(Status: 15.05.2018)

Relevant legal bases

Pursuant to Article 13 of the GDPR, we hereby notify you of the legal bases of our data processing operations. Insofar as the legal basis is not identified in the privacy policy, the following applies: The legal basis for obtaining consent is pursuant to Article 6 para. 1 lit. a. and Article 7 of the GDPR; the legal basis for the processing in order to perform our services and the execution of contractual measures as well as the answering of inquiries is Article 6 para. 1 lit. b. of the GDPR; the legal basis for processing data in order to fulfil our legal obligations is Article 6 para. 1 lit. c. of the GDPR, and the legal basis for processing data in order to safeguard our legitimate interests is Article 6 para. 1 lit. f. of the GDPR. In the event that vital interests of the data subject or any other natural person require the processing of personal data, Article 6 para. 1 lit. d. of the GDPR is the legal basis.

Changes and updates of the privacy policy

We request that you regularly inform yourself of the content of our privacy policy. We adjust the privacy policy as soon as the changes to the data processing we carry out require it. We shall notify you as soon as the changes require your participation (e.g. consent) or other individual notification is required.

Security measures

In accordance with Article 32 of the GDPR we take appropriate technical measures, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons and organisational measures, to ensure a level of protection appropriate to the risk; the measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and segregation. In addition, we have established procedures that ensure the fulfilment of data subject rights, data erasure, and reaction to data vulnerability. Furthermore, we take into account the protection of personal data in the development and/or selection of hardware, software and procedures, pursuant to the principle of data protection through technology design and privacy-friendly default settings (Article 25 of the GDPR).

The security measures include in particular the encrypted transmission of data between your browser and our server.

Collaboration with contract processors and third parties

If we reveal data to other persons or companies (contract processors or third parties) in the course of processing, transmit, or otherwise grant them access to these data, this shall only occur on the basis of legal permission (e.g. if transmission of data to third parties such as payment service providers is required for contract performance according to Article 6 para. 1 lit. b. of the GDPR, you have given your consent, a legal obligation provides for it, or on the basis of our legitimate interests (e.g. when deploying agents, web hosting, etc.). If we instruct third parties to process data on the basis of a so-called “Data processing order agreement”, this shall occur on the basis of Article 28 of the GDPR.

Data transfer to third countries

Except for the applications mentioned above, no transmission to countries outside the EU is carried out and it is not planned.

Your rights as a data subject

You have the right to:

• Information about your stored data
• Correction and completion of your stored data
• Deletion of your data no longer required
• Restriction of the processing of your data
• Revocation of granted consent with effect for the future
• Objection to the future processing of your data, in particular to processing for direct marketing purposes
• Receipt and transmission to other data controllers responsible for the data concerning you

Provision of contractual services

If stock data (for example, names and addresses as well as contact details of users) are processed, this is done to fulfil our contractual obligations and services pursuant to Article 6 para. 1 lit. b. of the GDPR. For example, the entries marked in the online forms as obligatory are required for the conclusion of the contract.

Deletion of data

The data processed by us are deleted or limited in their processing in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated otherwise in this privacy policy, the data stored by us are deleted as soon as they are no longer required for their intended purpose, insofar as their deletion does not conflict with any statutory storage requirements. If data cannot be deleted because they are required for statutory and other legally permissible purposes, their processing shall be restricted. This means that the data will be blocked and not processed for other purposes. This applies for example to data required to be retained for purposes relating to commercial or fiscal law.

Contact

When contact is made with us (via contact form or email), user data are processed for the processing of the inquiry and its settlement pursuant to Article 6 para. 1 lit. b. of the GDPR.

User information can be stored in a customer relationship management system (“CRM system”) or similar inquiry organisation. We delete the inquiries once they are no longer required. We check the necessity regularly; inquiries from customers who have a customer account are stored by us permanently and we refer to the deletion on the details of the customer account. In the case of legal archiving obligations, the deletion shall take place after the expiration of their storage obligation (end of commercial law (6 years) and tax law (10 years)).

Collection of access data and logfiles

On the basis of our legitimate interests within the meaning of Article 6 para. 1 lit. f. of the GDPR we collect data on every access to the server on which this service is located (so-called server log files). Access data include the name of the website visited, the file accessed, the date and time of the visit, the volume of data transferred, notification of a successful visit, the browser type and version, the operating system of the user, the referring URL (previously visited site), the IP address and the requesting provider. Logfile information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of seven days and is then deleted. Data which must be retained as potential evidence are not deleted until the relevant incident has been ultimately clarified.

Online presence in social media

Based on our justified interests within the meaning of Article 6 para. 1 lit. f. of the GDPR we run an online presence within social media and platforms, in order to be able to communicate with customers, interested parties and users that are active there, and to inform them of our services. When accessing the respective networks and platforms, the terms of use and data processing regulations of the respective provider apply.

Unless otherwise specified in our privacy policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. create contributions on our online presence, or send us messages.

Integration of third-party services and content

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation, and economic operation of our website within the meaning of Article 6 para. 1 lit. f. of the GDPR) we use third-party content or service offers on our website in order to provide their content and services, e.g. include videos or fonts (collectively referred to as “content”). This always assumes that third-party providers of this content perceive users’ IP address because they cannot send content to their browsers without the IP address. Your IP address is therefore necessary to display this content. We strive only to use content from providers who use the IP address to deliver content, and for nothing else. Furthermore, third-party providers can use what are known as pixel tags (invisible graphics also known as “web beacons”) for statistical or marketing purposes. Information such as visitor traffic on the pages of this website can be evaluated using these “pixel tags”. The pseudonymous information may also be stored in cookies on the device of the user and may include technical information about the browser and operating system, referring websites, visiting time, and other information about the use of our website and it may also be linked to such information from other sources. The following list provides an overview of third-party providers, their contents, as well as links to their privacy policies, which contain further information on the processing of data and, as already mentioned here, options for objecting (so called opt-out):

• External fonts from Google, LLC., www.google.com/fonts (“Google Fonts”). The integration of Google fonts is carried out through a server request to Google (usually in the USA). Privacy policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.
• Maps provided by “Google Maps” service of the third-party provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy policy: www.google.com/…/privacy/, Opt-Out: https://www.google.com/settings/ads/.
• Videos from the “YouTube” platform, operated by the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.
• Within our online offer, functions of the service or the platform Twitter may be involved (hereinafter referred to as “Twitter”). Twitter is an offer from Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States. The features include displaying our posts within Twitter within our online offer, linking to our profile on Twitter, as well as the ability to interact with Twitter’s posts and features, as well as whether users access our online offer via the advertisements we have posted on Twitter (so-called conversion measurement). Twitter is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization.
• Plugins of the video portal Vimeo, Vimeo Channels on our websites are plugins of the video portal “Vimeo” of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. Each time you visit a page that offers one or more Vimeo video clips, a direct connection is established between your browser and a Vimeo server in the United States. This information about your visit and your IP address are stored there. By means of interactions with the Vimeo plugins (for example, clicking the Start button), this information is also transmitted to Vimeo and stored there. The privacy policy for Vimeo with more detailed information on the collection and use of your data by Vimeo can be found at https://vimeo.com/privacy. In addition, Vimeo calls up the tracker Google Analytics via an iFrame, in which the video is called up. This is a separate tracking of Vimeo, to which we have no access. You can stop Google Analytics tracking by using the opt-out tools that Google offers for some Internet browsers. Users can also prevent Google from collecting the data on their use of the website (including their IP address) generated by the cookie, and also prevent the processing of these data by Google by downloading and installing the browser plugin available via the following link: https://tools.google.com/dlpage/gaoptout
• External code of the JavaScript framework “jQuery””, provided by the third-party provider jQuery Foundation, https://jquery.org.

Supervisory authority

Pursuant to Article 77 of the EU GDPR, you may lodge a complaint with a supervisory authority if you believe that the processing of your personal data is in breach of the EU GDPR or the Federal Data Protection Act.

Newsletter

The following information is intended to provide information on the content of our newsletter, the registration process, the distribution process, the statistical evaluation process and your right to object. When you subscribe to our newsletter, you acknowledge that you have agreed to receive the newsletter and that you agree with the processes that have been described. Newsletter content: We send the newsletter, emails and other electronic messages with advertising information (hereinafter referred to as “newsletter”) only with the consent of the recipient or if we have been granted legal permission to do so. User consent is based on the contents of the newsletter being described in specific terms when the user registers to subscribe. Our newsletters contain information about our products, offers, promotions and our company. Double opt-in and logging subscriptions We follow a double opt-in process when users subscribe to our newsletter. i.e. you will receive an email after registering which asks you to confirm that you have registered. This confirmation is necessary so that it is not possible for people to log in with external email addresses. New subscriptions to the newsletter are logged in order to verify that the subscription process complies with the legal requirements. The record contains the time of subscription and confirmation as well as the relevant IP address. Changes to any of your data stored by the email marketing service are also logged. Distribution provider: The newsletter is distributed via MailChimp, a newsletter distribution platform owned by the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE # 5000, Atlanta, GA 30308, USA. The privacy policy of the distribution service provider can be viewed here: mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield agreement and thus offers a guarantee that it will comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active)

Subscriber details: To subscribe to the newsletter, it is sufficient to enter your email address.

Use of cookies

Cookies are small text files transmitted from our web server or third-party web servers to the web browsers of users and are stored there for later retrieval. Cookies can be small files or other types of information storage. We use “session cookies” that are only stored for the duration of the current visit to our website (for example, to enable the storage of your login status or the shopping cart function and thus the use of our online offer). In a session cookie a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and the retention period. These cookies can not save other data. Session cookies will be deleted if you have finished using our online offer and, for example, log out or close the browser. This privacy policy informs users that cookies are used in the context of pseudonymous reach measurement. If you do not want to have cookies stored on your computer, you will be asked to disable the corresponding option in the system settings of your browser. You can delete stored cookies using the system preferences of your browser at any time. The exclusion of cookies can lead to function limitations in this online offer. You may object to the use of cookies for reach measurement and promotional purposes through the opt-out page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and, in addition, the US website (http:// www.aboutads.info/choices) or the European website (http:// www.youronlinechoices.com/…/your-ad-choices/).

Use of Google Analytics

1. Our website uses Google Analytics, a web analysis service from Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). Google Analytics uses so-called cookies which are text files that are stored on your computer and enable an analysis of how you use the website. The information generated by the cookie about your use of our WEBSITE (including your IP address) is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on our WEBSITE, your IP address will be truncated by Google within the member states of the European Union or in other countries that are contracting parties to the Agreement in the European Economic Area. Only in exceptional cases will the whole IP address first be transferred to a Google server in the USA and truncated there. On our behalf, Google will use this information to evaluate your use of the WEBSITE, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator.
2. The IP address provided to Google Analytics by your Internet browser will not be merged with any other data provided by Google.
3. You can prevent the use of cookies by selecting the appropriate settings in your browser software; however, we would like to point out that if you do this, you may not be able to access all functions provided on our website. You can also prevent the data generated by cookies about your use of the WEBSITE (incl. your IP address) being passed to Google and the processing of these data by Google, by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
4. For browsers on mobile devices, you can alternatively prevent collection by Google Analytics by clicking on the following link: Set an opt-out cookie for this browser and this website. An opt-out cookie is set which prevents the future collection of your data when visiting our WEBSITE. Please note: The cookie only works for the browser on which it is set. If you delete the cookie on this browser, you must reset it by clicking on the above links.
5. If you allow cookies to be stored, Google Analytics retains your data for 14 months. Data that reaches the end of this retention period will be automatically deleted.
6. Please note that Google Analytics is used on our WEBSITE with the extension “_anonymizeIp ()” and that your IP address will only be processed in shortened form in order to exclude a direct personal reference. If the data collected about you are personal, they will be blocked instantly and the personal data will be deleted immediately.
7. We use Google Analytics to analyse and regularly improve the use of our WEBSITE. The statistics obtained in this way enable us to improve our services and make them more interesting for you as a user. Optimisation and marketing purposes are our legitimate interests. For the exceptional cases in which personal data are transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Article 6 para. 1 sub-para. 1 lit. f of the GDPR.
8. Information about the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436?1001. User conditions: www.google.com/…/de.html, Overview of privacy: http://www.google.com/intl/de/ analytics/learn/privacy.html, as well as the privacy policy: http://www.google.de/intl/de/ policies/privacy.
9. As part of Google Analytics, we use the additional features of Universal Analytics. Universal Analytics allows us to analyse your activities across our sites across devices. This is made possible by the pseudonymous assignment of a user identification (user ID) to a user. Such an allocation is made, for example, when you register for a customer account or log in to your customer account. However, no personal data are forwarded to Google. Please note that also regarding the functions of Google Universal, the above possibilities of objection by the browser plugin or opt-out cookie are possible. You can also disable the cross-device analysis of your usage in your personal account under “My Account”, “Personal Information”.