Privacy Policy

Preamble

With the following privacy policy, we aim to inform you about the types of your personal data (hereinafter also referred to as "Data") we process, for what purposes, and to what extent. This privacy policy applies to all personal data processing activities we carry out, both in the context of providing our services and particularly on our websites, in mobile applications, and within external online presences, such as our social media profiles (collectively referred to as "Online Offer").

The terms used are not gender-specific.

Effective Date: December 9, 2024

Table of Contents

Data Controller

onsector GmbH
Vladyslav Pakhalovych
Hagenbacher Strasse 6
76187 Karlsruhe
Germany

Email Address: vladyslav.pakhalovych@onsector.de

Legal Disclosure: https://onsector.de/contact-us/

Overview of Processing Activities

The following overview summarizes the types of processed data and the purposes of their processing and refers to the affected persons.

Types of Processed Data

  • Inventory Data
  • Payment Data
  • Contact Data
  • Content Data
  • Contract Data
  • Usage Data
  • Meta-, Communication-, and Procedural Data
  • Log Data

Categories of Data Subjects

  • Service Recipients and Clients
  • Prospects
  • Communication Partners
  • Users
  • Business and Contract Partners

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations
  • Communication
  • Security Measures
  • Direct Marketing
  • Reach Measurement
  • Office and Organizational Procedures
  • Organizational and Administrative Procedures
  • Feedback
  • Marketing
  • Profiles with User-Related Information
  • Provision of our Online Offer and User-Friendliness
  • Information Technology Infrastructure
  • Public Relations
  • Sales Promotion
  • Business Processes and Economic Procedures

Applicable Legal Bases

Applicable Legal Bases under GDPR: Below is an overview of the GDPR's legal bases on which we process personal data. Please note that in addition to the GDPR regulations, national data protection requirements in your or our country of residence or establishment may apply. Should more specific legal bases be applicable in individual cases, we will inform you about them in the privacy policy.

  • Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Contract Fulfillment and Pre-Contractual Inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) – Processing is necessary for the fulfillment of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.
  • Legal Obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided that the interests, rights, and freedoms of the data subject do not override those interests.

National Data Protection Regulations in Germany: In addition to the GDPR data protection regulations, national data protection regulations in Germany apply. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and the transfer as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of individual federal states may apply.

Reference to GDPR and Swiss DSG Applicability: These privacy notices serve both to provide information under the Swiss Data Protection Act (DSG) and the General Data Protection Regulation (GDPR). Therefore, please note that due to the broader spatial application and comprehensibility, the terms of the GDPR are used. Specifically, instead of the terms used in the Swiss DSG such as "processing" of "personal data," "overriding interest," and "particularly protected personal data," the GDPR terms "processing" of "personal data," "legitimate interest," and "special categories of data" are used. However, the legal meaning of the terms remains determined under the Swiss DSG where applicable.

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with legal requirements and considering the state of the art, the implementation costs, and the nature, scope, context, and purposes of processing as well as the likelihood and severity of varying risks to the rights and freedoms of natural persons.

These measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to data as well as access related to the data, input, transfer, ensuring availability, and their separation. Furthermore, we have established procedures that ensure the exercise of data subjects' rights, the deletion of data, and responses to data endangerment. We also consider the protection of personal data during the development or selection of hardware, software, and procedures in accordance with the principles of data protection by design and by default.

ecuring Online Connections through TLS/SSL Encryption Technology (HTTPS): To protect users' data transmitted through our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.

Transfer of Personal Data

In the course of our processing of personal data, it may occur that this data is transferred to other entities, companies, legally independent organizational units, or persons. Recipients of this data may include, for example, service providers tasked with IT duties or providers of services and content embedded in a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

International Data Transfers

Data Processing in Third Countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if the processing takes place within the framework of using third-party services or the disclosure or transfer of data to other persons, entities, or companies, this only occurs in accordance with legal requirements. If the data protection level in the third country has been recognized by an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers only occur if the data protection level is otherwise ensured, particularly through standard contractual clauses (Art. 46 para. 2 lit. c) GDPR), explicit consent, or in the case of contractual or legally required transfers (Art. 49 para. 1 GDPR). Furthermore, we inform you about the bases for third-country transfers for individual providers from the third country, where adequacy decisions take precedence as bases. Information on third-country transfers and existing adequacy decisions can be found in the EU Commission's information offer: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de. Under the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the data protection level for certain companies from the USA as secure within the framework of the adequacy decision dated July 10, 2023. You can find the list of certified companies as well as further information about the DPF on the website of the U.S. Department of Commerce: https://www.dataprivacyframework.gov/ (in English). We inform you within the privacy notices which service providers we use that are certified under the Data Privacy Framework.

General Information on Data Storage and Deletion

We delete personal data we process in accordance with legal provisions as soon as the underlying consents are withdrawn or no further legal bases for processing exist. This applies to cases where the original processing purpose ceases or the data is no longer needed. Exceptions to this rule exist if legal obligations or special interests require longer storage or archiving of the data.

In particular, data that must be retained for commercial or tax reasons or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons must be archived accordingly.

Our privacy notices contain additional information on the retention and deletion of data that apply specifically to certain processing processes.

When multiple indications are given regarding the retention period or deletion deadlines of a date, the longest period always applies.

If a period does not explicitly begin on a specific date and is at least one year long, it automatically starts at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships within the framework of which data is stored, the event triggering the period is the effective date of termination or other termination of the legal relationship.

Data that is no longer needed for the originally intended purpose but is retained due to legal requirements or other reasons is processed exclusively for the reasons justifying its retention.

Additional Information on Processing Processes, Procedures, and Services:

  • Retention and Deletion of Data: The following general periods apply for retention and archiving under German law:
    • 10 years: Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as the work instructions and other organizational documents required for their understanding, booking documents, and invoices (§ 147 Abs. 3 in conjunction with Abs. 1 No. 1, 4, and 4a AO; § 14b Abs. 1 UStG; § 257 Abs. 1 No. 1 and 4 HGB).
    • 6 years: Remaining business documents: received commercial or business letters, copies of sent commercial or business letters, other documents as long as they are relevant for taxation, e.g., hourly wage slips, operational accounting sheets, calculation documents, price labels, but also payroll documents as long as they are not already booking documents and cash receipts (§ 147 Abs. 3 in conjunction with Abs. 1 No. 2, 3, 5 AO; § 257 Abs. 1 No. 2 and 3, Abs. 4 HGB).
    • 3 years: Data necessary to consider potential warranty and compensation claims or similar contractual claims and rights, as well as related inquiries, based on previous business experiences and usual industry practices, are stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).

Rights of Data Subjects

Rights of Data Subjects under GDPR: As a data subject, you have various rights under the GDPR, particularly arising from Art. 15 to 21 GDPR:

  • Right to Object: You have the right to object at any time to the processing of your personal data for reasons arising from your particular situation, based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes; this also applies to profiling insofar as it is related to such direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw your given consents at any time.
  • Right to Information: You have the right to obtain confirmation as to whether personal data concerning you is being processed, and to obtain information about this data and a copy of the data in accordance with legal provisions.
  • Right to Rectification: You have the right to demand the completion of your personal data or the correction of inaccurate personal data concerning you in accordance with legal provisions.
  • Right to Erasure and Restriction of Processing: You have the right to demand that personal data concerning you is deleted without delay, or alternatively, to demand a restriction of processing of the data in accordance with legal provisions.
  • Right to Data Portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format or to demand its transmission to another controller in accordance with legal provisions.
  • Right to Lodge a Complaint with a Supervisory Authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your habitual residence, your place of work, or the place where the alleged infringement occurred, if you believe that the processing of your personal data violates the GDPR.

Business Services

We process data of our contractual and business partners, e.g., customers and prospects (collectively referred to as "Contract Partners"), within the framework of contractual and comparable legal relationships as well as associated measures and in relation to communication with contract partners (or pre-contractually), for example, to respond to inquiries.

We use this data to fulfill our contractual obligations. This includes, in particular, obligations to provide the agreed services, any update obligations, and remedies in the event of warranty and other service disruptions. Additionally, we use the data to safeguard our rights and for administrative tasks associated with these obligations as well as for company organization. Furthermore, we process the data based on our legitimate interests both in proper and economic business management and in security measures to protect our contract partners and our business operations from misuse, endangerment of their data, secrets, information, and rights (e.g., involving telecommunications, transportation, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities). Under applicable law, we only disclose contract partner data to third parties insofar as this is necessary for the aforementioned purposes or to fulfill legal obligations. Contract partners are informed about other forms of processing, such as for marketing purposes, within the framework of this privacy policy.

We inform contract partners in advance or within the framework of data collection, e.g., in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks or similar), or personally, which data is necessary for the aforementioned purposes.

We delete the data after the expiration of statutory warranty and comparable obligations, i.e., generally after four years, unless the data is stored in a customer account, e.g., as long as it must be retained for archival purposes due to legal reasons (typically ten years for tax purposes). Data disclosed to us by the contract partner within the framework of an order is deleted in accordance with the specifications and generally after the end of the order.

  • Processed Data Types: Inventory Data (e.g., full name, residential address, contact information, customer number, etc.); Payment Data (e.g., bank connections, invoices, payment history); Contact Data (e.g., postal and email addresses or phone numbers); Contract Data (e.g., subject of the contract, duration, customer category).
  • Data Subjects: Service recipients and clients; prospects; business and contract partners.
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; communication; office and organizational procedures; organizational and administrative procedures; business processes and economic procedures.
  • Retention and Deletion: Deletion in accordance with the information provided in the "General Information on Data Storage and Deletion" section.
  • Legal Bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal Obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR); Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Additional Information on Processing Processes, Procedures, and Services:

  • Project and Development Services: We process the data of our customers and clients (collectively referred to as "Customers") to enable them to select, acquire, or commission the chosen services or works as well as associated activities, as well as their payment and provision or execution or delivery.

    The necessary information is marked as such within the framework of the order, purchase, or comparable contractual conclusion and includes the information required for service provision and billing as well as contact information to facilitate any necessary consultations. To the extent that we gain access to information about end customers, employees, or other persons, we process this in accordance with legal and contractual requirements. Legal Bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
  • Offer of Software and Platform Services: We process the data of our users, registered and potential test users (collectively referred to as "Users"), to provide them with our contractual services and based on legitimate interests to ensure the security of our offer and to further develop it. The necessary information is marked as such within the framework of the order, purchase, or comparable contractual conclusion and includes the information required for service provision and billing as well as contact information to facilitate any necessary consultations. Legal Bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
  • Technical Services: We process the data of our customers and clients (collectively referred to as "Customers") to enable them to select, acquire, or commission the chosen services or works as well as associated activities, as well as their payment and provision or execution or delivery.

    The necessary information is marked as such within the framework of the order, purchase, or comparable contractual conclusion and includes the information required for service provision and billing as well as contact information to facilitate any necessary consultations. To the extent that we gain access to information about end customers, employees, or other persons, we process this in accordance with legal and contractual requirements. Legal Bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Provision of the Online Offer and Web Hosting

We process users' data to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

  • Processed Data Types: Usage Data: (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta-, Communication-, and Procedural Data: (e.g., IP addresses, timestamps, identification numbers, involved persons); Log Data: (e.g., logfiles regarding logins or data retrieval or access times); Content Data: (e.g., textual or visual messages and contributions as well as information related to them, such as author information or time of creation).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices such as computers, servers, etc.); Security measures
  • Retention and Deletion: Deletion in accordance with the information provided in the "General Information on Data Storage and Deletion" section.
  • Legal Bases: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)

Additional Information on Processing Processes, Procedures, and Services:

  • Collection of Access Data and Logfiles: Access to our online offer is logged in the form of so-called "server logfiles." Server logfiles may include the address and name of the retrieved websites and files, date and time of retrieval, data volumes transferred, notification of successful retrieval, browser type and version, user's operating system, referrer URL (the previously visited page), and generally IP addresses and the requesting provider. Server logfiles can be used for security purposes, e.g., to prevent server overload (especially in the case of abusive attacks, so-called DDoS attacks), and to ensure server load and stability; Legal Bases: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) Deletion of Data: Logfile information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further retention is required for evidentiary purposes is excluded from deletion until the respective incident is finally resolved.
  • STRATO: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacities); Service Provider: STRATO AG, Pascalstrasse 10,10587 Berlin, Germany; Legal Bases: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.strato.de; Privacy Policy https://www.strato.de/datenschutz/. Data Processing Agreement: Provided by the service provider.
  • WordPress.com: Hosting und Software für die Erstellung, Bereitstellung und den Betrieb von Websites, Blogs und anderen Onlineangeboten; Service Provider: Hosting and software for creating, providing, and operating websites, blogs, and other online offers; Service Provider: Automattic A8C Irland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin D02 AY86, Ireland; Legal Bases: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://wordpress.com; Privacy Policy https://automattic.com/de/privacy/; Data Processing Agreement: https://wordpress.com/support/data-processing-agreements/. Basis for Third-Country Transfers: Data Privacy Framework (DPF).

Use of Cookies

Under the term "cookies," we understand functions that store and read information on users' devices. Cookies can also be used for different purposes, such as ensuring the functionality, security, and comfort of online offers as well as creating analyses of visitor flows. We use cookies in accordance with legal regulations. To this end, we obtain users' consent in advance when necessary. If consent is not required, we rely on our legitimate interests. This applies if storing and reading information is essential to provide expressly requested content and functions. This includes, for example, the storage of settings as well as ensuring the functionality and security of our online offer. Consent can be revoked at any time. We clearly inform about their scope and which cookies are used.

Notes on Legal Bases for Data Protection: Whether we process personal data using cookies depends on consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.

Storage Duration: Regarding the storage duration, the following types of cookies are distinguished:

  • Temporary Cookies (also: Session Cookies): Temporary cookies are deleted at the latest after a user leaves an online offer and closes their device (e.g., browser or mobile application).
  • Permanent Cookies: Permanent cookies remain stored even after closing the device. For example, login status can be saved, and preferred content can be displayed directly when the user revisits a website. Similarly, user data collected via cookies can be used for reach measurement. If we do not provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), they should assume that these are permanent and that the storage duration can be up to two years.

General Information on Revocation and Objection (Opt-out): Users can revoke their given consents at any time and can also object to the processing in accordance with legal provisions, including via the privacy settings of their browser.

  • Processed Data Types: Meta-, Communication-, and Procedural Data: (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Legal Bases: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Additional Information on Processing Processes, Procedures, and Services:

  • Processing of Cookie Data Based on Consent: We use a consent management solution that obtains users' consent for the use of cookies or the procedures and providers mentioned within the consent management solution. This procedure serves to obtain, record, manage, and revoke consents, particularly regarding the use of cookies and similar technologies used to store, read, and process information on users' devices. Within this procedure, users' consents for the use of cookies and the associated processing of information, including the specific processing and providers mentioned in the consent management procedure, are obtained. Users also have the option to manage and revoke their consents. The consent declarations are stored to avoid repeated requests and to provide proof of consent in accordance with legal requirements. Storage occurs server-side and/or in a cookie (so-called opt-in cookie) or using similar technologies to associate the consent with a specific user or their device. If no specific information about the providers of consent management services is provided, the following general notes apply: The storage duration of the consent is up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, information about the scope of consent (e.g., relevant categories of cookies and/or service providers), and information about the browser, system, and device used. Legal Bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legal Bases: Einwilligung (Art. 6 Abs. 1 S. 1 lit. a) DSGVO).

Contact and Inquiry Management

When contacting us (e.g., by mail, contact form, email, phone, or via social media) and within the framework of existing user and business relationships, the information of the requesting persons is processed as long as this is necessary to answer the contact inquiries and any requested measures.

  • Processed Data Types: Inventory Data: (e.g., full name, residential address, contact information, customer number, etc.); Contact Data: (e.g., postal and email addresses or phone numbers); Content Data: (e.g., textual or visual messages and contributions as well as information related to them, such as author information or time of creation); Usage Data: (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta-, Communication-, and Procedural Data: (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Data Subjects: Communication Partners
  • Purposes of Processing: Communication; Organizational and Administrative Procedures; Feedback (e.g., collecting feedback via online form); Provision of our online offer and user-friendliness
  • Retention and Deletion: Deletion in accordance with the information provided in the "General Information on Data Storage and Deletion" section.
  • Legal Bases: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Additional Information on Processing Processes, Procedures, and Services:

  • Contact Form: When contacting us via our contact form, email, or other communication channels, we process the personal data transmitted to us to respond to and handle the respective concern. This generally includes information such as name, contact information, and possibly additional information provided to us that is necessary for appropriate handling. We use this data exclusively for the stated purpose of contact and communication. Legal Bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Promotional Communication via Email, Mail, Fax, or Phone

We process personal data for purposes of promotional communication, which can be conducted through various channels, such as email, phone, mail, or fax, in accordance with legal requirements.

Recipients have the right to revoke given consents at any time or to object to promotional communication at any time.

After revocation or objection, we store the data necessary to prove the previous authorization for up to three years after the end of the year in which the revocation or objection occurred based on our legitimate interests. The processing of this data is limited to the purpose of potentially defending claims. Based on the legitimate interest to permanently observe users' revocations or objections, we also store the data necessary to avoid repeated contact (e.g., email address, phone number, name depending on the communication channel).

  • Processed Data Types: Inventory Data: (e.g., full name, residential address, contact information, customer number, etc.); Contact Data: (e.g., postal and email addresses or phone numbers); Content Data: (e.g., textual or visual messages and contributions as well as information related to them, such as author information or time of creation).
  • Data Subjects: Communication Partners
  • Purposes of Processing: Direct Marketing (e.g., via email or postal mail); Marketing; Sales Promotion.
  • Retention and Deletion: Deletion in accordance with the information provided in the "General Information on Data Storage and Deletion" section.
  • Legal Bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Web Analytics, Monitoring, and Optimization

Web analytics (also referred to as "reach measurement") serves the evaluation of visitor flows of our online offer and can include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognize at what times our online offer or its functions or content are most frequently used or invite reuse. It also allows us to determine which areas need optimization.

In addition to web analytics, we may also use testing procedures to test and optimize different versions of our online offer or its components.

Unless otherwise stated below, profiles—data aggregated for a usage process—and information can be created and stored in a browser or on a device and then read for these purposes. The collected information includes, in particular, visited websites and elements used there as well as technical information, such as the browser used, the computer system used, and usage times. If users have consented to the collection of their location data to us or to the providers of the services we use, location data processing is also possible.

Furthermore, users' IP addresses are stored. However, we use an IP masking procedure (i.e., pseudonymization by truncating the IP address) to protect users. In general, no clear data of users (such as email addresses or names) are stored during web analytics, A/B testing, and optimization, but pseudonyms are used. This means that neither we nor the providers of the used software know the actual identity of the users, only the information stored in their profiles for the purposes of the respective procedures.

Notes on Legal Bases: If we request users' consent for the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economic, and user-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

  • Processed Data Types: Usage Data: (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta-, Communication-, and Procedural Data: (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Reach Measurement (e.g., access statistics, recognition of returning visitors); Profiles with User-Related Information (creating user profiles); Provision of our online offer and user-friendliness.
  • Retention and Deletion: Deletion in accordance with the information provided in the "General Information on Data Storage and Deletion" section. Storage of Cookies: Up to 2 years (unless otherwise specified, cookies and similar storage methods can be stored on users' devices for up to two years).
  • Security Measures: IP Masking (pseudonymization of the IP address).
  • Legal Bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Additional Information on Processing Processes, Procedures, and Services:

  • Google Analytics: We use Google Analytics to measure and analyze the use of our online offer based on a pseudonymous user identification number. This identification number does not contain unique data such as names or email addresses. It serves to assign analysis information to an end device to determine which content users have accessed within one or various usage processes, which search terms they have used, have accessed them again, or interacted with our online offer. The time of use and its duration, as well as the sources of users referring to our online offer and technical aspects of their devices and browsers, are also stored.
    Pseudonymous profiles of users are created with information from the use of different devices, where cookies can be used. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides rough geographical location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). In the case of EU data traffic, IP address data is used solely for deriving geolocation data before being immediately deleted. They are not logged, are not accessible, and are not used for further purposes. When Google Analytics collects measurement data, all IP queries are carried out on EU-based servers before traffic is forwarded to Analytics servers for processing; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal Bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Security Measures: IP Masking (pseudonymization of the IP address); Privacy Policy https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms/; Basis for Third-Country Transfers: Data Privacy Framework (DPF); Opt-Out: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for the display of advertisements https://myadcenter.google.com/personalizationoff. More Information: https://business.safety.google/adsservices/ (Types of processing as well as the processed data).
  • Google Tag Manager: We use Google Tag Manager, a software by Google, which allows us to centrally manage so-called website tags through a user interface. Tags are small code elements on our website that serve to capture and analyze visitor activities. This technology helps us improve our website and the content offered on it. Google Tag Manager itself does not create user profiles, does not store cookies with user profiles, and does not perform independent analyses. Its function is limited to simplifying and making the integration and management of tools and services we use on our website more efficient. Nevertheless, when using Google Tag Manager, users' IP addresses are transmitted to Google, which is technically necessary to implement the services we use. Cookies may also be set in the process. However, this data processing only occurs if services are integrated via the Tag Manager. For more detailed information on these services and their data processing, we refer you to the further sections of this privacy policy; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal Bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://marketingplatform.google.com; Privacy Policy https://policies.google.com/privacy; Data Processing Agreement:
    https://business.safety.google/adsprocessorterms. Basis for Third-Country Transfers: Data Privacy Framework (DPF).

Social Media Presences

We maintain online presences within social networks and process user data within this framework to communicate with active users there or to provide information about us.

We point out that in doing so, user data may be processed outside the European Union. This can pose risks for users because, for example, the enforcement of user rights could be made more difficult.

Furthermore, users' data within social networks is generally processed for market research and advertising purposes. For example, based on users' behavior and resulting interests, usage profiles can be created. These may, in turn, be used to display advertisements within and outside the networks that presumably match the users' interests. Therefore, cookies are generally stored on users' computers in which users' behavior and interests are saved. Additionally, data can also be stored in the usage profiles independently of the devices used by the users (especially if they are members of the respective platforms and logged in there).

For a detailed presentation of the respective processing forms and objection options (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

Even in the case of information requests and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers. Only the latter have access to the user data and can directly take appropriate measures and provide information. If you still need assistance, you can contact us.

  • Processed Data Types: Contact Data: (e.g., postal and email addresses or phone numbers); Content Data: (e.g., textual or visual messages and contributions as well as information related to them, such as author information or time of creation); Usage Data: (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Communication; Feedback (e.g., collecting feedback via online form); Public Relations.
  • Retention and Deletion: Deletion in accordance with the information provided in the "General Information on Data Storage and Deletion" section.
  • Legal Bases: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)

Additional Information on Processing Processes, Procedures, and Services:

  • LinkedIn: Social Network – Together with LinkedIn Ireland Unlimited Company, we are responsible for the collection (but not further processing) of data from visitors used to create the "Page Insights" (statistics) of our LinkedIn profiles. This data includes information about the types of content users view or interact with, as well as actions they take. Additionally, details about the devices used are collected, such as IP addresses, operating system, browser type, language settings, and cookie data, as well as information from user profiles, such as job function, country, industry, hierarchy level, company size, and employment status. Privacy information on the processing of user data by LinkedIn can be found in LinkedIn's privacy notices: https://www.linkedin.com/legal/privacy-policy.
    We have concluded a special agreement with LinkedIn Ireland ("Page Insights Joint Controller Addendum", https://legal.linkedin.com/pages-joint-controller-addendum), which regulates, in particular, the security measures LinkedIn must observe and in which LinkedIn has committed to fulfilling the rights of data subjects (i.e., users can direct information or deletion requests directly to LinkedIn). The rights of users (in particular the right to information, deletion, objection, and complaint with the competent supervisory authority) are not restricted by the agreements with LinkedIn. Joint responsibility is limited to the collection and transmission of data to LinkedIn Ireland Unlimited Company, a company based in the EU. Further processing of the data is exclusively the responsibility of LinkedIn Ireland Unlimited Company, particularly regarding the transfer of data to the parent company LinkedIn Corporation in the USA; Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland; Legal Bases: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.linkedin.com; Privacy Policy https://www.linkedin.com/legal/privacy-policy; Basis for Third-Country Transfers: Data Privacy Framework (DPF). Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • Xing: Social Network; Service Provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany; Legal Bases: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.xing.com/. Privacy Policy https://privacy.xing.com/en/privacy-policy.

Plug-ins and Embedded Functions as well as Content

We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as "Third Parties"). These can be, for example, graphics, videos, or maps (collectively referred to as "Content").

Integration always requires that the third-party providers of these contents process the users' IP addresses, as they could not send the content to the users' browsers without an IP address. The IP address is therefore necessary for the display of these contents or functions. We strive to use only such content whose providers apply the IP address solely for the delivery of the contents. Third parties can also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Through "pixel tags," information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information can also be stored in cookies on the users' devices and may include technical information about the browser and operating system, referring websites, visit times, and other usage details of our online offer, but can also be linked to such information from other sources.

Notes on Legal Bases: If we request users' consent for the use of third parties, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economic, and user-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

  • Processed Data Types: Usage Data: (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta-, Communication-, and Procedural Data: (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our Online Offer and User-Friendliness
  • Retention and Deletion: Deletion in accordance with the information provided in the "General Information on Data Storage and Deletion" section. Storage of Cookies: Up to 2 years (unless otherwise specified, cookies and similar storage methods can be stored on users' devices for up to two years).
  • Legal Bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Additional Information on Processing Processes, Procedures, and Services:

  • Google Fonts (Access from Google Server): Accessing fonts (and symbols) for the purpose of technically secure, maintenance-free, and efficient use of fonts and symbols regarding currency and loading times, their uniform display, and consideration of possible licensing restrictions. The font provider is informed of the user's IP address to provide the fonts in the user's browser. Additionally, technical data (language settings, screen resolution, operating system, hardware used) are transmitted, which are necessary for providing the fonts depending on the devices used and the technical environment. This data can be processed on a server of the font provider in the USA – When visiting our online offer, users' browsers send their browser HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) from Google Fonts and subsequently the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user-agent, which describes the browser and operating system versions of the website visitors, as well as the referrer URL (i.e., the website where the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers and are not analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user-agent, and referrer URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families the user wishes to load. This data is logged so that Google can determine how often a particular font family is requested. In the Google Fonts Web API, the user-agent must adjust the font generated for the respective browser type. The user-agent is primarily logged for debugging purposes and used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the "Analytics" page of Google Fonts. Finally, the referrer URL is logged so that the data can be used for production maintenance and an aggregated report on the top integrations based on the number of font requests can be generated. According to its own statements, Google does not use any of the information collected by Google Fonts to create profiles of end users or to display targeted advertisements. Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal Bases: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://fonts.google.com/; Privacy Policy https://policies.google.com/privacy; Basis for Third-Country Transfers: Data Privacy Framework (DPF). More Information: https://developers.google.com/fonts/faq/privacy?hl=de.

Definitions of Terms

In this section, you will find an overview of the terms used in this privacy policy. Where terms are legally defined, their legal definitions apply. The following explanations are intended primarily for understanding.

  • Inventory Data: Inventory data includes essential information necessary for the identification and management of contract partners, user accounts, profiles, and similar associations. This data may include personal and demographic information such as names, contact information (addresses, phone numbers, email addresses), birth dates, and specific identifiers (user IDs). Inventory data forms the basis for any formal interaction between individuals and services, institutions, or systems by enabling unique association and communication.
  • Content Data: Content data includes information generated in the course of creating, editing, and publishing content of all kinds. This category of data can include texts, images, videos, audio files, and other multimedia content published on various platforms and media. Content data is not limited to the actual content but also includes metadata that provides information about the content itself, such as tags, descriptions, author information, and publication dates.
  • Contact Data: Contact data are essential information that enables communication with individuals or organizations. They include, among other things, phone numbers, postal addresses, email addresses, as well as communication means such as social media handles and instant messaging identifiers.
  • Meta-, Communication-, and Procedural Data: Meta-, communication-, and procedural data are categories that contain information about how data is processed, transmitted, and managed. Meta-data, also known as data about data, includes information that describes the context, origin, and structure of other data. They can include information about file size, creation date, document author, and change histories. Communication data capture the exchange of information between users across various channels, such as email correspondence, call logs, messages on social networks, and chat histories, including involved persons, timestamps, and transmission paths. Procedural data describe processes and workflows within systems or organizations, including workflow documentation, transaction and activity logs, as well as audit logs used for tracking and verifying operations.
  • Usage Data: Usage data refers to information that captures how users interact with digital products, services, or platforms. This data encompasses a wide range of information showing how users utilize applications, which functions they prefer, how long they stay on certain pages, and which paths they navigate through an application. Usage data can also include frequency of use, timestamps of activities, IP addresses, device information, and location data. They are particularly valuable for analyzing user behavior, optimizing user experiences, personalizing content, and improving products or services. Additionally, usage data plays a crucial role in identifying trends, preferences, and potential problem areas within digital offerings.
  • Personal Data: "Personal Data" refers to all information related to an identified or identifiable natural person (hereinafter "data subject"); an identifiable person is considered a natural person who can be identified directly or indirectly, in particular by associating them with an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more specific characteristics that reflect the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Profiles with User-Related Information: The processing of "profiles with user-related information," or simply "profiles," includes any kind of automated processing of personal data that involves using this personal data to analyze, evaluate, or predict specific personal aspects related to a natural person (depending on the type of profiling, this may include different information related to demographics, behavior, and interests, such as interaction with websites and their content, etc.). Profiling often involves the use of cookies and web beacons for these purposes.
  • Log Data: Log data are information about events or activities that have been recorded in a system or network. These data typically include information such as timestamps, IP addresses, user actions, error messages, and other details about the use or operation of a system. Log data are often used for analyzing system issues, security monitoring, or creating performance reports.
  • Reach Measurement: Reach measurement (also known as web analytics) serves the evaluation of visitor flows of an online offer and can include the behavior or interests of visitors in certain information, such as website content. With the help of reach analysis, operators of online offers can, for example, recognize at what times users visit their websites and what content interests them. This allows them to better tailor the website content to the needs of their visitors. Pseudonymous cookies and web beacons are often used for reach measurement purposes to recognize returning visitors and thus obtain more accurate analyses of the use of an online offer.
  • Data Controller: The "Controller" is the natural or legal person, authority, institution, or other body that alone or jointly with others determines the purposes and means of processing personal data.
  • Processing: "Processing" is any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means. The term is broad and encompasses almost any handling of data, whether it is collecting, evaluating, storing, transmitting, or deleting.
  • Contract Data: Contract data are specific information related to the formalization of an agreement between two or more parties. They document the terms under which services or products are provided, exchanged, or sold. This category of data is essential for managing and fulfilling contractual obligations and includes both the identification of the contracting parties and the specific terms and conditions of the agreement. Contract data can include the start and end dates of the contract, the type of agreed services or products, pricing agreements, payment terms, termination rights, renewal options, and special conditions or clauses. They serve as the legal basis for the relationship between the parties and are crucial for clarifying rights and obligations, enforcing claims, and resolving disputes.
  • Payment Data: Payment data encompass all information required to process payment transactions between buyers and sellers. This data is crucial for electronic commerce, online banking, and any other form of financial transaction. It includes details such as credit card numbers, bank account information, payment amounts, transaction data, verification numbers, and billing information. Payment data may also include information about payment status, chargebacks, authorizations, and fees.

Created with the free Data Protection Generator.de by Dr. Thomas Schwenke

en_USEN
de_DEDE en_USEN