Privacy policy

This privacy policy informs you about the purpose and scope of the processing of personal data (hereinafter referred to as “data”) within our website and the systems associated with it (hereinafter referred to as “online offering”). Unless otherwise specified, the use of terms is based on Art. 4 of the General Data Protection Regulation (GDPR).

Affected persons

Visitors to our online offering (hereinafter generally referred to as “users”)

Purpose of use of the data

• Content and functional provision of the online offer
• Communication with the user (e.g. by answering contact requests)
• Defense against dangers
• Reach measurement and marketing activities

Types of data processed

• Content data (e.g. text input, multimedia data)
• Usage data (e.g. visited websites, access times)
• Meta/communication data (e.g. browser information, IP addresses)
• Contact data (e.g. name, address, e-mail, telephone number)

Legal basis

In accordance with Art. 13 GDPR, the legal basis for data processing is specified in the privacy policy. If this does not apply in a particular case, the legal basis is provided by Article 6(1) and Article 7 GDPR.

Cooperation with processors and third parties

Should we grant other persons or companies (processors or third parties) access to the data for specific processing on our behalf, this is done on the basis of a legal obligation, a legal permission (e.g. for the performance of a contract in accordance with Art. 6 (1) (b) GDPR), on the basis of your consent or on the basis of our legitimate interest (e.g. use of agencies/web hosts). If third parties have been commissioned to process data, this is done in accordance with Art. 28 GDPR on the basis of a data processing agreement.

Transfers to third countries

Data is only processed in a third country (outside the European Union and outside the European Economic Area) for the purpose of fulfilling (pre)contractual obligations, on the basis of your consent, on the basis of legal obligations, or on the basis of our legitimate interests. The data is processed under the conditions specified in Article 44 et seq. GDPR. This is done, among other things, on the basis of special guarantees, such as the officially recognized determination of a level of data protection equivalent to that of the EU (e.g., through the “EU-US Data Privacy Framework”) or through officially recognized special contractual obligations (“standard contractual clauses”).

Rights of users

Users are granted rights under Article 15 GDPR regarding confirmation of the processing of data concerning them and access to such data. Under Article 16 GDPR, you have the right to request the completion or correction of data concerning you. Furthermore, Art. 17 GDPR guarantees you the right to request that data concerning you be deleted immediately or, alternatively (e.g. if this conflicts with statutory retention obligations), that its processing be restricted in accordance with Art. 18 GDPR. In accordance with Art. 20 GDPR, you are entitled to receive data concerning you. Finally, pursuant to Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.

Revocation and objection

In accordance with Art. 7 (3) GDPR, you have the right to revoke any consent you have given with future effect. Furthermore, you can object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR. In particular, you can object to processing for direct marketing purposes.

Deletion of data

Unless otherwise specified in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for the intended purpose and there are no legal retention obligations preventing deletion. These retention obligations generally vary between 6 and 10 years, depending on the type (see Section 257 (1) of the German Commercial Code (HGB) and Section 147 (1) of the German Fiscal Code (AO)).

Hosting

In order to offer you our online services, we use various hosting services (infrastructure, computing capacity, storage space, security, maintenance). In this context, both we and our hosting service provider process content data, usage data, meta/communication data, and contact data of visitors to this online offering on the basis of our legitimate interest in the secure and professional provision of the online offering in accordance with Art. 6 (1) lit. f GDPR and Art. 28 GDPR.

Netlify

Our website is hosted by Netlify. When you visit one of our websites, your browser establishes a connection to a server belonging to Netlify, Inc., 610 22nd Street, Suite 315, San Francisco, CA 94107, USA. Further details about data processing by Netlify are available in their privacy policy. The legal basis for data processing is (Art. 6 (1) (f) GDPR). The basis for third-country transfers is provided by the EU-US Data Privacy Framework (DPF).

Provider's privacy policy: https://www.netlify.com/privacy/
Data processing agreement: https://www.netlify.com/pdf/netlify-dpa.pdf

Collection of access data and log files

Our hosting provider stores data from each user access to the server on which the online offer is located (server log files) in accordance with Art. 6 (1) lit. f. GDPR. The following access data is collected: name of the website accessed, file, date, time of access, amount of data transferred, notifications of successful access, browser type, user's operating system, referrer URL, IP address, and the requesting provider. The server log file information is used to ensure the stable provision of the online offering and for security and evidence purposes. It is only stored for a certain period of time and then deleted. If further storage of the data is necessary for evidence purposes, it will not be deleted until the incident has been finally clarified.