How we use your personal data
We may process usage data (for example browser type, referral source, page views), contact information (for example name, email), and enquiry or correspondence data (for example information contained in communications between you and us). We may process this data for the purposes of operating this website, providing our services, ensuring the security of this website and our services, communicating with you, analysing the usage of this website and our services, managing our customer relationships, keeping record, and marketing our services.
Processors and third parties
Where we disclose data to other persons and companies (processors or third parties), transmit data or otherwise grant them access to data, we do so based on your consent, a legal obligation, a legal permission (for example transmitting data to a payment service provider to fulfil a contract, pursuant to article 6(1b) GDPR), or our legitimate interests pursuant to article 6(1f) GDPR (for example the use of agents or hosting services). Where we commission third parties to process data by the means of a so-called ‘data processing agreement’, this is based on article 28 GDPR.
Processing in third countries
We may process data in a third country (outside the European Union (EU) or the European Economic Area (EEA)), use third party services, or disclose or transmit data to third parties that do so. We will only do this to fulfil our (pre)contractual obligations, based on your consent, based on legal obligations, or based on our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only under the conditions detailed in articles 44 ff GDPR. Data processing in third countries may for example be based on specific guarantees, such as an officially recognised level of data protection equivalent to the EU (such as the Privacy Shield framework for the US) or compliance with officially recognised contractual obligations (so-called ‘standard contractual clauses’).
Your rights as a ‘data subject’
You have the right to obtain a confirmation as to whether or not your personal data is being processed, to information about this data as well as to a copy of the data based on article 15 GDPR. You have the right to demand the completion or rectification of incomplete or inaccurate personal data about you based on article 16 GDPR. You have the right to demand that personal data about you be erased (the so-called ‘right to be forgotten’) based on article 17 GDPR. Alternatively, you have the right to require a restriction on the processing of your personal data based on article 18 GDPR. You have the right to obtain your personal data provided to us and to transmit that data to another controller based on article 20 GDPR. Should you consider our processing of your personal data to infringe on data protection laws, you have the right to lodge a complaint with the relevant supervisory authority based on article 77 GDPR. To the extent that the legal basis for our processing of your personal data is consent, you have the right to withdraw consent to future processing at any time based on article 7(3) GDPR. Please note that your withdrawal of consent will not affect the lawfulness of past data processing. You can object to the future processing of your personal data based on article 21 GDPR at any time (including against processing for direct marketing purposes).
Deletion of personal data
We delete or restrict the processing of your personal data based on articles 17 and 18 GDPR. Personal data that we process for any purpose will not be stored for longer than necessary for that purpose. We may retain personal data longer where the deletion would conflict with any statutory storage requirements or such retention is required for compliance with legal obligations to which we are subject.
We (respectively our hosting provider) collects data on every access to the server on which this website is hosted (so-called server logfiles) based on article 6(1f) GDPR. This data includes the name of the retrieved website, file, date and time of retrieval, amount of data transferred, notification of retrieval, browser type and version, operating system, referrer URL (previously visited page), IP address and the requesting provider. This data cannot be assigned to specific persons and we don’t merge this data with other data sources. We may check this data retrospectively if we have indication of unlawful access. Logfile information is stored for security purposes (for example to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data required as evidence of an infringement is exempted from deletion until final clarification of the incident.
The hosting facilities this website uses are located in Germany. We use hosting services for the purpose of providing the following services: infrastructure and platform services, computing capacity, storage and database services, security and technical maintenance services required to operate this website. We, respectively our hosting provider, may processes contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this website on the basis of our legitimate interests in an efficient and secure provision of our services based on article 6(1f) GDPR in conjunction with article 28 GDPR.
Provision of contractual services
We process contact details (such as names, addresses) and other contractual data (such as services used and communications related to contractual services) for the purpose of fulfilling our contractual obligations and providing our services in accordance with article 6(1b) GDPR. Storage of this data is based on our legitimate interests, as well as the user’s protection against misuse and other unauthorised use. A transfer of this data to third parties does not take place, unless it is necessary for the prosecution of our claims or there is a legal obligation in accordance with article 6(1c) GDPR. We delete this data after expiration of any legal warranty and comparable obligations; the necessity of storing this data is reviewed every three years. In case of legal obligations to archive, deletion takes place after its expiration.
Legal obligations and business management
To comply with legal obligations and manage our business we process contact details (such as names, addresses, email, phone numbers) and other contractual data (such as services provided) based on article 6(1c) and 6(1f) GDPR. This processing affects customers, prospective customers and business partners. The purpose and interest in processing lies in administrative tasks, accounting, and business organisation. That is, in tasks that serve the maintenance of our business, the fulfilment of our duties and the provision of our services. We disclose or transmit data to the relevant financial authorities, consultants such as tax accountants or auditors, and payment service providers. Furthermore, based on our business interests, we store information about suppliers, promoters and other business partners, for example for the purpose of later contact. This primarily business-related data may be stored permanently.
When you contact us (for example by contact form, e-mail, telephone or via social media), your user information may be processed for the purpose of handling your request based on article 6(1b) GDPR. User information may furthermore be stored in a Customer Relationship Management System or comparable tool. We delete such requests, if they are no longer necessary and we review their necessity every two years. All legal archiving obligations apply.
Analytics with Matomo
Online presence on social media
Embedded content from other websites
Based on our legitimate interests (i.e. the analysis, optimisation and operation of our website) as defined in article 6(1f) GDPR, we use third-party content or service provisions in order to embed content such as videos or fonts on our website (collectively referred to as ‚content‘). For such content to be displayed in your browser, the third-party content provider requires your IP address. Third parties may use so-called pixel tags (invisible graphics, also referred to as ‚web beacons‘) for statistical or marketing purposes. Pseudonymous information may also be stored in cookies on your device and can include technical information about the browser and operating system, referring web pages, time of the visit and other information regarding the use of our website. This section details which third-party content or service providers we may use and how you can control their use of users‘ data.