Privacy policy
1 General information
2 Scope
3 International data protection laws
4 Contact details of the controller
5 Contact details of the data protection officer
6 Definitions
6.1 Personal data
6.2 Data subject
6.3 Processing
6.4 Erasure
6.5 Destruction
6.6 End users
6.7 Restriction of processing
6.8 Profiling
6.9 Pseudonymization
6.10 Anonymization
6.11 "Controller" or "controller"
6.12 Processor
6.13 Recipients
6.14 Third parties
6.15 Consent
6.16 Content Delivery Network (CDN)
6.17 End devices
6.18 Mobile devices
6.19 Website
6.20 IP address
6.21 Java, JavaScript
6.22 Cookies
6.23 Cookie Consent Tool
6.24 Web Beacons
6.25 Third countries/third countries, transfer of data to third countries
6.26 Advertising
7 Storage period
8 Rights of the data subject
8.1 Right of access pursuant to Art. 15 GDPR
8.2 Right to rectification pursuant to Art. 16 GDPR
8.3 Right to erasure pursuant to Art. 17 GDPR
8.4 Right to restriction of processing pursuant to Art. 18 GDPR
8.5 Right to data portability pursuant to Art. 20 GDPR
8.6 Right to withdraw consent pursuant to Art. 7 (3) GDPR
8.7 Right to lodge a complaint pursuant to Art. 77 GDPR
9 Legal basis for processing
9.1 Consent
9.2 Performance of a contract
9.3 Legal obligation
9.4 Vital interests
9.5 Legitimate interest
10 Data processing through this website
10.1 Collection of general data and information
10.2 External hosting
10.3 TLS encryption
10.4 Website modular system
10.5 Fonts10.6 Contact, contact options
10.7 Social media
10.7.1 Contract with the provider for the protection of your personal data
10.7.2 Legal basis for processing
10.7.3 Possible data processing in third countries
10.7.4 Channels used
10.8 Application process
10.9 User account
10.10 Web analytics
10.11 Online map services
11 Minors
12 Copyright in the privacy policy
1 General information
This Privacy Policy was last updated on 01.10.2024 and informs you about the nature, scope, legal basis and purpose of the processing of your personal data by us.
On the one hand, this information relates to the processing of personal data on or by our website. On the other hand, you will receive information about the processing of your personal data in other internal and external processes of our company. If necessary, you will receive additional information on further processing in an appropriate manner. For example, if we If you use your personal data to register your visit to us on site, you will also be informed on site.
We take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with the statutory national and European regulations as well as the specifications and recommendations of the state data protection authority responsible for us The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate, Hintere Bleiche 34, 55116 Mainz.
We also reserve the right to implement the published recommendations of other data protection authorities if, in our opinion, they can better ensure the protection of your personal data. The same applies to publications in literature and case law.
Keep in mind that the absolute security of your data can never be guaranteed 100 percent. There is always a risk that unauthorized persons will illegally access your data or use it to contact us. In addition, there is the possibility of data loss, whether due to employees, former employees or service providers, or due to carelessness or intention. We also cannot rule out the possibility that a provider or an affiliated company may share your data with other companies or have it processed by other companies without our knowledge. We also cannot rule out the possibility that the data processing will take place in whole or in part in a third country without our consent by providers, where an adequate level of data protection may not be guaranteed. Therefore, please also take the time to observe our information on data processing in third countries in this privacy policy. Our aim is to raise your awareness of the responsibility in dealing with your personal data and the data of others. If you notice any signs of possible misuse of your data, we urge you to inform us immediately. Your privacy is of the utmost importance to us, and we are committed to ensuring its security.
Solely for the purpose of better readability, the gender-specific spelling is dispensed with. All personal designations in this "Information on Data Protection" (e.g. customer, controller, data subject, data protection officer) are therefore to be understood in a gender-neutral manner.
2 Scope of application
Through this data protection information (also "Privacy Policy", "Privacy Policy"), we inform you in accordance with Art. 12 et seq. GDPR about which of your personal data we process (definition of the terms "personal data", "processing": see below) to present this website and to be able to use the functions used on the website.
We also inform you about the other processes associated with the presentation of the website or the functions used (hosting, newsletter, etc.). If and to the extent that we process personal data in other processes (telephone system, guest Wi-Fi, video surveillance, etc.), you will receive further information in a timely and comprehensive manner in an appropriate manner. This information may also be available on this website; we will therefore also inform you about the way in which we store the information in the further processes.
This data protection information also applies to our other online presences (e.g. websites, landing pages, shops, social media presences) as well as to other processes, insofar as we expressly refer to this data protection information.
3 International Data Protection Laws
In addition to the GDPR, the BDSG and other national laws, we also take other international regulations into account:
- Swiss Federal Act on Data Protection (FADP), implementing provisions of the Data Protection Ordinance (DSV), recommendations of the Federal Data Protection and Information Commissioner (FDPIC), as amended (Switzerland).
If the provisions of the individual laws and regulations overlap or that a legal regulation guarantees more extensive or better protection, we will give preference to the regulation that, in our opinion, guarantees better protection of personal data, unless the application of a regulation is mandatory and/or an alternative use is not possible.
4 Contact details of the controller
The controller responsible for the processing of data on this website within the meaning of the General Data Protection Regulation (GDPR), other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature are:
CompetentSolutions GmbH
Backesgasse 564347 Griesheim
EMail: datenschutz@cos-office.de
You can contact us at any time if you have any questions about this data protection notice or if you want to assert your rights.
5 Contact details of the Data Protection Officer
You – and any other data subject – can contact our data protection officer directly, verbally, in writing at any time with all questions and suggestions regarding data protection.
Mario AndricEMail: datenschutz@cos-office.eu
turn.
6 Definitions
In this privacy policy ("Privacy Notice"), we use, among other things, the terms used in the European General Data Protection Regulation (GDPR), OJ No. OJ L 119 of 4 May 2016, pp. 1–88 (in the version in force at the time of drawing up this data protection notice) and the German Federal Data Protection Act (BDSG) in the version of 30 June 2017; (Federal Law Gazette I p. 2097), most recently amended Art. 12 G of 20 November 2019; (Federal Law Gazette I pp. 1626, 1633).
Insofar as additional terms are used in this data protection declaration from other laws or the terms serve to understand this data protection declaration, we have explained them in addition in the following text.
6.1 Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (cf. Art. 4 No. 1 GDPR).
Personal data includes, for example, name, address, account or telephone number, but also IP address or ID number.
6.2 Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller (cf. Art. 4 No. 1 GDPR).
The data subject is, for example, the user of the website or the customer, client, patient, etc. of a company.
6.3 Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination; the restriction, deletion or destruction (cf. Art. 4 No. 2 GDPR).
Processing therefore occurs when we collect, pass on, store or delete personal data.
6.4 Delete
In data protection law, a distinction is made between "deletion" and "destruction" of personal data (cf. e.g. Art. 4 No. 2 at the end "... deletion or destruction").
Data deletion refers to the removal of data from an electronic system or database. Deleted data can usually be recovered if no special measures have been taken to permanently overwrite or destroy it. In many cases, deletion means that the data is first moved to the Recycle Bin or Deleted Items folder, and from there it can be permanently deleted later. Deleted data can be restored — albeit with considerable effort — but it is not easily accessible or usable after deletion.
6.5 Annihilation
In data protection law, a distinction is made between "deletion" and "destruction" of personal data (cf. e.g. Art. 4 No. 2 at the end "... deletion or destruction").
Data destruction is a physical process in which data is destroyed in a way that makes recovery impossible. This can be done, for example, by shredding paper documents or overwriting electronic data carriers with special software. The destruction of data ensures that there are no traces of the information and that it can no longer be reconstructed.
6.6 End Users
An end-user is any natural or legal person who uses a public telecommunications service (e.g. internet access services) without providing a public telecommunications network or a publicly available telecommunications service.
6.7 Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing (cf. Art. 4 No. 3 GDPR).
For example, if you contact us and tell us that your data is incorrect, we will restrict the processing of your data to verify the accuracy of the data (cf. Art. 18 (1) (b) GDPR)
6.8 Profiling
Profiling is any type of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, to analyze or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movement (cf. Art. 4 No. 4 GDPR).
Profiling would be, for example, the evaluation of your economic situation based on your shopping behavior.
6.9 Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person (cf. Art. 4 No. 5 GDPR).
Pseudonymization is given, for example, if the personal data is replaced by, for example, a customer number. Without knowledge of which customer number has been assigned to which customer, it is not possible to assign the data to a specific person (customer).
6.10 Anonymization
Anonymization is the complete and irreversible removal of the personal reference of the data.
For example, if all customer contact data is overwritten with random numbers and no memory has been made of which number has been assigned to which customer, the data can no longer be assigned to a person.
Anonymized data is not subject to the rules of the GDPR and the BDSG due to the lack of a personal reference (cf. Recital 26 GDPR).
6.11 "Controller" or "Controller"
The controller or controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law (cf. Art. 4 No. 7 GDPR).
The controller responsible for the processing of data when using this website is the provider of this website (cf. Contact details of the controller).
6.12 Processors
Processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller (cf. Art. 4 No. 8 GDPR).
For example, we use a so-called hoster as a processor, i.e. a company that stores our website on its own servers. If, for example, you enter your personal data (e.g. name, email address, etc.) via a contact form, this data will be stored by the hoster on its server, etc. The hoster only processes the data in the way we have contractually agreed with him. He therefore processes the data "on our behalf" and is therefore a "processor".
6.13 Recipients
The recipient is a natural or legal person, public authority, agency or other body to which personal data is disclosed, whether it is a third party. However, public authorities that may receive personal data in the context of a specific investigative mandate under Union or Member State law are not considered recipients (cf. Art. 4 No. 9 GDPR).
Recipients of this privacy policy are, for example, you.
6.14 Third Party
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.
A third party is, for example, a public authority that accesses data based on a legal authorization (cf. Art. 4 No. 10 GDPR).
6.15 Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes in the form of a statement or other unambiguous affirmative action by which the data subject signifies that he or she agrees to the processing of personal data concerning him or her (cf. Art. 4 No. 11, Art. 7 GDPR).
For example, you give us consent when you place your order – then you consent to us processing the data you provide so that we can also fulfil your order.
6.16 Content Delivery Network (CDN)
A content delivery network (CDN) is a network of servers that are connected via the internet and send data to end devices. A CDN can consist of several thousand regionally distributed servers that deliver data as quickly as possible according to certain rules. The advantage of a CDN is essentially that not only the server on which our website is stored (hosted), for example, delivers the necessary data (e.g. texts or images), but many servers at the same time. This means that our website can be displayed much faster for you.
For the CDN to work, it needs data such as browser type, IP address, screen resolution, etc.
If you do not want to use the CDN, you can install a JavaScript blocker (e.g. Sybu https://sybu.co.za or NoScript https://noscript.net) on the device you are using. The delivery of the website may then be slower.
6.17 Terminal equipment
By the term "terminal equipment" we mean any device connected directly or indirectly to the interface of the telecommunications network you use for sending, processing or receiving messages or data, regardless of the type of connection (wire, electromagnetic, etc.).
6.18 Mobile Devices
By the term "mobile devices" we mean all internet-enabled devices that are not stationary but mobile, i.e. mobile. These can be smartphones, tablets, etc.
6.19 Website
By "website" (also: website, website, web presence, etc.) we mean the presence of a provider that can be reached under an individual web address. A website can be played with browsers. It is comparable to a "house" at a certain address (domain) and usually has several websites (i.e. "rooms"). In addition to the web application (homepage), other services such as e-mail, storage space, etc. can be used.
6.20 IP Address
The IP address is the unique address (e.g. 216.58.190.0) of the computer or device you are using, similar to a postal address. According to a decision of the European Court of Justice (judgment of 19.10.2016, docket no.: C582/14), IP addresses are personal data (see also Recital 30 GDPR). It follows that the GDPR and the BDSG also apply to IP addresses.
The IP address is used to deliver data to your computer. You can find out the IP address of your computer on the network by using the "ipconfig" command or you can do some research online (e.g. at https://www.heise.de/netze/tools/meine-ip-adresse/), which transmits your IP address to the provider.
6.21 Java, JavaScript
Java is a platform-independent programming language developed in 1995 by the US company Sun Microsystems Inc., Santa Clara, USA (now part of the Oracle Corporation, Austin, USA), whose language specification is constantly being developed. Java is now used not only by web browsers, but also in cars, hi-fi systems and other electronic devices.
JavaScript (JS) is a scripting language developed by Brendan Eich in 1995 for dynamic HTML in web browsers. JS expands the possibilities of HTML. JavaScript was developed independently of Java and differs in many ways.
6.22 Cookies
Cookies are small data packets in the form of text files that are used to temporarily store certain information on your device. This makes it possible, for example, to recognize your computer when you visit our website again or to save content in forms or your shopping cart. Tracking services use cookies to store collected information.
There are two types of cookies: Transient cookies are automatically deleted when you close your web browser. These include session cookies that store a session ID to associate requests in your current session. This enables your device to be recognized when you visit our website again. Session cookies are deleted when you log out or close the browser. Persistent cookies, on the other hand, are deleted after a predetermined period of time, the duration of which varies depending on the cookie.
Technically necessary cookies are indispensable in order to display the website correctly. These include, for example, shopping cart cookies, login cookies and language selection cookies.
If you do not want cookies to be stored, you can disable the appropriate settings in your web browser. You can delete existing cookies in the browser settings. Detailed instructions can be found in the help sections of your browser under the following links:
- Internet Explorer
- Mozilla Firefox
- Google Chrome
- Safari
- Opera:
- Microsoft Edge
In addition, you can prevent the collection and transfer of personal data by disabling ("blocking") JavaScript in your browser. It is also possible to install script blockers that prevent the execution of certain code. Script blockers can be found at the following links:
- https://addons.mozilla.org/de/firefox/addon/noscript/
https://noscript.net/
https://www.ghostery.com
https://chrome.google.com/webstore/detail/umatrix/ogfcmafjalglgifnmanfmnieipoejdcf
Further information on cookies and their use can be found at the Bundesverband Digitale Wirtschaft (BVDW) e. V. at www.bvdw.org. Additional information is available on the https://meine-cookies.org/ website of the BVDW e.V.
To obtain and document your consent to the processing of cookies, which may be required, we use a separate tool — a so-called Cookie Consent Tool.
6.23 Cookie Consent Tool
Cookie consent tools ("consent") manage the consents you give to the use of certain tools that are not technically necessary.
A pop-up window will inform you of the cookies you want before using tools that require cookies. You can then decide whether or not you agree with and with which cookies.
Your decision will then be stored for a period of up to twelve months. Personal data, such as your IP address – as well as a pseudonymous Uer ID, the time of consent and selection, etc.) used. This data is stored either in a cookie on your device or on the server we use.
You can adjust or withdraw your consent at any time.
The use of the Cookie Consent Tool is based on our legitimate interest in operating the website in an efficient and legally compliant manner. Without the use, it is not possible for us to obtain the necessary consents and document the user's decision. We need the documentation in accordance with Art. 5 para. 2 GDPR in order to be able to prove that we operate the website in accordance with applicable law. For more information, see the explanations of the cookie consent tool used.
6.24 Web Beacons
Web beacons are not graphics in HTML emails or on web pages. Usually the image is only 1×1 pixels in size, often transparent or in the color of the background and therefore not or hardly visible.
When the document is loaded, the web beacon is loaded from a server and the download is registered there. This can then be used to determine whether the document has been loaded, e.g. whether the email has been opened.
You can prevent the use of web beacons, for example, if you open the email offline, do not open the email as an HTML email, or block external graphics with your email program.
You can also use tools that detect and block web beacons, such as
- Privoxy – https://www.privoxy.org/
- Proxomitron – https://www.proxomitron.info/
For more information, see the explanations of the "web beacons" used.
6.25 Third countries/third countries, transfer of data to third countries
The term "third countries" or "third countries" refers to the states that are not part of the European Union (i.e. Belgium, Bulgaria, Romania, Czech Republic, Denmark, Germany, Estonia, Greece, Spain, France, Ireland, Italy, Cyprus, Latvia, Lithuania, Luxembourg, Hungary, Malta, Netherlands, Austria, Poland, Portugal, Slovenia, Slovakia, Finland and Sweden, as of 27.11.2023) or the European Economic Area (member states of the EU as well as Iceland, Liechtenstein and Norway, as of 27.11.2023).
In addition to the United States of America (USA), India, China, Russia, Brazil, South Africa, Australia, there are about 160 other countries (as of 27.11.2023) that are potential third countries.
Data transfers to third countries are subject to the strict legal requirements (cf. Art. 44 et seq. GDPR) if, among other things,
- the European Commission has determined in accordance with Art. 45 para. 3 GDPR that an adequate level of data protection exists in the third country. Such so-called adequacy decisions are available for Andorra, Argentina, Canada (commercial organizations only), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, Japan and the United Kingdom (as of 27.11.2023). An overview of the adequacy decisions adopted is provided by the European Commission. - or if the data recipient provides appropriate safeguards to protect the personal data and enforceable and effective remedies are available to the data subjects (Art. 46 para. 1 GDPR).
Pursuant to Art. 46 para. 2 GDPR, such suitable safeguards include the use of the Commission's standard data protection clauses (Art. 46 para. 2 lit. c, Art. 93 para. 2 GDPR). These standard data protection clauses or Standard Contractual Clauses (SCC) are model templates of the EU Commission. You can find these clauses here: https://eur-lex.europa.eu/eli/dec. The clauses used ensure that personal data is also processed in the third country concerned at a level of data protection equivalent to that of Europe.
For data transfers to the USA, the "Trans Atlantic Data Privacy Framework" (TADPF) has been in force since 10.07.2023 . The TADPF introduces new binding guarantees for US recipients of data. These include the restriction of access to data of EU citizens by US intelligence services and the establishment of the Data Protection Review Court (DPRC), a supervisory body that is also accessible to non-US citizens. The DPRC can also order the deletion of data in the event of violations. The TADPF is regularly reviewed by the European Commission together with representatives of the European data protection authorities and the relevant US authorities. The first review is expected to take place within one year of the TADPF's entry into force.
The TADPF has the effect of an adequacy decision pursuant to Art. 45 (1) GDPR and applies in principle to US companies participating in the TADPF with immediate effect. Additional legitimation instruments such as Standard Contractual Clauses (SCC) are no longer necessary for data exports to US recipients, as the USA is once again considered a safe third country. However, U.S. companies must self-certify and commit to complying with certain data protection obligations in order to benefit from the effects of the TADPF. The current status can be viewed under https://www.dataprivacyframework.gov/s/ from 17.07.2023 .
A data transfer is also permissible if the data subject has consented to the transfer in accordance with Art. 49 (1) (a) GDPR or if the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject by the controller with another natural or legal person (Art. 49 (1) (c) GDPR) or if another exception to Art. 49 GDPR applies.
When we work with providers who are either based in a third country or process data in a third country (e.g. in the USA), we ensure compliance with legal requirements and check this regularly. In addition, we only work with those providers who have concluded the necessary contracts with us.
If we have to or want to deviate from this in exceptional cases, we will inform you accordingly and ask for your consent.
6.26 Advertising
Advertising is a form of communication in which companies or organizations distribute messages or information about their products, services, or brands to potential customers or audiences through various media channels (banner ads on websites, social media ads, video ads, etc.). The main goal of advertising is to increase awareness of a product or service, generate interest among potential customers, and ultimately encourage the sale or use of the advertised offer.
7 Storage period
In principle, we only store personal data for as long as the storage is necessary for the processing of the data ("storage period"). After the deadline has expired, the data will generally be automatically deleted.
The necessity of storage also depends on retention periods prescribed by law or ordered by authorities. These can be, for example, tax regulations or regulations of commercial law. Retention periods can also result from the contractual provisions (e.g. information on the contractual partner). The data will therefore only be deleted in compliance with the legal, official and, if applicable, judicial requirements for the storage or deletion of personal data.
In some cases, it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company enters into a contract with him. Failure to provide the personal data would mean that the contract with the person concerned could not be concluded.
8 Rights of the Data Subject
The applicable data protection law grants you comprehensive rights as a data subject vis-à-vis the controller with regard to the processing of your personal data (rights of access and intervention, etc.), about which we inform you below:
8.1 Right of access pursuant to Art. 15 GDPR
You may request confirmation from the controller as to whether personal data concerning you is being processed by the controller ("right to confirmation"). Furthermore, you have the right to information about:
- the purposes of the processing;- the categories of personal data that will be processed;- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations;- if possible, the envisaged period for which the personal data will be stored or, if this is not possible, the criteria for determining that duration;- the existence of a right to rectification or erasure of personal data concerning him or her or to restriction of processing by the controller or a right to object to such processing;- the existence of a right to lodge a complaint with a supervisory authority;- if the personal data is not collected from the data subject: all available information on the origin of the data;- the existence of automated decision-making, including profiling in accordance with Article 22 (1) and (4) GDPR and — at least in these cases — meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.
You also have the right to know whether personal data has been transferred to a third country or to an international organization. If this is the case, you also have the right to receive information about the appropriate safeguards in the context of the transfer.
If you would like to make use of this right of access, you can contact us or our data protection officer at any time.
8.2 Right to rectification pursuant to Art. 16 GDPR
You have the right to have the inaccurate data concerning you rectified without undue delay and/or to have your incomplete data stored by us completed; the correction or completion must be made without delay.
8.3 Right to erasure in accordance with Art. 17 GDPR
You have the right to request that the personal data concerning you be erased without undue delay if one of the following grounds applies and to the extent that the processing is not necessary:
- The personal data has been collected or otherwise processed for purposes for which it is no longer necessary.- The data subject withdraws his/her consent on which the processing was based pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR and there is no other legal basis for the processing.- The data subject objects to the processing in accordance with Art. 21 (1) GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in accordance with Art. 21 para. 2 GDPR.- The personal data has been unlawfully processed.- The erasure of the personal data is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject.- The personal data has been processed in relation to offered information society services in accordance with Art. 8 para. 1 GDPR.
If one of the above reasons applies and a data subject wishes to request the deletion of personal data that is stored, he or she may contact us at any time.
If the personal data has been made public and our company, as the controller, is obliged to delete the personal data in accordance with Art. 17 (1) GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform other data controllers who process the published personal data: that the data subject has requested from those other data controllers the deletion of all links to such personal data or of copies or replications of such personal data, to the extent that the processing is not necessary.
8.4 Right to restriction of processing pursuant to Art. 18 GDPR
You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data that you contest is verified, if you refuse to delete your data due to unlawful data processing and instead request the restriction of the processing of your data, if you need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved, or if you have lodged an objection on grounds relating to your particular situation, pending the determination of whether our legitimate reasons prevail;
Where the processing of personal data concerning you has been restricted, such data may only be processed with your consent or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been restricted, you will be informed by the controller before the restriction is lifted.
Right to information pursuant to Art. 19 GDPR
If you have exercised your right to rectification, erasure or restriction of processing, the Controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this is impossible or involves disproportionate effort. You also have the right to be informed about these recipients.
8.5 Right to data portability in accordance with Art. 20 GDPR
You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller, to the extent that this is technically possible.
8.6 Right of revocation pursuant to Art. 7 para. 3 GDPR
You have the right to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
You also have the right to revoke your declaration of consent under data protection law at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent before the withdrawal.
We will no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject, or the processing serves to establish, exercise or defend legal claims.
Where we process personal data for direct marketing, you have the right to object at any time to the processing of personal data for the purpose of such marketing. This also applies to profiling, insofar as it is related to such direct advertising. If you object to direct marketing, we will no longer process the personal data for these purposes. However, we reserve the right to store your data in a so-called blacklist so that we can ensure that you are not the recipient of an advertisement by us in the future. The maintenance of a blacklist and thus the processing of your personal data is carried out on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR). We have an interest in ensuring that you are no longer the addressee of our advertising by maintaining the blacklist.
In addition, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
To exercise the right to object, you can contact us directly. They are also free to exercise their right to object in the context of the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
8.7 Right to lodge a complaint pursuant to Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy or remedy, you have the right to lodge a complaint with a supervisory authority. You can contact the supervisory authority of your place of residence, your place of work or the place of the alleged infringement if you believe that the processing of personal data concerning you violates data protection rules. The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate, Hintere Bleiche 34, 55116 Mainz, is responsible for the provider of this website. You can also contact this authority.
9 Legal basis for processing
All data processing is carried out on the basis of a valid legal basis (cf. Art. 5 (1) (a) GDPR — Principle of lawfulness. We process personal data either on the basis of consent, for the performance of a contract or legal obligation, or on the basis of our legitimate interest.
9.1 Consent
If you have consented to the data processing, we process your personal data on the basis of Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR if special categories of data pursuant to Art. 9 (1) GDPR (e.g. data revealing racial and ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, health data or data relating to a natural person's sex life or sexual orientation).
In the case of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 (1) (a) GDPR. If you have consented to the storage of cookies or access to information on your device or information stored there, data processing is also carried out on the basis of § 25 para. 1 TTDSG. The consent can be revoked at any time.
9.2 Performance of a contract
If the processing of personal data is necessary for the performance of a contract to which you are a party (e.g. in the case of a purchase or consulting contract), the processing is based on Art. 6 (1) (b) GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, such as in cases of enquiries about our products or services.
9.3 Legal Obligation
If our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 (1) (c) in conjunction with (3) GDPR.
9.4 Vital interests
In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if you injure yourself during a visit to our company and we then e.g. would have to pass on their name to a doctor, hospital or other third party. In that case, the processing would be based on Art. 6 (1) (d) GDPR.
9.5 Legitimate interest
The processing may also be based on a so-called legitimate interest within the meaning of Art. 6 (1) (f) GDPR. This legal basis is the basis for processing operations that are not covered by any of the aforementioned legal bases if the processing is necessary for the purposes of a legitimate interest pursued by our company (e.g. the intention to make a profit, presentation of the company, etc.) or by a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. The weighing of any conflicting interests is always a case-by-case consideration and decision — related to the process or system ‑.
According to EC 47 sentence 2, there is a legitimate interest in data processing if the data subject is a customer of the controller, or the processing of personal data for the prevention of fraud, etc. EG 47 sentence 6) or for the purposes of direct advertising (cf. EG 47 sentence 7).
10 Data processing by this website
10.1 Collection of General Data and Information
Our website collects a series of general data and information with each visit. This general data and information is stored in the log files of the server. The following can be recorded:
- browser types and browser versions used,- the operating system used by the accessing system,- the website from which an accessing system reaches our website (so-called referrer URL),- the sub-websites that are accessed via an accessing system on our website,- the date and time of access to the website,- amount of data sent in bytes- an Internet protocol address (IP address),- the Internet service provider of the accessing system and other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
This data is not merged with other data sources. The data is generally anonymised. However, there is generally the possibility that we may not or cannot make anonymization due to legal, official or judicial requirements.
The basis for the collection of general data and information when accessing our website is Art. 6 (1) (b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. If you do not conclude a contract with us or no pre-contractual measures are necessary, we process the data on the basis of Art. 6 (1) (f) GDPR (so-called "legitimate interest"). Insofar as we are legally obliged to process data, the processing is carried out on the basis of Art. 6 (1) (c) GDPR. If we ask you for consent to the processing, the legal basis for data processing is Art. 6 (1) (a), 4 No. 11, 7, 9 GDPR.
We do not use the above information to draw conclusions about the data subject, but to
- to deliver the content of our website correctly, - to optimise the content of our website and the advertising for it- to ensure the long-term functionality of our information technology systems and the technology of our website, and - to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack.
This anonymously collected data and information is therefore evaluated by us statistically on the one hand and with the aim of increasing data protection and data security in our company in order to ensure an optimal level of protection for the personal data we process.
The anonymous data of the server log files is stored separately from all personal data provided by you. It is therefore not possible to draw conclusions about you. For example, we can't determine what type of browser you're using. We only have data on which browser types were used by visitors in a certain period of time.
If, for example, a visitor logs in to the customer area several times incorrectly, we store the IP address – which is personal data – in order to detect (hacker) attacks on our system and fend them off in good time.
If we have concrete indications of illegal use of our website, we will subsequently check the server log files and use the data, e.g. for filing a criminal complaint or asserting civil law claims.
If personal data is stored in log files, it will be deleted no later than seven days after use. Longer storage is possible if, for example, illegal use has been detected and we want to prosecute this misconduct. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.
10.2 External Hosting
Our website is technically stored and stored by an external service provider ("hoster"). The personal data collected on this website is therefore stored directly on the hoster's servers and not on servers that are held directly by us.
The hoster is used for the purpose of fulfilling the contract with our customers or for the initiation of contracts with potential customers (Art. 6 para. 1 lit. b GDPR) and in our interest in the secure, fast and efficient provision of our online offer as well as the presentation of our company and our services by a professional provider (so-called "legitimate interest" within the meaning of Art. 6 para. 1 lit. f GDPR).
After weighing our interests against your interests, in particular your right to informational self-determination, we have come to the conclusion that our interests outweigh the interests; the encroachment on your rights is minimal. You are also free to use our offer or not and to disclose data.
Our hoster will only process your data to the extent necessary to fulfil its contractual obligations to us. We have concluded a contract with the hoster for the processing of personal data on our behalf (so-called "order processing agreement") and thus complied with the strict requirements of the General Data Protection Regulation, the Federal Data Protection Act and other laws (e.g. Telemedia Act, Telecommunications Act, Telecommunications-Telemedia-Data Protection Act). The processing of the data by the hoster is only carried out on our instructions and within the framework of the applicable laws; in particular with regard to the protection of your data.
We work together with the hoster Droptop GmbH, Am Grashorn 8, 14548 Schwielowsee (Germany). Further information can be found on the provider's website, in particular in the privacy policy or the information on data protection .
10.3 TLS Encryption
For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses TLS encryption.
TLS (Transport Layer Security) is an encryption technology that enables secure access to the Internet. TLS has so-called end-to-end encryption; i.e. the information is encrypted by the sender (e.g. a client) before it is sent and only decrypted by the recipient (e.g. a web server). This is made possible by asymmetric encryption of the information and the exchange of a common symmetric session key between the communication partners. Only the communication partners can decrypt the information, as the encryption technologies also check the authenticity of the communication partners and they must first acquire appropriate certificates from a special certification authority.
Data that you transmit via this website cannot be read by third parties due to SSL encryption. You can recognise the encryption of our website by clicking on "https://". You can also recognize the use of the technology by a small lock symbol in your browser."
The certificate we use was issued by the certificate authority Let's Encrypt (LE) 548 Market St, PMB 77519, San Francisco, CA 94104-5401 (USA).
It is technically impossible for the certificate authority to read or store your data. Information on data processing, etc. can be found on the website of the certification body https://letsencrypt.org/privacy/.
10.4 Website Modular System
For the design of our website, we use a content management system (abbreviation: "CMS") from the provider Automatic Inc. 60 29th Street #343, San Francisco, CA 94110 (USA).
With the help of the CMS, we can use many functions for our website and webshop without any programming effort. CMSs process technical data such as operating system, browser, language and keyboard settings as well as personal data (e.g. IP address).
The legal basis for the processing of personal data is our legitimate interest in making our website efficient and effective (Art. 6 para. 1 lit. f GDPR). When weighing our interests against your interests, in particular your right to informational self-determination, we have come to the conclusion that our interests prevail; the encroachment on your rights is minimal. You are also free to use our services and disclose data. If the CMS uses cookies, you also have the option of objecting to their use.
Further information on data protection can be found on the website and in the privacy policy of the provider https://wordpress.com/de/ .
10.5 Fonts
Fonts or fonts from different providers are used to display the fonts on this website. When you access our website, a connection is usually established with the provider so that it can provide fonts that are not available on your device. The IP address of the device you are using is transmitted to the respective provider.
The processing of personal data is carried out on the basis of the consent you have given (cf. Art. 6 para. 1 lit. a, 4 no. 11, 7 GDPR) that you have given us before the processing. Please also note our separate information in this data protection declaration on the subject of "Consent – granting, effect, revocation".
We work with the following providers in this area:
Google Fonts (Provider: Google Ireland Limited, Address: Gordon House, Barrow Street Dublin 4. Ireland, Website: https://www.google.com/, Privacy Policy: https://policies.google.com/privacy?hl=de&utm\_source=ucb)
FontAwesome (Provider: Fonticons Inc., Address: 6 Porter Road, Apartment 3R, Cambridge, MA 02140 USA, Website: https://fontawesome.com, Privacy Policy: https://fontawesome.com/privacy)
We have concluded the contracts and agreements required under data protection law with the respective provider before processing. Further information can be found on the website of the respective provider, in particular the privacy policy.
Your data may also be processed by the providers in third countries, such as the USA. On 10.07.2023, the European Commission and the USA agreed on a new Transatlantic Data Privacy Framework. Since then, data transmission to the USA has been possible again without having to meet any special requirements. The company commissioned by us is listed in the so-called "Data Privacy Framework List". An overview of the companies that have already been certified can be found under https://www.dataprivacyframework.gov/s/ Processing by certified companies is considered safe. Nevertheless, we also make sure that the data protection (protection) regulations for your personal data are complied with. Please note our information on "Transfers of data to third countries".
For further information, please refer to the website of the above-mentioned provider, in particular the privacy policy and the information on data protection.
10.6 Contact, contact options
Due to legal regulations, the website contains information that enables quick electronic contact with our company as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address).
If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject will be automatically stored. Such personal data provided on a voluntary basis by a data subject to the controller will be stored for the purposes of processing or contacting the data subject. This personal data will not be passed on to third parties.
If you contact us by e-mail, telephone or fax, your enquiry, including all personal data resulting from it (name, enquiry), will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
The processing of this data is carried out on the basis of Art. 6 (1) (b) GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if this has been requested.
The data you send to us via contact requests will be stored by us until you ask us to delete it, revoke your consent to the storage or the purpose for which the data is stored no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
10.7 Social Media
Social media channels (also referred to as social networks) are platforms (websites or apps) through which registered users can provide content and exchange content with the general public or in groups to which only certain users have access, and can also network with other users. We use social media channels to present and optimise our business services, for advertising and marketing purposes and to maintain contact with our visitors, interested parties, applicants, partners and suppliers.
When you use our social media channel, personal data that you provide (e.g. title, gender, name, email addresses, contact details, etc.) and other personal data (e.g. data on user behaviour, IP address), i.e. collected, stored, evaluated, deleted, etc.
If you share media, e.g. publish photos, texts or videos, these are usually stored by the provider. The processing is carried out by the providers of the social media channel. The data is analysed by the provider for the purpose, among other things, to develop marketing and advertising strategies for the provider itself or for other companies and to draw conclusions about your interests, needs and purchasing behaviour. As a rule, cookies are stored on your mobile device for this purpose.
In this privacy policy, we therefore also provide you with information about cookies and the rights to which you are entitled; of course, the information and instructions (e.g. on the right to object) apply. We recommend that you also read the privacy policy or ‑carefully read the provider's statements. There you will also receive the necessary information about what data is processed, how long data is stored and what rights you have vis-à-vis the provider.
Only use the social media channel if you have read and understood the privacy policy.
We ourselves have no significant influence on the processing of the data by the respective provider. In particular, we do not know whether and how the data is processed, in particular whether data is passed on to affiliated or third-party companies, but must rely on the information provided by the provider. Nor can we ensure that the data is not processed in third countries outside the EU for which an adequate level of protection for your data is not or cannot be ensured. An examination or audit, possibly also on site, is usually rejected by the providers. Therefore, be aware of other possible risks when you make your data available to third parties or the public (the totality of all users of a social media channel). In many cases, you can no longer completely delete data if you want to do so – e.g. because another user has stored the data in such a way (e.g. on his or her local storage medium) that you cannot access it or because you have no knowledge of the user, the storage and the storage location.
Therefore, handle your data and that of other people (especially children) responsibly. If you yourself maintain a profile with a social media channel provider, the personal data generated by the use of our social media channel may also be linked to your profile by the provider. Depending on the social media channel or provider, the personal data may also be perceived by other users of the channel and, if necessary, also processed for their own purposes.
With some providers, you can decide for yourself in the settings provided which personal data can be seen by third parties. Find out how you can protect your personal data. We assume that you are aware that your personal data is always at risk when using the Internet. We therefore strongly recommend that you also pay attention to your personal data yourself. You should also only disclose personal data of third parties with their prior consent (e.g. in the case of images or texts).
10.7.1 Contract with the Provider for the protection of your personal data
In its judgment of 29.07.2019 (file number C40/17 – Fashion ID – published in the digital collection of the ECJ curia.europa.eu/juris/liste.jsf), the European Court of Justice ruled that in certain cases the operator of the social media platform is jointly responsible together with the website operator within the meaning of Art. 26 GDPR. If this is the case, we have concluded a corresponding agreement with the provider. We process the personal data in compliance with the agreement. If the provider makes the text of the contract publicly available, we have linked it for you below. You can then also check whether you accept data processing on the basis of the text of the contract. If you do not agree, please do not use the channel.
10.7.2 Legal basis for processing
If you have consented to the processing of your data, this consent is also the legal basis for data processing (Art. 6 para. 1 lit. a, Art. 4 No. 11, Art. 7 GDPR) when using the social media channel. In addition, your data will also be processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or others. We have designed our website and the integration of the social media channels in such a way that you are informed in good time (e.g. when you click a button) that data is being transmitted to the provider. As a matter of principle, we only use social media channels in such a way that your data is only transmitted to the provider once you have given your consent.
10.7.3 Possible data processing in third countries
We cannot rule out the possibility that personal data may also be processed in third countries, in particular the USA. Please also note our information on data processing in third countries (see above).
10.7.4 Channels Used
In the following compilation you will find more information about the channels we use:
Facebook (Provider: Meta Platforms Ireland Limited, Address: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, Website: https://www.facebook.com/, Privacy Policy: https://de-de.facebook.com/privacy/policy/)
Instagram (Provider: Meta Platforms Ireland Limited, Address: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, Website: https://www.instagram.com/, Privacy Policy: https://privacycenter.instagram.com/policy/?entry\_point=ig\_help\_center\_data\_policy\_redirect)
Xing (Provider: New Work SE, Address: Am Strandkai 1, 20457 Hamburg Germany, Website: https://privacy.xing.com/, Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung)
LinkedIn (Provider: LinkedIn Ireland Unlimited Company, Address: Wilton Place, Dublin 2, Ireland Ireland, Website: https://de.linkedin.com/, Privacy Policy: https://de.linkedin.com/legal/privacy-policy)
10.8 Application Procedure
We offer you the opportunity to apply online on our website. For your participation in the application process, the provision of personal data is necessary. This data may include, among other things, personal master data such as first name, last name, address, date of birth, contact details such as telephone number or e-mail address, as well as data relating to your school and/or professional career such as school and work references, data about training, internships or previous employers.
This data can come from an application form that you have to fill out online on the application platform or from the documents you provide, such as a cover letter, a CV, an application photo, certificates or other evidence. Data that is absolutely necessary for participation in the application process is marked accordingly as mandatory information. Unless a third-party provider is named in this privacy policy whose service we use to provide the online application function, the data will not be passed on to third parties.
We process the above data for the purpose of carrying out the application process. If you have given us your consent, the legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. a GDPR. Insofar as the processing of the above data is carried out for the purpose of initiating contractual relationships, the legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR, Art. 88 para. 1 in conjunction with § 26 para. 1 sentence 1 BDSG. The application process ends when you are informed by us or after a period of twelve months. After completion of the application process, we will delete your data within a further six months.
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected or as soon as the purpose has already been achieved. However, it will not be deleted if we are obliged to continue to store the data due to legal or official requirements. Deletion shall also be omitted if the further processing of your personal data is necessary for the assertion, exercise, defence or defence of legal claims. In this case, we have a legitimate interest in continuing to process your personal data. The legal basis in this case is Art. 6 para. 1 sentence 1 lit. f GDPR, as we have a legitimate interest in asserting or defending legal claims, etc.
In the event that an employment relationship, apprenticeship, internship or other employment relationship arises following the application process, the data will initially continue to be stored and transferred to the personnel file.
As part of the application process, you should only provide us with the personal data that is necessary for participation in the application process and its implementation. There is no legal or contractual obligation to provide data, unless an obligation to apply may arise for other reasons (e.g. official request, etc.). However, we would like to point out that without this data, we will not be able to carry out the application process and will not be able to consider your application. The same applies in the event of an objection to the processing of your data. If you are obliged to apply, we will inform the respective institution of the application, or the revocation of the processing, etc., if it is not possible for us to carry out the application procedure as a result.
We also offer you the option of having your application stored in an application pool. This gives you the opportunity for us to consider your application in the context of other future application procedures beyond the specific reason for application. The storage of your application in the application pool requires your consent, which we will ask for in individual cases. The legal basis for the processing (inclusion in the applicant pool) is Art. 6 para. 1 sentence 1 lit. a GDPR if consent is given. You can revoke the consent you have given us at any time with effect for the future (cf. Art. 7 para. 3 GDPR; see additional information in the "Consents" section).
10.9 User Account
If you create a user account (also referred to as a "customer account", "user account", "member account", "account", etc.) with us, we use the data you entered during registration, in particular login information (e.g. name, email address, password).
We use the data exclusively for
- the establishment, provision and use of the user account (registration) as well as for the provision of pre-contractual services, - for the fulfilment of any contract concluded with you - for the purpose of customer relationship management (CRM).
You can revoke the consent you have given us at any time with effect for the future (cf. Art. 7 para. 3 GDPR; see additional information in the "Consents" section).
The collected data will be deleted as soon as the processing is no longer necessary and there are no retention periods ordered by law or the authorities. The deletion does not take place if we have a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the further storage. This may be the case, for example, if we are in a dispute with you. Before further storage, we check whether we can pseudonymise or anonymise the data in order to protect your data even better.
You will receive further information as part of the registration process.
10.10 Web Analytics
Web analytics services allow us to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, dwell time, operating systems used and origin of the user. This data may be summarised in a profile that is assigned to the respective user or their device.
Technologies are used that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected about the use of this website is usually transmitted to a server of the provider and stored there.
The use of these analysis tools is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR; consent can be revoked at any time.
Data may be transferred to the USA; please refer to our information in the "Definitions" section on the keyword "Data transfer to third countries".
As far as possible, we have activated the IP anonymization function. This will shorten your IP address. Only in exceptional cases is the full IP address transmitted to a server of the provider in the USA and only shortened there. This information is used to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet use to the website operator.
This website uses functions of the following web analysis services.
Google AdWords (Provider: Google Ireland Limited, Address: Gordon House, Barrow Street Dublin 4. Ireland, Website: https://www.google.com/, Privacy Policy: https://policies.google.com/privacy?hl=de&utm\_source=ucb)
Google Analytics (Provider: Google LLC, Address: 1601 Amphitheatre Parkway Mountain View, CA 94043 USA, Website: https://www.google.com/, Privacy Policy: https://policies.google.com/privacy?gl=DE&hl=de)
Google Tag Manager (Provider: Google Ireland Limited, Address: Gordon House, Barrow Street Dublin 4. Ireland, Website: https://www.google.com/, Privacy Policy: https://policies.google.com/privacy?hl=de&utm\_source=ucb)
Further information can be found in this privacy policy under the keywords "Cookies", "Cookie Consent Manager", "Consent" as well as on the website of the respective provider, in particular in the information on data protection.
10.11 Online map services
To optimize our website, we use map services to display locations (e.g. company headquarters, branches, etc.), routes (e.g. directions), etc. For this purpose, map sections provided by a provider are displayed on our website. The manufacturer usually stores a cookie so that the presentation we want can also be technical. For more information about cookies, please see the "Definitions" section of this Privacy Policy.
The processing of personal data is carried out on the basis of the consent you have given (cf. Art. 6 para. 1 lit. a, 4 no. 11, 7 GDPR) that you have given us before the processing. Please also note our separate information in this data protection declaration on the subject of "Consent – granting, effect, revocation".
The processing of your personal data is carried out on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR). We have a legitimate interest in optimising processes technically and economically and constantly improving our company. In the necessary balancing of the interests of both sides, in particular the (fundamental) right to informational self-determination (cf. Federal Constitutional Court, Judgment of the First Senate of 15 December 1983, 1 BvR 209/83 et al.; Art. 8 para. 1 of the European Convention on Human Rights) on the one hand (user) and our interest in efficient and effective corporate management, etc., we have come to the conclusion that our interests prevail, especially because the encroachment on the user's legal sphere through the processing of the data is only short-term and with a low intensity. In addition, the user can also use alternative interactions or forms of interaction,
In this area, we work together with the provider Google LLC 1601 Amphitheatre Parkway Mountain View, CA 94043 (USA). We have concluded the contracts and agreements required under data protection law with the provider prior to processing. For further information, please refer to the website of the provider (https://www.google.com/), in particular the privacy policy (https://policies.google.com/privacy?gl=DE&hl=de).
We cannot rule out the possibility that the provider or an affiliated company will process your data. We also cannot rule out the possibility that the data processing takes place in a third country or that an adequate level of data protection is not observed. Therefore, please also note our information on data processing in third countries in this privacy policy.
11 Minors
Our Services are not directed to children under the age of 13. We do not knowingly collect information from children under the age of 13. If you have not yet reached the age limit, do not use the Services and do not provide us with your personal information. If you are a parent of a child under the age limit and you become aware that your child has provided us with personal data, please contact our data protection officer (see contact details above) or us directly without undue delay so that we can take the necessary steps, such as blocking or deleting the data.
12 Copyright to the Privacy Policy
The copyright in this privacy policy is held by
OCHSENFELD+COLL Attorneys at Law Bahnhofsallee 9, 31134 Hildesheim, Germany Phone +49 (0) 5121 10221–0 Fax +49 (0) 5121 10221–22
EMail service@ochsenfeld.comWebsite https://www.ochsenfeld.com
Duplication, editing, distribution and any kind of exploitation outside the limits of copyright law and a user contract require the written consent of Datenschutz Manufaktur. Anyone who violates copyright law, e.g. by using texts or parts of texts without written consent, is liable to prosecution and must expect a warning and claims for damages.
If you believe that this Privacy Policy is incorrect, in particular not complete, please contact us so that we can remedy it immediately.
We reserve the right to change this Privacy Policy with effect for the future without notice or notice.