Privacy Policy

1. An overview of data protection

General information

The fol­low­ing infor­ma­tion will pro­vide you with an easy to nav­i­gate overview of what will hap­pen with your per­son­al data when you vis­it this web­site. The term “per­son­al data” com­pris­es all data that can be used to per­son­al­ly iden­ti­fy you. For detailed infor­ma­tion about the sub­ject mat­ter of data pro­tec­tion, please con­sult our Data Protection Declaration, which we have includ­ed beneath this copy.

Data recording on this website

Who is the responsible party for the recording of data on this website (i.e., the “controller”)?

The data on this web­site is processed by the oper­a­tor of the web­site, whose con­tact infor­ma­tion is avail­able under sec­tion “Information about the respon­si­ble par­ty (referred to as the “con­troller” in the GDPR)” in this Privacy Policy.

How do we record your data?

We col­lect your data as a result of your shar­ing of your data with us. This may, for instance be infor­ma­tion you enter into our con­tact form.

Other data shall be record­ed by our IT sys­tems auto­mat­i­cal­ly or after you con­sent to its record­ing dur­ing your web­site vis­it. This data com­pris­es pri­mar­i­ly tech­ni­cal infor­ma­tion (e.g., web brows­er, oper­at­ing sys­tem, or time the site was accessed). This infor­ma­tion is record­ed auto­mat­i­cal­ly when you access this website.

What are the purposes we use your data for?

A por­tion of the infor­ma­tion is gen­er­at­ed to guar­an­tee the error free pro­vi­sion of the web­site. Other data may be used to ana­lyze your user patterns.

What rights do you have as far as your information is concerned?

You have the right to receive infor­ma­tion about the source, recip­i­ents, and pur­pos­es of your archived per­son­al data at any time with­out hav­ing to pay a fee for such dis­clo­sures. You also have the right to demand that your data are rec­ti­fied or erad­i­cat­ed. If you have con­sent­ed to data pro­cess­ing, you have the option to revoke this con­sent at any time, which shall affect all future data pro­cess­ing. Moreover, you have the right to demand that the pro­cess­ing of your data be restrict­ed under cer­tain cir­cum­stances. Furthermore, you have the right to log a com­plaint with the com­pe­tent super­vis­ing agency.

Please do not hes­i­tate to con­tact us at any time if you have ques­tions about this or any oth­er data pro­tec­tion relat­ed issues.

Analysis tools and tools provided by third parties

There is a pos­si­bil­i­ty that your brows­ing pat­terns will be sta­tis­ti­cal­ly ana­lyzed when your vis­it this web­site. Such analy­ses are per­formed pri­mar­i­ly with what we refer to as analy­sis programs.

For detailed infor­ma­tion about these analy­sis pro­grams please con­sult our Data Protection Declaration below.

2. Hosting

External Hosting

This web­site is host­ed by an exter­nal ser­vice provider (host). Personal data col­lect­ed on this web­site are stored on the servers of the host. These may include, but are not lim­it­ed to, IP address­es, con­tact requests, meta­da­ta and com­mu­ni­ca­tions, con­tract infor­ma­tion, con­tact infor­ma­tion, names, web page access, and oth­er data gen­er­at­ed through a web site.

The host is used for the pur­pose of ful­fill­ing the con­tract with our poten­tial and exist­ing cus­tomers (Art. 6(1)(b) GDPR) and in the inter­est of secure, fast, and effi­cient pro­vi­sion of our online ser­vices by a pro­fes­sion­al provider (Art. 6(1)(f) GDPR).

Our host will only process your data to the extent nec­es­sary to ful­fil its per­for­mance oblig­a­tions and to fol­low our instruc­tions with respect to such data.

We are using the fol­low­ing host:

Besser mit Butter GmbH
Falterstraße 24
90480 Nürnberg

Data processing

We have con­clud­ed a data pro­cess­ing agree­ment (DPA) with the above-mentioned provider. This is a con­tract man­dat­ed by data pri­va­cy laws that guar­an­tees that they process per­son­al data of our web­site vis­i­tors only based on our instruc­tions and in com­pli­ance with the GDPR.

3. General information and mandatory information

Data protection

The oper­a­tors of this web­site and its pages take the pro­tec­tion of your per­son­al data very seri­ous­ly. Hence, we han­dle your per­son­al data as con­fi­den­tial infor­ma­tion and in com­pli­ance with the statu­to­ry data pro­tec­tion reg­u­la­tions and this Data Protection Declaration.

Whenever you use this web­site, a vari­ety of per­son­al infor­ma­tion will be col­lect­ed. Personal data com­pris­es data that can be used to per­son­al­ly iden­ti­fy you. This Data Protection Declaration explains which data we col­lect as well as the pur­pos­es we use this data for. It also explains how, and for which pur­pose the infor­ma­tion is collected.

We here­with advise you that the trans­mis­sion of data via the Internet (i.e., through e-mail com­mu­ni­ca­tions) may be prone to secu­ri­ty gaps. It is not pos­si­ble to com­plete­ly pro­tect data against third-party access.

Information about the responsible party (referred to as the “controller” in the GDPR)

The data pro­cess­ing con­troller on this web­site is:

Sebastian Kuhn
Rohrwiesenweg 14
90562 Kalchreuth

Phone: +49 911 37 477 69
E-mail: box@drehmomente.de

The con­troller is the nat­ur­al per­son or legal enti­ty that single-handedly or joint­ly with oth­ers makes deci­sions as to the pur­pos­es of and resources for the pro­cess­ing of per­son­al data (e.g., names, e-mail address­es, etc.).

Storage duration

Unless a more spe­cif­ic stor­age peri­od has been spec­i­fied in this pri­va­cy pol­i­cy, your per­son­al data will remain with us until the pur­pose for which it was col­lect­ed no longer applies. If you assert a jus­ti­fied request for dele­tion or revoke your con­sent to data pro­cess­ing, your data will be delet­ed, unless we have oth­er legal­ly per­mis­si­ble rea­sons for stor­ing your per­son­al data (e.g., tax or com­mer­cial law reten­tion peri­ods); in the lat­ter case, the dele­tion will take place after these rea­sons cease to apply.

Information on data transfer to the USA and other non-EU countries

Among oth­er things, we use tools of com­pa­nies domi­ciled in the United States or oth­er from a data pro­tec­tion per­spec­tive non-secure non-EU coun­tries. If these tools are active, your per­son­al data may poten­tial­ly be trans­ferred to these non-EU coun­tries and may be processed there. We must point out that in these coun­tries, a data pro­tec­tion lev­el that is com­pa­ra­ble to that in the EU can­not be guar­an­teed. For instance, U.S. enter­pris­es are under a man­date to release per­son­al data to the secu­ri­ty agen­cies and you as the data sub­ject do not have any lit­i­ga­tion options to defend your­self in court. Hence, it can­not be ruled out that U.S. agen­cies (e.g., the Secret Service) may process, ana­lyze, and per­ma­nent­ly archive your per­son­al data for sur­veil­lance pur­pos­es. We have no con­trol over these pro­cess­ing activities.

Revocation of your consent to the processing of data

A wide range of data pro­cess­ing trans­ac­tions are pos­si­ble only sub­ject to your express con­sent. You can also revoke at any time any con­sent you have already giv­en us. This shall be with­out prej­u­dice to the law­ful­ness of any data col­lec­tion that occurred pri­or to your revocation.

Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)

IN THE EVENT THAT DATA ARE PROCESSED ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS, ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS DATA PROTECTION DECLARATION. IF YOU LOG AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING PROTECTION WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA, THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PURPOSE OF THE PROCESSING IS THE CLAIMING, EXERCISING OR DEFENCE OF LEGAL ENTITLEMENTS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS BEING PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to log a complaint with the competent supervisory agency

In the event of vio­la­tions of the GDPR, data sub­jects are enti­tled to log a com­plaint with a super­vi­so­ry agency, in par­tic­u­lar in the mem­ber state where they usu­al­ly main­tain their domi­cile, place of work or at the place where the alleged vio­la­tion occurred. The right to log a com­plaint is in effect regard­less of any oth­er admin­is­tra­tive or court pro­ceed­ings avail­able as legal recourses.

Right to data portability

You have the right to demand that we hand over any data we auto­mat­i­cal­ly process on the basis of your con­sent or in order to ful­fil a con­tract be hand­ed over to you or a third par­ty in a com­mon­ly used, machine read­able for­mat. If you should demand the direct trans­fer of the data to anoth­er con­troller, this will be done only if it is tech­ni­cal­ly feasible.

SSL and/or TLS encryption

For secu­ri­ty rea­sons and to pro­tect the trans­mis­sion of con­fi­den­tial con­tent, such as pur­chase orders or inquiries you sub­mit to us as the web­site oper­a­tor, this web­site uses either an SSL or a TLS encryp­tion pro­gram. You can rec­og­nize an encrypt­ed con­nec­tion by check­ing whether the address line of the brows­er switch­es from “http://” to “https://” and also by the appear­ance of the lock icon in the brows­er line.

If the SSL or TLS encryp­tion is acti­vat­ed, data you trans­mit to us can­not be read by third parties.

Information about, rectification and eradication of data

Within the scope of the applic­a­ble statu­to­ry pro­vi­sions, you have the right to at any time demand infor­ma­tion about your archived per­son­al data, their source and recip­i­ents as well as the pur­pose of the pro­cess­ing of your data. You may also have a right to have your data rec­ti­fied or erad­i­cat­ed. If you have ques­tions about this sub­ject mat­ter or any oth­er ques­tions about per­son­al data, please do not hes­i­tate to con­tact us at any time.

Right to demand processing restrictions

You have the right to demand the impo­si­tion of restric­tions as far as the pro­cess­ing of your per­son­al data is con­cerned. To do so, you may con­tact us at any time. The right to demand restric­tion of pro­cess­ing applies in the fol­low­ing cases:

• In the event that you should dis­pute the cor­rect­ness of your data archived by us, we will usu­al­ly need some time to ver­i­fy this claim. During the time that this inves­ti­ga­tion is ongo­ing, you have the right to demand that we restrict the pro­cess­ing of your per­son­al data.
• If the pro­cess­ing of your per­son­al data was/is con­duct­ed in an unlaw­ful man­ner, you have the option to demand the restric­tion of the pro­cess­ing of your data in lieu of demand­ing the erad­i­ca­tion of this data.
• If we do not need your per­son­al data any longer and you need it to exer­cise, defend or claim legal enti­tle­ments, you have the right to demand the restric­tion of the pro­cess­ing of your per­son­al data instead of its eradication.
• If you have raised an objec­tion pur­suant to Art. 21(1) GDPR, your rights and our rights will have to be weighed against each oth­er. As long as it has not been deter­mined whose inter­ests pre­vail, you have the right to demand a restric­tion of the pro­cess­ing of your per­son­al data.

If you have restrict­ed the pro­cess­ing of your per­son­al data, these data – with the excep­tion of their archiv­ing – may be processed only sub­ject to your con­sent or to claim, exer­cise or defend legal enti­tle­ments or to pro­tect the rights of oth­er nat­ur­al per­sons or legal enti­ties or for impor­tant pub­lic inter­est rea­sons cit­ed by the European Union or a mem­ber state of the EU.

4. Recording of data on this website

Cookies

Our web­sites and pages use what the indus­try refers to as “cook­ies.” Cookies are small text files that do not cause any dam­age to your device. They are either stored tem­porar­i­ly for the dura­tion of a ses­sion (ses­sion cook­ies) or they are per­ma­nent­ly archived on your device (per­ma­nent cook­ies). Session cook­ies are auto­mat­i­cal­ly delet­ed once you ter­mi­nate your vis­it. Permanent cook­ies remain archived on your device until you active­ly delete them, or they are auto­mat­i­cal­ly erad­i­cat­ed by your web browser.

In some cas­es, it is pos­si­ble that third-party cook­ies are stored on your device once you enter our site (third-party cook­ies). These cook­ies enable you or us to take advan­tage of cer­tain ser­vices offered by the third par­ty (e.g., cook­ies for the pro­cess­ing of pay­ment services).

Cookies have a vari­ety of func­tions. Many cook­ies are tech­ni­cal­ly essen­tial since cer­tain web­site func­tions would not work in the absence of the cook­ies (e.g., the shop­ping cart func­tion or the dis­play of videos). The pur­pose of oth­er cook­ies may be the analy­sis of user pat­terns or the dis­play of pro­mo­tion­al messages.

Cookies, which are required for the per­for­mance of elec­tron­ic com­mu­ni­ca­tion trans­ac­tions (required cook­ies) or for the pro­vi­sion of cer­tain func­tions you want to use (func­tion­al cook­ies, e.g., for the shop­ping cart func­tion) or those that are nec­es­sary for the opti­miza­tion of the web­site (e.g., cook­ies that pro­vide mea­sur­able insights into the web audi­ence), shall be stored on the basis of Art. 6(1)(f) GDPR, unless a dif­fer­ent legal basis is cit­ed. The oper­a­tor of the web­site has a legit­i­mate inter­est in the stor­age of cook­ies to ensure the tech­ni­cal­ly error free and opti­mized pro­vi­sion of the operator’s ser­vices. If your con­sent to the stor­age of the cook­ies has been request­ed, the respec­tive cook­ies are stored exclu­sive­ly on the basis of the con­sent obtained (Art. 6(1)(a) GDPR); this con­sent may be revoked at any time.

You have the option to set up your brows­er in such a man­ner that you will be noti­fied any time cook­ies are placed and to per­mit the accep­tance of cook­ies only in spe­cif­ic cas­es. You may also exclude the accep­tance of cook­ies in cer­tain cas­es or in gen­er­al or acti­vate the delete func­tion for the auto­mat­ic erad­i­ca­tion of cook­ies when the brows­er clos­es. If cook­ies are deac­ti­vat­ed, the func­tions of this web­site may be limited.

In the event that third-party cook­ies are used or if cook­ies are used for ana­lyt­i­cal pur­pos­es, we will sep­a­rate­ly noti­fy you in con­junc­tion with this Data Protection Policy and, if applic­a­ble, ask for your consent.

Consent with Borlabs Cookie

Our web­site uses the Borlabs con­sent tech­nol­o­gy to obtain your con­sent to the stor­age of cer­tain cook­ies in your brows­er or for the use of cer­tain tech­nolo­gies and for their data pri­va­cy pro­tec­tion com­pli­ant doc­u­men­ta­tion. The provider of this tech­nol­o­gy is Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany (here­inafter referred to as Borlabs).

Whenever you vis­it our web­site, a Borlabs cook­ie will be stored in your brows­er, which archives any dec­la­ra­tions or revo­ca­tions of con­sent you have entered. These data are not shared with the provider of the Borlabs technology.

The record­ed data shall remain archived until you ask us to erad­i­cate them, delete the Borlabs cook­ie on your own or the pur­pose of stor­ing the data no longer exists. This shall be with­out prej­u­dice to any reten­tion oblig­a­tions man­dat­ed by law. To review the details of Borlabs’ data pro­cess­ing poli­cies, please vis­it https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/

We use the Borlabs cook­ie con­sent tech­nol­o­gy to obtain the dec­la­ra­tions of con­sent man­dat­ed by law for the use of cook­ies. The legal basis for the use of such cook­ies is Art. 6(1)(c) GDPR.

Server log files

The provider of this web­site and its pages auto­mat­i­cal­ly col­lects and stores infor­ma­tion in so-called serv­er log files, which your brows­er com­mu­ni­cates to us auto­mat­i­cal­ly. The infor­ma­tion comprises:

• The type and ver­sion of brows­er used
• The used oper­at­ing system
• Referrer URL
• The host­name of the access­ing computer
• The time of the serv­er inquiry
• The IP address

This data is not merged with oth­er data sources.

This data is record­ed on the basis of Art. 6(1)(f) GDPR. The oper­a­tor of the web­site has a legit­i­mate inter­est in the tech­ni­cal­ly error free depic­tion and the opti­miza­tion of the operator’s web­site. In order to achieve this, serv­er log files must be recorded.

Request by e-mail, telephone, or fax

If you con­tact us by e-mail, tele­phone or fax, your request, includ­ing all result­ing per­son­al data (name, request) will be stored and processed by us for the pur­pose of pro­cess­ing your request. We do not pass these data on with­out your consent.

These data are processed on the basis of Art. 6(1)(b) GDPR if your inquiry is relat­ed to the ful­fill­ment of a con­tract or is required for the per­for­mance of pre-contractual mea­sures. In all oth­er cas­es, the data are processed on the basis of our legit­i­mate inter­est in the effec­tive han­dling of inquiries sub­mit­ted to us (Art. 6(1)(f) GDPR) or on the basis of your con­sent (Art. 6(1)(a) GDPR) if it has been obtained.

The data sent by you to us via con­tact requests remain with us until you request us to delete, revoke your con­sent to the stor­age or the pur­pose for the data stor­age laps­es (e.g. after com­ple­tion of your request). Mandatory statu­to­ry pro­vi­sions – in par­tic­u­lar statu­to­ry reten­tion peri­ods – remain unaffected.

5. Analysis tools and advertising

Google Analytics

This web­site uses func­tions of the web analy­sis ser­vice Google Analytics. The provider of this ser­vice is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the web­site oper­a­tor to ana­lyze the behav­ior pat­terns of web­site vis­i­tors. To that end, the web­site oper­a­tor receives a vari­ety of user data, such as pages accessed, time spent on the page, the uti­lized oper­at­ing sys­tem and the user’s ori­gin. Google may con­sol­i­date these data in a pro­file that is allo­cat­ed to the respec­tive user or the user’s device.

Furthermore, Google Analytics allows us to record your mouse and scroll move­ments and clicks, among oth­er things. Google Analytics uses var­i­ous mod­el­ing approach­es to aug­ment the col­lect­ed data sets and uses machine learn­ing tech­nolo­gies in data analysis.

Google Analytics uses tech­nolo­gies that make the recog­ni­tion of the user for the pur­pose of ana­lyz­ing the user behav­ior pat­terns (e.g., cook­ies or device fin­ger­print­ing). The web­site use infor­ma­tion record­ed by Google is, as a rule trans­ferred to a Google serv­er in the United States, where it is stored.

This analy­sis tool is used on the basis of Art. 6(1)(f) GDPR. The oper­a­tor of this web­site has a legit­i­mate inter­est in the analy­sis of user pat­terns to opti­mize both, the ser­vices offered online and the operator’s adver­tis­ing activ­i­ties. If a cor­re­spond­ing agree­ment has been request­ed (e.g., an agree­ment to the stor­age of cook­ies), the pro­cess­ing takes place exclu­sive­ly on the basis of Art. 6(1)(a) GDPR; the agree­ment can be revoked at any time.

Data trans­mis­sion to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymization

On this web­site, we have acti­vat­ed the IP anonymiza­tion func­tion. As a result, your IP address will be abbre­vi­at­ed by Google with­in the mem­ber states of the European Union or in oth­er states that have rat­i­fied the Convention on the European Economic Area pri­or to its trans­mis­sion to the United States. The full IP address will be trans­mit­ted to one of Google’s servers in the United States and abbre­vi­at­ed there only in excep­tion­al cas­es. On behalf of the oper­a­tor of this web­site, Google shall use this infor­ma­tion to ana­lyze your use of this web­site to gen­er­ate reports on web­site activ­i­ties and to ren­der oth­er ser­vices to the oper­a­tor of this web­site that are relat­ed to the use of the web­site and the Internet. The IP address trans­mit­ted in con­junc­tion with Google Analytics from your brows­er shall not be merged with oth­er data in Google’s possession.

Browser plug-in

You can pre­vent the record­ing and pro­cess­ing of your data by Google by down­load­ing and installing the brows­er plu­g­in avail­able under the fol­low­ing link: https://tools.google.com/dlpage/gaoptout?hl=en.

For more infor­ma­tion about the han­dling of user data by Google Analytics, please con­sult Google’s Data Privacy Declaration at: https://support.google.com/analytics/answer/6004245?hl=en.

Contract data processing

We have exe­cut­ed a con­tract data pro­cess­ing agree­ment with Google and are imple­ment­ing the strin­gent pro­vi­sions of the German data pro­tec­tion agen­cies to the fullest when using Google Analytics.

Archiving period

Data on the user or inci­dent lev­el stored by Google linked to cook­ies, user IDs or adver­tis­ing IDs (e.g., DoubleClick cook­ies, Android adver­tis­ing ID) will be anonymized or delet­ed after 2 months. For details, please click the fol­low­ing link: https://support.google.com/analytics/answer/7667196?hl=en

Google Ads

The web­site oper­a­tor uses Google Ads. Google Ads is an online pro­mo­tion­al pro­gram of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to dis­play ads in the Google search engine or on third-party web­sites, if the user enters cer­tain search terms into Google (key­word tar­get­ing). It is also pos­si­ble to place tar­get­ed ads based on the user data Google has in its pos­ses­sion (e.g., loca­tion data and inter­ests; tar­get group tar­get­ing). As the web­site oper­a­tor, we can ana­lyze these data quan­ti­ta­tive­ly, for instance by ana­lyz­ing which search terms result­ed in the dis­play of our ads and how many ads led to respec­tive clicks.

The use of Google Ads is based on Art. 6(1)(f) GDPR. The web­site oper­a­tor has a legit­i­mate inter­est in mar­ket­ing the operator’s ser­vices and prod­ucts as effec­tive­ly as possible.

Data trans­mis­sion to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

Google Conversion-Tracking

This web­site uses Google Conversion Tracking. The provider of this ser­vice is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the assis­tance of Google Conversion Tracking, we are in a posi­tion to rec­og­nize whether the user has com­plet­ed cer­tain actions. For instance, we can ana­lyze the how fre­quent­ly which but­tons on our web­site have been clicked and which prod­ucts are reviewed or pur­chased with par­tic­u­lar fre­quen­cy. The pur­pose of this infor­ma­tion is to com­pile con­ver­sion sta­tis­tics. We learn how many users have clicked on our ads and which actions they have com­plet­ed. We do not receive any infor­ma­tion that would allow us to per­son­al­ly iden­ti­fy the users. Google as such uses cook­ies or com­pa­ra­ble recog­ni­tion tech­nolo­gies for iden­ti­fi­ca­tion purposes.

We use Google Conversion Tracking on the basis of Art. 6(1)(f) GDPR. The oper­a­tor of the web­site has a legit­i­mate inter­est in the analy­sis of the user pat­terns with the aim of opti­miz­ing both, the operator’s web pre­sen­ta­tion and adver­tis­ing. If a respec­tive dec­la­ra­tion of con­sent was request­ed (e.g., con­cern­ing the stor­age of cook­ies), pro­cess­ing shall occur exclu­sive­ly on the basis of Art. 6(1)(a) GDPR; the giv­en con­sent may be revoked at any time.

For more infor­ma­tion about Google Conversion Tracking, please review Google’s data pro­tec­tion pol­i­cy at: https://policies.google.com/privacy?hl=en

6. Newsletter

Newsletter data

If you would like to receive the newslet­ter offered on the web­site, we require an e-mail address from you as well as infor­ma­tion that allows us to ver­i­fy that you are the own­er of the e-mail address pro­vid­ed and that you agree to receive the newslet­ter. Further data is not col­lect­ed or only on a vol­un­tary basis. For the han­dling of the newslet­ter, we use newslet­ter ser­vice providers, which are described below.

Sendinblue

This web­site uses Sendinblue for the send­ing of newslet­ters. The provider is the Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Sendinblue ser­vices can, among oth­er things, be used to orga­nize and ana­lyze the send­ing of newslet­ters. The data you enter for the pur­pose of sub­scrib­ing to the newslet­ter are archived on Sendinblue’s servers in Germany.

Data analysis by Sendinblue

Sendinblue enables us to ana­lyze our newslet­ter cam­paigns. For instance, it allows us to see whether a newslet­ter mes­sage has been opened and, if so, which links may have been clicked. This enables us to deter­mine, which links drew an extra­or­di­nary num­ber of clicks.

Moreover, we are also able to see whether once the e-mail was opened or a link was clicked, any pre­vi­ous­ly defined actions were tak­en (con­ver­sion rate). This allows us to deter­mine whether you have made a pur­chase after click­ing on the newsletter.

Sendinblue also enables us to divide the sub­scribers to our newslet­ter into var­i­ous cat­e­gories (i.e., to “clus­ter” recip­i­ents). For instance, newslet­ter recip­i­ents can be cat­e­go­rized based on age, gen­der, or place of res­i­dence. This enables us to tai­lor our newslet­ter more effec­tive­ly to the needs of the respec­tive tar­get groups.

If you do not want to per­mit an analy­sis by Sendinblue, you must unsub­scribe from the newslet­ter. We pro­vide a link for you to do this in every newslet­ter mes­sage. Moreover, you can also unsub­scribe from the newslet­ter right on the website.

For detailed infor­ma­tion on the func­tions of Sendinblue please fol­low this link: https://www.sendinblue.com/newsletter-software/.

Legal basis

The data is processed based on your con­sent (Art. 6(1)(a) GDPR). You may revoke any con­sent you have giv­en at any time by unsub­scrib­ing from the newslet­ter. This shall be with­out prej­u­dice to the law­ful­ness of any data pro­cess­ing trans­ac­tions that have tak­en place pri­or to your revocation.

Storage period

The data deposit­ed with us for the pur­pose of sub­scrib­ing to the newslet­ter will be stored by us until you unsub­scribe from the newslet­ter or the newslet­ter ser­vice provider and delet­ed from the newslet­ter dis­tri­b­u­tion list after you unsub­scribe from the newslet­ter. Data stored for oth­er pur­pos­es with us remain unaffected.

After you unsub­scribe from the newslet­ter dis­tri­b­u­tion list, your e-mail address may be stored by us or the newslet­ter ser­vice provider in a black­list to pre­vent future mail­ings. The data from the black­list is used only for this pur­pose and not merged with oth­er data. This serves both your inter­est and our inter­est in com­ply­ing with the legal require­ments when send­ing newslet­ters (legit­i­mate inter­est with­in the mean­ing of Art. 6(1)(f) GDPR). The stor­age in the black­list is indef­i­nite. You may object to the stor­age if your inter­ests out­weigh our legit­i­mate interest.

For more details, please con­sult the Data Protection Regulations of Sendinblue at: https://de.sendinblue.com/datenschutz-uebersicht/.

Data processing

We have con­clud­ed a data pro­cess­ing agree­ment (DPA) with the above-mentioned provider. This is a con­tract man­dat­ed by data pri­va­cy laws that guar­an­tees that they process per­son­al data of our web­site vis­i­tors only based on our instruc­tions and in com­pli­ance with the GDPR.

7. Plug-ins and Tools

Vimeo Without Tracking (Do-Not-Track)

This web­site uses plu­g­ins of the Vimeo video por­tal. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

Whenever you vis­it one of our pages fea­tur­ing Vimeo videos, a con­nec­tion with the servers of Vimeo is estab­lished. In con­junc­tion with this, the Vimeo serv­er receives infor­ma­tion about which of our sites you have vis­it­ed. Vimeo also receives your IP address. However, we have set up Vimeo in such a way that Vimeo can­not track your user activ­i­ties and does not place any cookies.

We use Vimeo to make our online pre­sen­ta­tion attrac­tive for you. This is a legit­i­mate inter­est on our part pur­suant to Art. 6(1)(f) GDPR. If a respec­tive dec­la­ra­tion of con­sent was request­ed (e.g. con­cern­ing the stor­age of cook­ies), pro­cess­ing shall occur exclu­sive­ly on the basis of Art. 6(1)(a) GDPR; the giv­en con­sent may be revoked at any time.

Data trans­mis­sion to the US is based on the Standard Contractual Clauses (SCC) of the European Commission and, accord­ing to Vimeo, on “legit­i­mate busi­ness inter­ests”. Details can be found here: https://vimeo.com/privacy.

For more infor­ma­tion on the han­dling of user data, please con­sult Vimeo’s data pri­va­cy pol­i­cy at: https://vimeo.com/privacy

Google Web Fonts (local embedding)

This web­site uses so-called Web Fonts pro­vid­ed by Google to ensure the uni­form use of fonts on this site. These Google fonts are local­ly installed so that a con­nec­tion to Google’s servers will not be estab­lished in con­junc­tion with this application.

For more infor­ma­tion on Google Web Fonts, please fol­low this link: https://developers.google.com/fonts/faq and con­sult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.

Font Awesome (local embedding)

This web­site uses Font Awesome to ensure the uni­form use of fonts on this site. Font Awesome is local­ly installed so that a con­nec­tion to Fonticons, Inc.’s servers will not be estab­lished in con­junc­tion with this application.

For more infor­ma­tion on Font Awesome, please and con­sult the Data Privacy Declaration for Font Awesome under: https://fontawesome.com/privacy.

Google Maps

This web­site uses the map­ping ser­vice Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To enable the use of the Google Maps fea­tures, your IP address must be stored. As a rule, this infor­ma­tion is trans­ferred to one of Google’s servers in the United States, where it is archived. The oper­a­tor of this web­site has no con­trol over the data trans­fer. In case Google Maps has been acti­vat­ed, Google has the option to use Google web fonts for the pur­pose of the uni­form depic­tion of fonts. When you access Google Maps, your brows­er will load the required web fonts into your brows­er cache, to cor­rect­ly dis­play text and fonts.

We use Google Maps to present our online con­tent in an appeal­ing man­ner and to make the loca­tions dis­closed on our web­site easy to find. This con­sti­tutes a legit­i­mate inter­est as defined in Art. 6(1)(f) GDPR. If a respec­tive dec­la­ra­tion of con­sent has been obtained, the data shall be processed exclu­sive­ly on the basis of Art. 6(1)(a) GDPR. This dec­la­ra­tion of con­sent may be revoked at any time.

Data trans­mis­sion to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

For more infor­ma­tion on the han­dling of user data, please review Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.

iThemes Security

We have inte­grat­ed iThemes Security into this web­site. The provider is iThemes Media LLC, 1720 South Kelly Avenue Edmond, OK 73013, USA (here­inafter referred to as iThemes Security).

iThemes Security pro­tects our web­site against unde­sir­able access or mali­cious cyber-attacks. For this pur­pose, iThemes Security records, among oth­er things, your IP address, the time, and source of login attempts and log files (e.g., the uti­lized brows­er). iThemes Security is installed local­ly on our servers.

iThemes Security trans­mits IP address­es of recur­ring attack­ers to a cen­tral data­base of iThemes in the US (Network Brute Force Protection) to pre­vent such attacks in the future.

The use of iThemes Security is based on Art. 6(1)(f) GDPR. The web­site oper­a­tor has a legit­i­mate inter­est in pro­tect­ing its web­site opti­mal­ly against cyber-attacks. If your respec­tive con­sents have been request­ed, pro­cess­ing shall occur exclu­sive­ly on the basis of Art. 6(1)(a) GDPR; you may revoke such con­sent at any time.

8. Custom Services

Job Applications

We offer web­site vis­i­tors the oppor­tu­ni­ty to sub­mit job appli­ca­tions to us (e.g., via e-mail, via postal ser­vices on by sub­mit­ting the online job appli­ca­tion form). Below, we will brief you on the scope, pur­pose and use of the per­son­al data col­lect­ed from you in con­junc­tion with the appli­ca­tion process. We assure you that the col­lec­tion, pro­cess­ing and use of your data will occur in com­pli­ance with the applic­a­ble data pri­va­cy rights and all oth­er statu­to­ry pro­vi­sions and that your data will always be treat­ed as strict­ly confidential.

Scope and purpose of the collection of data

If you sub­mit a job appli­ca­tion to us, we will process any affil­i­at­ed per­son­al data (e.g., con­tact and com­mu­ni­ca­tions data, appli­ca­tion doc­u­ments, notes tak­en dur­ing job inter­views, etc.), if they are required to make a deci­sion con­cern­ing the estab­lish­ment or an employ­ment rela­tion­ship. The legal grounds for the afore­men­tioned are § 26 GDPR accord­ing to German Law (Negotiation of an Employment Relationship), Art. 6(1)(b) GDPR (General Contract Negotiations) and – pro­vid­ed you have giv­en us your con­sent – Art. 6(1)(a) GDPR. You may revoke any con­sent giv­en at any time. Within our com­pa­ny, your per­son­al data will only be shared with indi­vid­u­als who are involved in the pro­cess­ing of your job application.

If your job appli­ca­tion should result in your recruit­ment, the data you have sub­mit­ted will be archived on the grounds of § 26 GDPR and Art. 6(1)(b) GDPR for the pur­pose of imple­ment­ing the employ­ment rela­tion­ship in our data pro­cess­ing system.

Data Archiving Period

If we are unable to make you a job offer or you reject a job offer or with­draw your appli­ca­tion, we reserve the right to retain the data you have sub­mit­ted on the basis of our legit­i­mate inter­ests (Art. 6(1)(f) GDPR) for up to 6 months from the end of the appli­ca­tion pro­ce­dure (rejec­tion or with­draw­al of the appli­ca­tion). Afterwards the data will be delet­ed, and the phys­i­cal appli­ca­tion doc­u­ments will be destroyed. The stor­age serves in par­tic­u­lar as evi­dence in the event of a legal dis­pute. If it is evi­dent that the data will be required after the expiry of the 6-month peri­od (e.g., due to an impend­ing or pend­ing legal dis­pute), dele­tion will only take place when the pur­pose for fur­ther stor­age no longer applies.

Longer stor­age may also take place if you have giv­en your agree­ment (Article 6(1)(a) GDPR) or if statu­to­ry data reten­tion require­ments pre­clude the deletion.