure the background). Links to the conference rooms and access data are not permitted
    passed on to unauthorized third parties.
  • Notes on legal bases: If, in addition to the conference platforms, we also process users’ data and ask the users for their consent to the use of the conference platforms or certain functions (e.g. consent to a recording of conferences), the legal basis for the processing is this consent . Furthermore, our processing may be necessary to fulfill our contractual obligations (e.g. in
    Lists of participants, in the case of processing the results of discussions, etc.). Furthermore, the user data is processed based on our legitimate interests in efficient and secure communication with us
    communication partners processed.
    • Types of data processed: inventory data (e.g. names, addresses); Contact details (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status).
    • Affected persons: communication partner; Users (e.g. website visitors, users of online services). People depicted. Purposes of processing: provision of contractual services and fulfillment of contractual obligations; Contact inquiries and communication. Office and organizational procedures.
    • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

 

Further information on processing processes, procedures and services:

  • Nextcloud: cloud storage, cloud infrastructure services and cloud-based application software; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR); Service provider: Nextcloud GmbH, Hauptmannsreute 44a, 70192 Stuttgart, Germany; Website: https://nextcloud.com/de/talk/. Data protection declaration: https://nextcloud.com/de/privacy/.

Cloud services

We use software services accessible via the Internet and running on their providers’ servers (so-called “cloud services”, also referred to as “software as a service”) for the storage and management of content (e.g. document storage and management, exchange of documents, content and information with specific recipients or publication of content and information).

Within this framework, personal data can be processed and stored on the providers’ servers, provided that they are part of communication processes with us or are otherwise processed by us as set out in this data protection declaration. This data may include, in particular, user master data and contact details, data on processes, contracts, other processes and their content. The cloud service providers also process usage data and metadata, which they use for security purposes and service optimization.

If we use the cloud services to provide forms or other documents and content to other users or publicly accessible websites, the providers may set cookies on the users’ devices for the purposes of web analysis or to remember the user’s settings (e.g. in the case of Media control) to remember and save.

  • Types of data processed: inventory data (e.g. names, addresses); Contact details (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times). Meta, communication and procedural data (e.g. IP addresses, timing, identification numbers, consent status).
  • Data subjects: customers; Employees (e.g. employees, applicants, former employees); Interested persons. Communication partner.
  • Purposes of processing: Office and organizational procedures. Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).).
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

 

Further information on processing processes, procedures and services:

  • Nextcloud: cloud storage, cloud infrastructure services and cloud-based application software; Service provider: Nextcloud GmbH, Hauptmannsreute 44a, 70192 Stuttgart, Germany; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR); Website: https://nextcloud.com/de/. Data protection declaration: https://nextcloud.com/de/privacy/.

 

Web analysis, monitoring and optimization

Web analysis, monitoring and optimization Web analysis (also referred to as “reach measurement”) is used to evaluate the flow of visitors to our online offering and can include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, you can For example, we recognize at what time our online offering or its functions or content are used most frequently or invite reuse. It is also possible for us to understand which areas require optimization.

In addition to web analysis, we can also use testing procedures to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles, i.e. data summarized into a usage process, can be created for these purposes and information can be stored in a browser or in a device and then read out. The information collected includes, in particular, websites visited and elements used there, as well as technical information, such as the browser used, the computer system used and information about times of use. If users have agreed to the collection of their location data to us or to the providers of the services we use, the processing of location data is also possible.

In addition, the users’ IP addresses are stored. However, we use an IP masking process (i.e. pseudonymization by shortening the IP address) to protect users. In general, as part of web analysis, A/B testing and optimization, no clear user data (such as email addresses or names) is stored, but rather pseudonyms. This means that we and the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective procedures.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, the user data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

  • Types of data processed: Usage data (e.g. websites visited, interest in content, access times). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors). Profiles with user-related information (creating user profiles).
    Security measures: IP masking (pseudonymization of the IP address).
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

 

Further information on processing processes, procedures and services:

  • Matomo (without cookies): Matomo is a privacy-friendly web analysis software that is used without cookies and in which returning users are identified using a so-called “digital fingerprint”, which is stored anonymously and changed every 24 hours; With the “digital fingerprint” user movements within our online offering are recorded using pseudonymized IP addresses in combination with the user’s browser settings in such a way that conclusions about the identity of individual users are not possible. The user data collected when using Matomo is only processed by us and is not shared with third parties; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Website: https://matomo.org/.

 

Customer reviews and rating process

We participate in review and rating processes to evaluate, optimize and promote our services. If users rate us via the evaluation platforms or procedures involved or otherwise give feedback, the general terms and conditions or terms of use and the data protection information of the providers also apply. As a rule, the evaluation also requires registration with the respective provider.

In order to ensure that the reviewers have actually used our services, we transmit, with the consent of the customer, the necessary data regarding the customer and the service used to the respective review platform (including name, email address and Order number or article number). This data is used solely to verify the authenticity of the user.

  • Types of data processed: contract data (e.g. subject matter of the contract, term, customer category); Usage data (e.g. websites visited, interest in content, access times). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status).
  • Affected persons: customers. Users (e.g. website visitors, users of online services).
  • Purposes of processing: Feedback (e.g. collecting feedback via online form). Marketing.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

 

Further information on processing processes, procedures and services:

  • Google Customer Reviews: Service for collecting and/or presenting customer satisfaction and opinions; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR); Website: https://www.google.com/; Privacy Policy: https://policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF); Further information: When collecting customer reviews, an identification number and the time for the business transaction to be evaluated are processed; for review requests sent directly to customers, the customer’s email address and their country of residence as well as the review information itself are processed; Further information on the types of processing and the data processed: https://business.safety.google/adsservices/. Data processing conditions for Google advertising products: Information about the services Data processing conditions between controllers and standard contractual clauses for third country transfers of data: https://business.safety.google/adscontrollerterms.

 

Presences in social networks (social media).

Plugins and embedded features as well Content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These can be, for example, graphics, videos or city maps (hereinafter referred to as “content”) ).

The integration always requires that the third party providers of this content process the users’ IP address, as without an IP address they would not be able to send the content to their browser. The IP address is therefore used to display this content
or functions required. We strive to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offering, but also linked to such information from other sources become.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is permission. Otherwise, the user data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

  • Types of data processed: Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Event data (Facebook) (“Event data” is data that can be transmitted by us to Facebook, for example via Facebook pixels (via apps or other ways) and relates to people or their actions; To Data includes, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc.; the event data is processed for the purpose of forming target groups for content and advertising information (custom audiences). Event data do not contain the actual content (such as written comments), no login information and no contact information (i.e. no names, email addresses and telephone numbers). Event data will be deleted by Facebook after a maximum of two years; the target groups formed from them will be deleted when our Facebook account is deleted).
  • Data subjects: Users (e.g. website visitors, users of online services). Purposes of processing: Provision of our online offering and user-friendliness; Provision of contractual services and fulfillment
    contractual obligations; Marketing. Profiles with user-related information (creating user profiles).
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR).

 

Further information on processing processes, procedures and services:

  • We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These can be, for example, graphics, videos or city maps (hereinafter referred to as “content”) ).The integration always requires that the third party providers of this content process the users’ IP address, as without an IP address they would not be able to send the content to their browser. The IP address is therefore used to display this content
    or functions required. We strive to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offering, but also linked to such information from other sources become.Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is permission. Otherwise, the user data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

    Types of data processed: Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Event data (Facebook) (“Event data” is data that can be transmitted by us to Facebook, for example via Facebook pixels (via apps or other ways) and relates to people or their actions; To Data includes, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc.; the event data is processed for the purpose of forming target groups for content and advertising information (custom audiences). Event data do not contain the actual content (such as
    written comments), no login information and no contact information (i.e. no names, email addresses and telephone numbers). Event data will be deleted by Facebook after a maximum of two years; the target groups formed from them will be deleted when our Facebook account is deleted).
    Data subjects: Users (e.g. website visitors, users of online services). Purposes of processing: Provision of our online offering and user-friendliness; Provision of contractual services and fulfillment
    contractual obligations; Marketing. Profiles with user-related information (creating user profiles).
    Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR).

 

Further information on processing processes, procedures and services:

  • Facebook plugins and content: Facebook social plugins and content – This can be done, for example: This includes, for example, content such as images, videos or texts and buttons with which users can share content from this online offer within Facebook. The list and appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/ – We are responsible, together with Meta Platforms Ireland Limited, for the collection or receipt as part of a transmission (but not the further processing) of “event data” that Facebook collects using the Facebook social plugins (and embedding functions for content) that are carried out on our online offering or receives as part of a transmission for the following purposes: a) Displaying content and advertising information that corresponds to the presumed interests of users; b) Delivery of commercial and transactional messages (e.g. addressing
    users via Facebook Messenger); c) Improve ad delivery and personalization of features and content (e.g. improving detection of which content or advertising information is likely to match users’ interests). We have concluded a special agreement with Facebook (“Addition for Controllers”, https://www.facebook.com/legal/controller_addendum), which regulates in particular which security measures Facebook must observe (https://www.facebook. com/legal/terms/data_security_terms) and in which Facebook has agreed to fulfill the rights of those affected (i.e. users can, for example, send information or deletion requests directly to Facebook). Note: If Facebook provides us with measurements, analyzes and reports (which are aggregated, i.e. do not contain information about individual users and are anonymous to us), then this processing does not take place within the framework of joint responsibility, but on the basis of a
    Order processing contract (“Data processing conditions”, https://www.facebook.com/legal/terms/dataprocessing), the “Data security conditions” https://www.facebook.com/legal/terms/data_security_terms) as well as with regard to the processing in the USA on the basis of standard contractual clauses (“Facebook-EU data transfer supplement, https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (in particular to information, deletion, objection and complaint to the responsible supervisory authority) are governed by the agreements with Facebook are not restricted; service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 /www.facebook.com; Data protection declaration: https://www.facebook.com/privacy/policy/. Basis for third country transfers:
    Data Privacy Framework (DPF).
  • Google Fonts (provided on our own server): Provision of font files for the purpose of a user-friendly presentation of our online offering; Service provider: The Google Fonts are used on our
    Server hosted, no data is transmitted to Google; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
    LinkedIn plugins and content: LinkedIn plugins and content – This can be done, for example: This includes, for example, content such as images, videos or texts and buttons with which users can share content from this online offering within LinkedIn; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR); Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Order processing contract: https://legal.linkedin.com/dpa; Basis for third country transfers: Data Privacy Framework (DPF). Option to object (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
    reCAPTCHA: We include the “reCAPTCHA” function in order to be able to recognize whether entries (e.g. in online forms) are made by people and not by automatically acting machines (so-called “bots”). The data processed may include IP addresses, information about operating systems, devices or browsers used, language settings, location, mouse movements, keyboard strokes, time spent on websites, previously visited websites, interactions with ReCaptcha on other websites, possibly cookies and results of manual recognition processes ( e.g. answering questions or selecting objects in pictures). Data processing is based on our legitimate interest in protecting our online offering from abusive automated crawling and spam; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR); Website: https://www.google.com/recaptcha/; Privacy Policy: https://policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF). Option to object (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertising: https://myadcenter.google.com/personalizationoff. 
  • X-Plugins und -Inhalte: Plugins und -Schaltflächen der Plattform “X” – Hierzu können z. B. Inhalte wie Bilder, Videos oder Texte und Schaltflächen gehören, mit denen Nutzer Inhalte dieses Onlineangebotes innerhalb von X teilen können; Dienstanbieter: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Irland; Rechtsgrundlagen: Berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://twitter.com/de; Datenschutzerklärung: https://twitter.com/de/privacy, (Settings: https://twitter.com/personalization); Auftragsverarbeitungsvertrag: https://privacy.twitter.com/en/for-our-partners/global-dpa. Grundlage Drittlandtransfers: Standardvertragsklauseln (https://privacy.twitter.com/en/for-our-partners/global-dpa). 
  • Xing Plugins und -Schaltflächen: Xing Plugins und -Schaltflächen – Hierzu können z. B. Inhalte wie Bilder, Videos oder Texte und Schaltflächen gehören, mit denen Nutzer Inhalte dieses Onlineangebotes innerhalb von Xing teilen können; Dienstanbieter: New Work SE, Am Strandkai 1, 20457 Hamburg, Deutschland; Rechtsgrundlagen: Berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://www.xing.com. Datenschutzerklärung: https://privacy.xing.com/de/datenschutzerklaerung.

 

We use services, platforms and software from other providers (hereinafter referred to as “third-party providers”) for the purposes of organizing, managing, planning and providing our services. When selecting third-party providers and their services, we observe the legal requirements.

In this context, personal data may be processed and stored on the third-party servers. This may affect various data, which we process in accordance with this data protection declaration. To
This data may include, in particular, user master data and contact details, data on processes, contracts, other processes and their content.

If users are referred to third-party providers or their software or platforms as part of communication, business or other relationships with us, the third-party providers may access usage data and metadata
Process for security purposes, service optimization or marketing purposes. We therefore ask you to observe the data protection information of the respective third-party providers.

  • Types of data processed: Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Inventory data (e.g. names, addresses). Contact details (e.g. email, telephone numbers).
  • Affected persons: communication partner; Users (e.g. website visitors, users of online services). Customers.
  • Purposes of processing: provision of contractual services and fulfillment of contractual obligations; office and organizational procedures; Provision of our online offering and user-friendliness. Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).).
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR).

 

Further information on processing processes, procedures and services:

  • ChatGPT: AI-based service designed to understand and generate natural language and associated inputs and data, analyze information and make predictions (“AI”, i.e. “Artificial Intelligence”) is defined under applicable law to understand the meaning of the term); Service provider: OpenAI Ireland Ltd, 117-126 Sheriff Street Upper, D01 YC43 Dublin 1, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR); Website: https://openai.com/product; Data protection declaration: https://openai.com/de/policies/eu-privacy-policy. Option to object (opt-out): https://docs.google.com/forms/d/e/1FAIpQLSevgtKyiSWIOj6CV6XWBHl1daPZ SOcIWzcUYUXQ1xttjBgDpA/viewform.
  • Miro: online whiteboard and collaboration platform; Service provider: Realtimeboard Inc. dba Miro, 201 Spear Street Suite 1100, San Francisco, California 94105, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR); Website: https://miro.com/; Privacy policy: https://miro.com/legal/privacy-policy/; Order processing contract: https://miro.com/legal/vendor-data-processing-addendum/. Basis for third country transfers: standard contractual clauses (https://miro.com/legal/vendor-data-processing-addendum/).
    Nextcloud: cloud storage, cloud infrastructure services and cloud-based application software; Service provider: Nextcloud GmbH, Hauptmannsreute 44a, 70192 Stuttgart, Germany; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR); Website: https://nextcloud.com/de/. Data protection declaration: https://nextcloud.com/de/privacy/.
  • Google Translate: Translation of content and input into other languages; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR); Website: https://translate.google.com/; Privacy Policy: https://policies.google.com/privacy;
    Order processing contract: https://cloud.google.com/terms/data-processing-addendum. Basis for third country transfers: Data Privacy Framework (DPF).
    WordPress.com: hosting and software for creating, providing and operating websites, blogs and other online offerings; Service provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, Herbert Pl, Dublin, D02 AY86, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR); Website: https://wordpress.com; Data protection declaration: https://automattic.com/de/privacy/; Order processing agreement: https://wordpress.com/support/data-processing-agreements/. basis
    Third country transfers: Data Privacy Framework (DPF). 
  • Grammarly: Grammarly’s product ensures that everything you type is not only accurate in spelling, punctuation, and grammar but also clear, compelling, and easy to read; Service Provider: Grammarly 548 Market Street, #35410 San Francisco, CA 94104; Website: https://www.grammarly.com/; Privacy Policy:  https://www.grammarly.com/privacy-policy. Basis for third country transfers: adequacy decision
    (Great Britain).
    Screaming Frog: Crawling, i.e. H. Reviewing and analyzing our own websites as well as log files of website access, with the purpose of improving the findability of our online offering on search engines and generally on the Internet (see search engine optimization) and generally the user-friendliness of an online offering; Service Provider: Screaming Frog Ltd, 6 Grays Road, Henley-on-Thames, Oxfordshire, RG9 1RY. Great Britain; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://www.screamingfrog.co.uk; Privacy Policy: https://www.screamingfrog.co.uk/privacy/. More
    Information: The server log files processed include the address and title of the websites and files accessed, the date and time of access, the amount of data transferred, notification of successful retrieval, and browser type
    In addition to the version, the user’s operating system, referrer URL (the previously visited page) and usually IP addresses and the requesting provider. We process the server log files with Screaming Frog without reference to specific users and without creating their profiles, exclusively for the purposes of technical and business analysis. We store all files on our servers or locally on end devices and not on online servers. We do not store the log files with personal references after the analysis. The processing is carried out on the basis of our business interests and the interests of the users in the usability of our online services.
  • Buffer: Buffer is a social media management software made for small businesses providing them with the tools they need to schedule posts, analyze the results, and engage with their customers; Service Provider: Buffer, Inc.
    2443 Fillmore Street #380-7163 San Francisco, CA 94115 USA; Website: https://buffer.com/. Data protection:
    https://buffer.com/legal#privacy-policy.

 

Management, organization and support tools

We use services, platforms and software from other providers (hereinafter referred to as “third-party providers”) for the purposes of organizing, managing, planning and providing our services. When selecting third-party providers and their services, we observe the legal requirements. 

In this context, personal data may be processed and stored on the third-party servers. This may affect various data, which we process in accordance with this data protection declaration. To
This data may include, in particular, user master data and contact details, data on processes, contracts, other processes and their content.

If users are referred to third-party providers or their software or platforms as part of communication, business or other relationships with us, the third-party providers may access usage data and metadata
Process for security purposes, service optimization or marketing purposes. We therefore ask you to observe the data protection information of the respective third-party providers.

  • Types of data processed: Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Inventory data (e.g. names, addresses). Contact details (e.g. email, telephone numbers).
    Affected persons: communication partner; Users (e.g. website visitors, users of online services). Customers.
  • Purposes of processing: provision of contractual services and fulfillment of contractual obligations; office and organizational procedures; Provision of our online offering and user-friendliness. Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).).
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR).

 

Further information on processing processes, procedures and services:

  • ChatGPT: AI-based service designed to understand and generate natural language and associated inputs and data, analyze information and make predictions (“AI”, i.e. “Artificial Intelligence”) is defined under applicable law to understand the meaning of the term); Service provider: OpenAI Ireland Ltd, 117-126 Sheriff Street Upper, D01 YC43 Dublin 1, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR); Website: https://openai.com/product; Data protection declaration: https://openai.com/de/policies/eu-privacy-policy. Option to object (opt-out): https://docs.google.com/forms/d/e/1FAIpQLSevgtKyiSWIOj6CV6XWBHl1daPZ SOcIWzcUYUXQ1xttjBgDpA/viewform.
  • Miro: online whiteboard and collaboration platform; Service provider: Realtimeboard Inc. dba Miro, 201 Spear Street Suite 1100, San Francisco, California 94105, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR); Website: https://miro.com/; Privacy policy: https://miro.com/legal/privacy-policy/; Order processing contract: https://miro.com/legal/vendor-data-processing-addendum/. Basis for third country transfers: standard contractual clauses (https://miro.com/legal/vendor-data-processing-addendum/).
  • Nextcloud: cloud storage, cloud infrastructure services and cloud-based application software; Service provider: Nextcloud GmbH, Hauptmannsreute 44a, 70192 Stuttgart, Germany; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR); Website: https://nextcloud.com/de/. Data protection declaration: https://nextcloud.com/de/privacy/.
  • Google Translate: Translation of content and input into other languages; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR); Website: https://translate.google.com/; Privacy Policy: https://policies.google.com/privacy;Order processing contract: https://cloud.google.com/terms/data-processing-addendum. Basis for third country transfers: Data Privacy Framework (DPF).
  • WordPress.com: hosting and software for creating, providing and operating websites, blogs and other online offerings; Service provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, Herbert Pl, Dublin, D02 AY86, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR); Website: https://wordpress.com; Data protection declaration: https://automattic.com/de/privacy/; Order processing agreement: https://wordpress.com/support/data-processing-agreements/. basis
    Third country transfers: Data Privacy Framework (DPF).
  • Grammarly: Grammarly’s product ensures that everything you type is not only accurate in spelling, punctuation, and grammar but also clear, compelling, and easy to read; Service Provider: Grammarly 548 Market Street, #35410 San Francisco, CA 94104; Website: https://www.grammarly.com/; Privacy Policy:  https://www.grammarly.com/privacy-policy. Basis for third country transfers: adequacy decision
    (Great Britain).
  • Screaming Frog: Crawling, i.e. H. Reviewing and analyzing our own websites as well as log files of website access, with the purpose of improving the findability of our online offering on search engines and generally on the Internet (see search engine optimization) and generally the user-friendliness of an online offering; Service Provider: Screaming Frog Ltd, 6 Grays Road, Henley-on-Thames, Oxfordshire, RG9 1RY. Great Britain; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://www.screamingfrog.co.uk; Privacy Policy: https://www.screamingfrog.co.uk/privacy/. More
    Information: The server log files processed include the address and title of the websites and files accessed, the date and time of access, the amount of data transferred, notification of successful retrieval, and browser type
    In addition to the version, the user’s operating system, referrer URL (the previously visited page) and usually IP addresses and the requesting provider. We process the server log files with Screaming Frog without reference to specific users and without creating their profiles, exclusively for the purposes of technical and business analysis. We store all files on our servers or locally on end devices and not on online servers. We do not store the log files with personal references after the analysis. The processing is carried out on the basis of our business interests and the interests of the users in the usability of our online services.
  • Buffer: Buffer is a social media management software made for small businesses providing them with the tools they need to schedule posts, analyze the results, and engage with their customers; Service Provider: Buffer, Inc.
    2443 Fillmore Street #380-7163 San Francisco, CA 94115 USA; Website: https://buffer.com/. Data protection:
    https://buffer.com/legal#privacy-policy.

 

Modification and updating of the Data protection

We ask you to regularly inform yourself about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

If we provide addresses and contact information for companies and organizations in this privacy policy, please note that the addresses may change over time and ask you to check the information before contacting us.

 

Definitions of terms

This section provides an overview of the terms used in this data protection declaration. To the extent that the terms are defined by law, their legal definitions apply. The following explanations, on the other hand, are intended primarily to provide understanding. 

  • Firewall: A firewall is a security system that protects a computer network or an individual computer from unwanted network access.
  • Personal data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); A natural person is considered to be identifiable if he or she is directly or indirectly linked to an identifier such as a name identification number, location data, an online identifier (e.g. cookie) or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
  • Profiles with user-related information: The processing of “profiles with user-related information”, or “profiles” for short, includes any type of automated processing of personal data, which consists in the use of these personal data to identify certain personal aspects relating to a natural person (depending on the type of profile creation, different information regarding demographics, behavior and interests, such as interaction with websites and their content, etc.) can be analyzed, evaluated or predicted (e.g. B. interests in certain content or products, click behavior on a website or whereabouts). Cookies and web beacons are often used for profiling purposes.
  • Reach measurement: Reach measurement (also known as web analytics) is used to evaluate the flow of visitors to an online offer and can determine the behavior or interests of visitors in certain information, such as: B. content of websites. With the help of reach analysis, operators of online offers can e.g. B. recognize at what time users visit your websites and what content they are interested in. This allows you, for example, B. adapt the content of the websites better to the needs of your visitors. For the purposes of reach analysis, pseudonymous cookies and web beacons are often used to recognize returning visitors and thus obtain more precise analyzes of the use of an online offering.
  • Controller: The “controller” is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data.
  • Processing: “Processing” means any operation or series of operations carried out on personal data, whether or not by automated means. The term is wide-ranging and includes practically every handling of data, be it collecting, evaluating, storing, transmitting or deleting.

 

Linkedin Xing Twitter Cloud

Services

Contact

Imprint | Privacy Policy

made by Futuvia®