Data protection Information
General information on data protection and confidentiality
As a psychologist and certified coach, I am bound by a duty of confidentiality regarding all facts entrusted to me in the course of my coaching, including family members, colleagues and other third parties. E-mail addresses, contact information, names and personal data will not be passed on without the express consent of the client (unless this is required by law). My work is based on the professional ethical guidelines of the Professional Association of German Psychologists (BDP) und der International Coaching Federation.
Please note that when data is transmitted over the Internet, especially when using unencrypted, but possibly also when using encrypted email providers, security gaps may arise, and your details may be viewed by third parties. Be careful when composing emails, and do not give out personal information such as names and addresses.
Introduction
With the following data protection declaration, we would like to explain to you which types of your personal data (hereinafter also referred to as “data”) we process, for what purposes and to what extent the provision of our services and, in particular, on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offer”).
The terms used are not gender-specific.
As of 2022, May 5th
Table of Content
- Introduction
- Responsible Person
- Overview of Data Processing
- Relevant Legal Bases
- Safety Measures
- Data Processing in Third Countries
- Deletion of Data
- Use of Cookies
- Commercial and Business Services
- Use of online platforms for offer and sales purposes
- Providers and services used in the course of the business
- Payment Procedure
- Provision of the Online Offer and Web Hosting
- Blogs and Publication Media
- Video conferencing, Online Meetings, Webinars and Screen Sharing
- Cloud Services
- Newsletters and Electronic Notifications
- Marketing Communication via Email, Mail, Fax or Telephone
- Web Analysis, Monitoring and Optimization
- Onlinemarketing
- Presence in social networks (social media)
- Plugins and embedded functions and content
- Planning, Organization and Support Tools
- Deletion of Data
- Change and Update of the Data Protection Declaration
- Rights of Data Subjects
- Definitions of Terms
Responsible Person
Andrea Seekatz – Cura Sui, Bürgermeister-Ruthus-Str. 8, 85609 Aschheim
E-Mail-Adresse:
Impressum: www.curasui.net/imprint
Overview of Data Processing
The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.
Types of data processed
- Inventory data (e.g., names, addresses).
- Content data (e.g. text input, photographs, videos).
- Contact details (e.g., email, phone numbers).
- Meta / communication data (e.g. device information, IP addresses).
- Usage data (e.g. websites visited, interest in content, access times).
- Location data (data indicating the location of an end user’s device).
- Contract data (e.g., subject of the contract, duration, customer category).
- Payment data (e.g. bank details, invoices, payment history).
Categories of data subjects
- Employees (e.g. employees, applicants, former employees).
- Business and contractual partners.
- Interested persons.
- Communication partner.
- Costumers.
- Users (e.g. website visitors, users of online services).
Purposes of processing
- Provision of our online offer and user-friendliness.
- Visit action evaluation.
- Office and organizational procedures.
- Cross-device tracking (cross-device processing of user data for marketing purposes).
- Direct marketing (e.g. by email or post).
- Feedback (e.g. collecting feedback via the online form).
- Interest-based and behavioral marketing.
- Contact requests and communication.
- Conversion measurement (measurement of the effectiveness of marketing measures).
- Profiling (creation of user profiles).
- Remarking.
- Range measurement (e.g. access statistics, recognition of returning visitors).
- Safety measures.
- Tracking (e.g. interest / behavioral profiling, use of cookies).
- Contractual services and services.
- Management and answering of inquiries.
- Target group formation (determination of target groups relevant for marketing purposes or other output of content).
Relevant Legal Bases
In the following we share the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process the personal data. Please note that in addition to the regulations of the GDPR, the national data protection requirements in your or our country of residence and domicile may apply. If more specific legal bases are relevant in individual cases, we will inform you of this in the data protection declaration.
- Consent (Art. 6 Para. 1 S. 1 lit. a GDPR) – The data subject has given their consent to the processing of their personal data for a specific purpose or for several specific purposes.
- Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures that take place at the request of the data subject.
- Legal obligation (Art. 6 Para. 1 S. 1 lit. c. GDPR) – The processing is necessary to fulfill a legal obligation to which the person responsible is subject.
- Protection of vital interests (Art. 6 Para. 1 S. 1 lit.d. GDPR) – The processing is necessary to protect the vital interests of the data subject or another natural person.
- Legitimate interests (Art. 6 Para. 1 S. 1 lit.f. GDPR) – Processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, outweigh this.
In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. This includes in particular the law on the protection against misuse of personal data in data processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.
Safety Measures
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.
The measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, ensuring availability, and their separation. Furthermore, we have set up procedures that ensure data subject rights, the deletion of data, and reactions to the threat to the data. Moreover, we consider protecting personal data already in the development or selection of hardware, software, and procedures according to data protection principles through technology design and data protection-friendly default settings.
Shortening the IP address: If it is possible for us or if it is not necessary to save the IP address, we will shorten or have your IP address shortened. In the case of shortening the IP address, also known as “IP masking”, the last octet, i.e., the last two digits of an IP address, is used in this context for an Internet connection by the online access provider (to Identifier). With the shortening of the IP address, the perception of a person’s IP address is prevented or made more difficult.
SSL encryption (https): We use SSL encryption to protect your data transmitted via our online offer. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.
Data Processing in Third Countries
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing in the context of the use of third-party services or the disclosure or transfer of data to other persons, offices or companies takes place, this is only done in accordance with the legal requirements.
Subject to express consent or contractually or legally required transfer, we only process or have the data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection_en).
Deletion of data
The data processed by us will be deleted in accordance with the legal requirements as soon as your consent to processing is revoked or other permissions are no longer applicable (e.g., if the purpose of processing this data no longer applies or it is not required for the purpose).
If the data is not deleted because it is required for other, legally permissible purposes, its processing will be limited to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary to assert, exercise, or defend legal claims or to protect the rights of another natural or legal person.
As part of our data protection information, we can provide users with further information on the deletion and storage of data that applies specifically to the respective processing.
Use of Cookies
Cookies are small text files or other memory notes that store information on end-devices and read data from the end devices. For example, to save the login status in a user account, the content of a shopping cart in an e-shop, the content accessed or the functions used in an online offer. Cookies can also be used for various purposes, e.g., for the purpose of functionality, security, and comfort of online offers, as well as the creation of analyzes of visitor flows.
Notes on consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users, except where not required by law. In particular, consent is not necessary if the storage and reading of the information, including cookies, is absolutely necessary in order to provide the users with a telemedia service (i.e., our online offer) that they have expressly requested. The revocable consent is clearly communicated to the users and contains the information on the respective cookie use.
Notes on legal bases under data protection law: The legal basis under data protection law on which we process users’ personal data with the help of cookies depends on whether we ask users for their consent. If the users consent, the legal basis for processing your data is the declared consent. Otherwise, the data processed with the help of cookies will be processed on the basis of our legitimate interests (e.g., in the commercial operation of our online offer and improving its usability) or, if this is done in the context of fulfilling our contractual obligations if the use of cookies is necessary to enable our to fulfill contractual obligations. We will explain the purposes for which we process cookies during this data protection declaration or as part of our consent and processing processes.
Storage period: Concerning the storage period, the following types of cookies are distinguished:
- Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his end device (e.g., browser or mobile application).
- Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved, or preferred content can be displayed directly when the user revisits a website. Likewise, the user data collected with the help of cookies can be used to measure reach. Unless we provide users with explicit information on the type and storage period of cookies (e.g., when obtaining consent), users should assume that cookies are permanent and the storage period can be up to two years.
General information on revocation and objection (opt-out): Users can revoke the consent they have given at any time and also object to the processing in accordance with the legal requirements in Art. 21 DSGVO (further information on the objection is provided in this data protection declaration). Users can also declare their objections using the settings in their browser.
Further information on processing processes, procedures, and services:
- Processing of cookie data based on consent: We use a cookie consent management procedure, in the context of which the user consents to the use of cookies or the processing mentioned in the context of the cookie consent management procedure, and providers can be obtained and managed and revoked by the users. The declaration of consent is stored here so that the query does not have to be repeated and to be able to prove the consent in accordance with the legal obligation. The storage can take place on the server-side and/or in a cookie (so-called opt-in cookie, or with the help of comparable technologies) in order to be able to assign the consent to a user or his device. Subject to individual information about the providers of cookie management services, the following information applies: The duration of the storage of the consent can be up to two years. A pseudonymous user identifier is created and stored with the time of the consent, information on the scope of the consent (e.g., which categories of cookies and/or service providers), and the browser, system, and end device used.
- BorlabsCookie: cookie consent management; Service Provider: Borlabs; Website: https://de.borlabs.io/borlabs-cookie/; Further information: An individual user ID, language, and types of consent and the time of their submission are stored on the server and in the cookie on the user’s device.
Commercial and Business Services
We process data from our contractual and business partners, e.g., Customers and interested parties (collectively referred to as “contractual partners”) in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with the contractual partners (or pre-contractual), e.g., to answer inquiries.
We process this data to fulfill our contractual obligations, to secure our rights, and for the purposes of the administrative tasks associated with this information as well as the business organization. We only pass on the data of the contractual partners to third parties within the framework of applicable law to the extent that this is necessary for the purposes mentioned above or to fulfill legal obligations or with the consent of the persons concerned (e.g., to telecommunications, transport and other auxiliary services involved as well Subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Via other forms of processing, e.g., the contractual partners will be informed within the scope of this data protection declaration for marketing purposes.
We inform the contractual partners before or as part of the data collection which data is required for the purposes mentioned above, e.g., in online forms, by unique identification (e.g., colors) or symbols (e.g., asterisk or similar), or personally.
We delete the data after the expiry of statutory warranty and comparable obligations, i.e., basically, after four years, unless the data is stored in a customer account, e.g., as long as it has to be kept for archiving reasons for legal reasons (e.g., for tax purposes usually 10 years). We delete data disclosed to us by the contractual partner in the context of an order in accordance with the specifications of the order, generally after the end of the order.
Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between users and providers.
Coaching
We process the data of our clients as well as interested parties and other clients or contractual partners (uniformly referred to as “clients”) in order to be able to provide them with our services. The processed data, the type, scope, purpose and necessity of their processing are determined according to the underlying contractual and client relationship.
As part of our activities, we can also collect special categories of data, in particular information about the health of clients, possibly related to their sex life or sexual orientation, as well as data from which racial and ethnic origin, political opinions, religious or ideological beliefs or trade union membership. To this end, we obtain the client’s express consent, if necessary, and otherwise process the special categories of data if this serves the client’s health, the data is public or other legal permissions exist.
If it is necessary for the fulfillment of our contract, to protect vital interests or by law, or if the client has given their consent, we disclose or transmit the client’s data to third parties or agents, such as authorities, accounting offices and in the field of IT, office or similar services.
Online courses and online training
We process the data of the participants in our online courses and online training courses (uniformly referred to as “participants”) in order to be able to provide them with our course and training services. The data processed here, the type, scope, purpose, and necessity of their processing is determined by the underlying contractual relationship. The data includes information on the courses and services used and, if part of our range of services, personal specifications, and participants’ results. The forms of processing also include the performance rating and the evaluation of our services as well as those of the course and training leader.
- Types of data processed: Inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); Contact information (e.g., email, phone numbers); Contract data (e.g., subject of the contract, term, customer category).
- Special categories of personal data: health data (Art. 9 Para. 1 GDPR); Data on sex life or sexual orientation (Art. 9 Para. 1 GDPR); Religious or ideological beliefs (Art. 9 Para. 1 GDPR); Data showing racial and ethnic origin.
- Affected persons: Interested parties; business and contractual partners.
- Purposes of processing: Provision of contractual services and customer service; contact requests and communication; office and organizational procedures; Management and response to inquiries.
- Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR); Legal obligation (Art. 6 Para. 1 S. 1 lit. c. GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Use of online platforms for offer and sales purposes
We offer our services on online platforms operated by other service providers. In this context, the data protection notices of the respective platforms apply in addition to our data protection notices. This applies in particular with regard to the execution of the payment process and the methods used on the platforms for measuring reach and for interest-based marketing.
- Types of data processed: Inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); Contact information (e.g., email, phone numbers); Contract data (e.g., subject of the contract, term, customer category); Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
- Data Subjects:
- Purposes of processing: Provision of contractual services and customer service.
- Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
- Further information on processing processes, procedures, and services:
- Coachy: Online platform for the provision and distribution of online courses and training; Website: https://www.coachy.net/de/; Data protection declaration: https://www.coachy.net/de/datenschutz/.
Further information on processing processes, procedures, and services:
- Coachy: Online platform for the provision and distribution of online courses and training; Website: https://www.coachy.net/de/; Data protection declaration: https://www.coachy.net/de/datenschutz/.
- Cleveremo: Coaching platform; Website: https://clevermemo.com/; Data protection declaration: https://clevermemo.com/datenschutz.html
Providers and services used in the course of the business
As part of our business activities, we use other services, platforms, interfaces, or plugins from third parties (“services” for short) that can process user data, considering the legal requirements. In this context, the data protection notices of the respective services apply in addition to our data protection notices.
Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services) to provide our business services or if they are not required for the performance of the contract.
- Types of data processed: Inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); Contact information (e.g., email, phone numbers); Content data (e.g., entries in online forms); Contract data (e.g., subject of the contract, term, customer category).
- Affected persons: customers; Interested persons; Users (e.g., website visitors, users of online services); business and contractual partners.
- Purposes of processing: Provision of contractual services and customer service; office and organizational procedures.
- Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR); Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Further information on processing processes, procedures, and services:
- Coachy: Online platform for the provision and distribution of online courses and training; Website: https://www.coachy.net/de/; Data protection declaration: https://www.coachy.net/de/datenschutz/.
- Cleveremo: Coaching platform; Website: https://clevermemo.com/; Data protection declaration: https://clevermemo.com/datenschutz.html
Payment procedure
As part of contractual and other legal relationships, due to legal obligations or otherwise based on our legitimate interests, we offer the data subjects efficient and secure payment options and use other service providers in addition to banks and credit institutions (collectively “payment service providers”).
The data processed by the payment service provider includes inventory data such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs, checksums, and contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered will only be processed and stored by the payment service providers. This means that we do not receive any account or credit card-related information, only information with confirmation or negative information about the payment. Under certain circumstances, the payment service provider may transmit the data to credit agencies. The purpose of this transmission is to check identity and creditworthiness. For this, we refer to the terms and conditions and the data protection information of the payment service provider.
The terms and conditions and data protection notices of the respective payment service providers apply to the payment transactions, which can be accessed within the respective websites or transaction applications. We also refer to this for further information and the assertion of revocation, information, and other data subject rights.
- Types of data processed: Inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); Contract data (e.g., subject of the contract, term, customer category); Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
- Affected persons: customers; Interested persons.
- Purposes of processing: Provision of contractual services and customer service.
- Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
- Further information on processing processes, procedures and services:
- PayPal: Payment services (technical connection of online payment methods) (e.g. PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Website: https://www.paypal.com/us; Privacy Policy: https://www.paypal.com/myaccount/privacy/privacyhub.
Provision of the Online Offer and Web Hosting
In order to be able to provide our online offer safely and efficiently, we use the services of one or more web-hosting providers, from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we can use infrastructure and platform services, computing capacity, storage space, and database services as well as security services and technical maintenance services.
The data processed as part of the hosting offer provision can include all information relating to the users of our online offer that is generated in the context of use and communication. This regularly includes the IP address necessary to deliver the content of online offers to browsers and all entries made within our online offer or from websites.
- Types of data processed: content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
- Affected persons: users (e.g., website visitors, users of online services).
- Purposes of processing: Provision of our online offer and user-friendliness; Provision of contractual services and customer service.
- Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Further information on processing processes, procedures, and services:
- E-mail dispatch and hosting: The web hosting services we use also include the dispatch, receipt, and storage of e-mails. For these purposes, the addresses of the recipients and senders, as well as other information regarding the e-mail dispatch (e.g., the providers involved) and the content of the respective e-mails are processed. The aforementioned data can also be processed for SPAM detection purposes. We ask you to note that e-mails are generally not sent in encrypted form on the Internet. As a rule, e-mails are encrypted during transport but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. Therefore, we cannot accept any responsibility for the transmission path of the e-mails between the sender and receipt on our server.
- Collection of access data and log files: We ourselves (or our web hosting provider) collect data for every access to the server (so-called server log files). The address and name of the retrieved websites and files, date and time of retrieval, amounts of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), and, as a rule, IP Addresses and the requesting provider belong. On the one hand, the server log files can be used for security purposes, e.g., to avoid overloading the server (especially in the case of abusive attacks, so-called DDoS attacks) and, on the other hand, to reduce the load on the server and ensure their stability; Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or made anonymous. Data whose further storage is required for evidence purposes are excluded from deletion until the respective incident has been finally clarified.
- Content Delivery Network: We use a “Content Delivery Network” (CDN). A CDN is a service with the help of which the content of an online offer, in particular large media files such as graphics or program scripts, can be delivered faster and more securely with the help of regionally distributed servers connected via the Internet.
- IONOS by 1&1: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacity); Service provider: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; Website: https://www.ionos.de; Privacy Policy: https://www.ionos.de/terms-gtc/terms-privacy; Order processing contract: https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/?utm_source=search&utm_medium=global&utm_term=Auft&utm_campaign=HELP_CENTER&utm_content=/hilfe/.
Blogs and publication media
We use blogs or comparable means of online communication and publication (hereinafter “publication medium”). The data of the readers are processed for the purposes of the publication medium only insofar as it is necessary for its presentation and the communication between authors and readers or for reasons of security. In addition, we refer to the information on the processing of visitors to our publication medium in the context of this data protection notice.
- Types of data processed: Inventory data (e.g., names, addresses); Contact information (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
- Affected persons: users (e.g., website visitors, users of online services).
- Purposes of processing: provision of contractual services and customer service; Feedback (e.g., collecting feedback via online form); Safety measures; Management and response to inquiries.
- Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Further information on processing processes, procedures and services:
- Comments and Posts: When users leave comments or other posts, their IP addresses may be stored based on our legitimate interests. This is for our security if someone leaves illegal content in comments and posts (insults, forbidden political propaganda, etc.). In this case, we can be prosecuted for the comment or contribution and are therefore interested in the identity of the author. Furthermore, we reserve the right to process the information provided by the user for the purpose of spam detection on the basis of our legitimate interests. We reserve our right on the same legal basis In the case of surveys, we reserve the right to store the IP addresses of the users for the duration of the surveys and to use cookies in order to avoid multiple votes stored permanently by us until the user objects.
Video conferencing, Online Meetings, Webinars and Screen Sharing
We use platforms and applications from other providers (from now on referred to as “conference platforms”) to conduct video and audio conferences, webinars, and other types of video and audio meetings (from now on collectively referred to as “conference”). We observe the legal requirements when selecting the conference platforms and their services.
Data processed by conference platforms: As part of participation in a conference, the conference platforms process the personal data of the participants listed below. The scope of the processing depends on which data is required in the context of a specific conference (e.g., providing access data or real names) and which optional information is provided by the participants. In addition to the processing for the implementation of the conference, the data of the participants can also be processed by the conference platforms for security purposes or service optimization. The processed data includes personal data (first name, last name), contact information (e-mail address, telephone number), access data (access codes or passwords), profile pictures, information on professional position/function, the IP address of Internet access, information on the end devices of the participants, their operating system, the browser, and its technical and language settings, information on the content of the communication processes, i.e., inputs in chats as well as audio and video data, as well as the use of other available functions (e.g., surveys). Contents of the communications are encrypted to the extent technically provided by the conference provider. If the participants are registered as users on the conference platforms, further data can be processed in accordance with the agreement with the respective conference provider.
Logging and recordings: If text entries, participation results (e.g., from surveys), as well as video or audio recordings are logged, this will be transparently communicated to the participants in advance, and – if necessary – they will be asked for their consent.
Data protection measures of the participants: Please note the details of the processing of your data by the conference platforms in their data protection notices and select the best security and data protection settings for you in the context of the settings of the conference platforms. Please also ensure data and privacy protection in the background of your recording for the duration of a video conference (e.g., by informing roommates, locking doors, and using, as far as technically possible, the function to make the background unrecognizable). Links to the conference rooms and access data must not be passed on to unauthorized third parties.
Notes on the legal bases: If, in addition to the conference platforms, we also process the data of the users and ask the users for their consent to the use of the conference platforms or certain functions (e.g., consent to a recording of conferences), the legal basis for the processing is this consent. Furthermore, our processing may be necessary to fulfill our contractual obligations (e.g., in lists of participants, in the case of processing the results of discussions, etc.). Otherwise, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners.
- Types of data processed: Inventory data (e.g. names, addresses); Contact information (e.g. email, phone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
- Affected persons: communication partners; Users (e.g., website visitors, users of online services).
- Purposes of processing: Provision of contractual services and customer service; contact requests and communication; office and organizational procedures.
- Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR); Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Further information on processing processes, procedures, and services:
- Zoom: Video conferences, web conferences, and webinars; Service Provider: Zoom Video Communications, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA; Website: https://zoom.us; Privacy Policy: https://zoom.us/docs/de-de/privacy-and-legal.html; Order processing agreement: https://zoom.us/docs/de-de/privacy-and-legal.html (referred to as Global DPA); Standard contractual clauses (ensuring the level of data protection when processing in third countries): https://zoom.us/docs/de-de/privacy-and-legal.html (Referred to as Global DPA).
Cloud Services
We use software services accessible via the Internet and running on the servers of their providers (so-called “cloud services”, also referred to as “software as a service”) for the following purposes: document storage and management, calendar management, email sending, spreadsheets, and presentations, exchanging documents, content, and information with designated recipients or posting web pages, forms or other content and information, as well as chatting and participating in audio and video conferences.
In this context, personal data can be processed and stored on the providers’ servers insofar as these are part of communication processes with us or are otherwise processed by us, as set out in this data protection declaration. This data can include, in particular, master data and contact details of users, data on transactions, contracts, other processes, and their content. The providers of the cloud services also process usage data and metadata, which they use for security purposes and to optimize the service.
If we use cloud services to provide forms or other documents and content for other users or publicly accessible websites, in that case, the providers can store cookies on the users’ devices for web analysis purposes or, to remember user settings (e.g., in the case of media control).
Notes on legal bases: If we ask for consent to use the cloud services, the legal basis for processing is consent. Furthermore, their use can be part of our (pre)contractual services, provided that the use of cloud services has been agreed upon in this context. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient and secure administration and collaboration processes).
- Types of data processed: Inventory data (e.g. names, addresses); Contact information (e.g. email, phone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
- Affected persons: customers; Employees (e.g. employees, applicants, former employees); Interested persons; communication partner.
- Purposes of processing: office and organizational procedures.
- Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR); Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Further information on processing processes, procedures, and services:
- Dropbox: Cloud provider; Service Provider: Dropbox International Unlimited Company, located at One Park Place, Floor 5, Upper Hatch Street, Dublin 2, Ireland; Website: https://www.dropbox.com/; Privacy Policy: https://www.dropbox.com/terms.
Newsletters and Electronic Notifications
We only send newsletters, emails, and other electronic notifications (from now on, “newsletters”) with the recipient’s consent or legal permission. If the content of the newsletter is specifically described when registering for it, it is decisive for the user’s consent. Our newsletter also contains information about our services and us.
In order to register for our newsletters, it is generally sufficient if you enter your email address. However, we may ask you to provide a name so that we can address you personally in the newsletter or other information if this is necessary for the purposes of the newsletter.
Double opt-in procedure: Registration for our newsletter occurs in a so-called double opt-in procedure. This means that after registration, you will receive an email in which you will be asked to confirm your registration. This confirmation is necessary so that nobody can register with someone else’s email address. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the shipping service provider are also logged.
Deletion and restriction of processing: We can store the unsubscribed email addresses for up to three years on the basis of our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the previous existence of a consent is confirmed at the same time. In the case of obligations to permanently observe contradictions, we reserve the right to store the email address in a blacklist (so-called “blocklist”) solely for this purpose.
The registration process is logged on the basis of our legitimate interests for the purpose of proving that it was carried out correctly. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure delivery system.
Notes on the legal basis: The newsletter is sent based on the consent of the recipient or, if consent is not required, on the basis of our legitimate interests in direct marketing, if and to the extent that this is permitted by law, e.g., in the case of advertising for existing customers. If we commission a service provider to send emails, this is done based on our legitimate interests in efficient and secure delivery. The registration process is recorded on the basis of our legitimate interests to demonstrate that it has been carried out in accordance with the law.
Content:
Information about us, our services, promotions, and offers.
- Types of data processed: Inventory data (e.g., names, addresses); Contact information (e.g., email, phone numbers); Meta/communication data (e.g., device information, IP addresses); Usage data (e.g., websites visited, interest in content, access times).
- Affected persons: communication partners; Users (e.g., website visitors, users of online services).
- Purposes of processing: direct marketing (e.g., by email or post); Provision of contractual services and customer service; Reach measurement (e.g., access statistics, recognition of returning visitors); Conversion measurement (measurement of the effectiveness of marketing measures); Profiles with user-related information (creating user profiles).
- Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
- Possibility of objection (opt-out): You can cancel the receipt of our newsletter at any time, i.e., revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter, or you can use one of the contact options given above, preferably email.
Further information on processing processes, procedures, and services:
- Measurement of opening and click rates: The newsletters contain a so-called “web beacon”, i.e., a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a shipping service provider, from their server of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, is initially collected. This information is used to technically improve our newsletter based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. This information is assigned to the individual newsletter recipients and in their Profiles, stored until they are deleted. The evaluations serve us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. The measurement of the opening rates and the click rates, as well as the storage of the measurement results in the profiles of the users, and their further processing are based on a User Consent. Unfortunately, a separate revocation of the performance measurement is not possible. In this case, the entire newsletter subscription must be canceled or objected to. In this case, the stored profile information will be deleted.
- Google Analytics: Measurement of the success of email campaigns and creation of user-profiles with a storage period of up to two years; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms; Standard contractual clauses (ensuring the level of data protection when processing in third countries): https://business.safety.google/adsprocessorterms; Objection option (opt-out): opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertisements: https://adssettings.google.com/authenticated; More information: https://privacy.google.com/businesses/adsservices (types of processing and the data processed).
- Prerequisite for free services: Consent to the sending of mailings can be made dependent on free services (e.g., access to certain content or participation in specific campaigns). If users would like to take advantage of the free service without registering for the newsletter, we ask that you contact us.
- Klick-Tipp: email marketing provider; Service Provider: KLICK-TIPP Ltd., 15 Cambridge Court, 210 Shepherd’s Bush Road, London W6 7NJ, GB; Website: https://www.klick-tipp.com; Data protection declaration: https://www.klick-tipp.com/datenschutzerkl%C3%A4rung
Promotional communication via email, post or telephone
We process personal data for the purposes of advertising communication, which can take place via various channels, such as email, telephone, or post, in accordance with legal requirements.
The recipients have the right to revoke their consent at any time or to object to advertising communication at any time.
After revocation or objection, we store the data required to prove the previous authorization for contacting or sending up to three years after the end of the year of the revocation or objection on the basis of our legitimate interests. The processing of this data is limited to the purpose of a possible defense against claims. On the basis of the legitimate interest in permanently observing the revocation or objection of the user, we also store the data required to avoid being contacted again (e.g., depending on the communication channel, the email address, telephone number, name).
- Types of data processed: Inventory data (e.g., names, addresses); Contact information (e.g., email, telephone numbers).
- Affected persons: communication partners.
- Purposes of processing: direct marketing (e.g., by email or post).
- Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Web Analysis, Monitoring and Optimization
The web analysis (also known as “range measurement”) is used to evaluate visitors’ flow to our online offer. It can measure behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of the range analysis, we can e.g., recognize at which time our online offer or its functions or content are used most often or invite to reuse. We can also understand which areas need optimization.
In addition to web analysis, we can also use test procedures to e.g., to test and optimize different versions of our online offer or its components.
Unless otherwise stated below, profiles, i.e., data summarized for a usage process, can be created for these purposes, and information can be stored in a browser or in a terminal device and read out from it. The data collected includes, in particular, websites visited and elements used there, technical information such as the browser used, the computer system used, and information on usage times. If users have given their consent to us or the providers of the services we use to collect their location data, location data can also be processed.
The IP addresses of the users are also saved. However, we use an IP masking process (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear user data (e.g., e-mail addresses or names) are stored in web analysis, A/B testing, and optimization, but pseudonyms. This means that the providers of the software used and we do not know the actual identity of the users, but only the information stored in their profiles for the respective process.
Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we would like to draw your attention to the information on the use of cookies in this data protection declaration.
- Types of data processed: usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
- Affected persons: users (e.g., website visitors, users of online services).
- Purposes of processing: range measurement (e.g., access statistics, recognition of returning visitors); Profiles with user-related information (creating user profiles).
- Security measures: IP masking (pseudonymization of the IP address).
- Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Further information on processing processes, procedures, and services:
Google Analytics: Web analysis, range measurement, and measurement of user flows; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms; Standard contractual clauses (ensuring the level of data protection when processing in third countries): https://business.safety.google/adsprocessorterms; Objection option (opt-out): opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertisements: https://adssettings.google.com/authenticated; More information: https://privacy.google.com/businesses/adsservices (types of processing and the data processed).
Onlinemarketing
We process personal data for online marketing purposes, including the marketing of advertising space or the presentation of advertising and other content (collectively referred to as “content”) based on the potential interests of users and the measurement of their effectiveness.
For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”), or similar processes are used in order to save user information relevant to the presentation of the content mentioned above. This information can be, e.g., content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used, and information on usage times. If users have consented to their location data being collected, this can also be processed.
The IP addresses of the users are also saved. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. In general, no explicit user data (such as e-mail addresses or names) are stored in the online marketing process, but pseudonyms. This means that we and the providers of online marketing processes do not know the users’ actual identity, but only the information stored in their profiles.
The information in the profiles is usually stored in cookies or through similar processes. These cookies can later generally be read out on other websites that use the same online marketing process, analyzed to display content, and supplemented with additional data and stored on the online marketing process provider’s server.
As an exception, clear data can be assigned to the profiles. This is the case when the users e.g., are members of a social network whose online marketing process we use, and the network connects the user’s profiles with the information mentioned above. We ask you to note that users may make additional agreements with the providers, e.g., through consent during registration.
In principle, we only get access to summarized information about the success of our advertisements. However, as part of so-called conversion measurements, we can check which of our online marketing processes have led to a so-called conversion, i.e., to conclude a contract with us. The conversion measurement is used solely to analyze the success of our marketing measures.
Unless otherwise stated, we ask you to assume that the cookies used will be stored for a period of two years.
Notes on legal bases: If we ask the users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we would like to draw your attention to the information on the use of cookies in this data protection declaration.
- Types of data processed: Event data (Facebook) (“Event data” is data that can be transmitted from us to Facebook, e.g., via Facebook pixels (via apps or by other means), and relates to people or their actions. The data includes, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc. The event data is processed to form target groups for content and advertising information (custom audiences). ; Event data does not contain the actual content (such as comments written), no login information, and no contact information (i.e., no names, email addresses and telephone numbers). Event data will be deleted by Facebook after a maximum of two years, the target groups formed from them with the deletion of our Facebook account); Usage data (e.g., websites visited, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
- Affected persons: users (e.g., website visitors, users of online services).
- Purposes of processing: remarketing; Conversion measurement (measurement of the effectiveness of marketing measures); target group formation; Target group formation (determination of target groups relevant for marketing purposes or other output of content); Marketing; Profiles with user-related information (creating user profiles).
- Security measures: IP masking (pseudonymization of the IP address).
- Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
- Possibility of objection (opt-out): We refer to the data protection notices of the respective providers and the possibilities of objection specified for the providers (so-called “opt-out”). If no explicit opt-out option has been specified, you can turn off cookies in your browser settings. However, this can limit the functions of our online offer. We therefore also recommend the following opt-out options, which are offered in summary for the respective areas: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-Territory: https://optout.aboutads.info.
Further information on processing processes, procedures, and services:
- Facebook pixel and target group formation (custom audiences): With the help of the Facebook pixel (or comparable functions, for the transmission of event data or contact information via interfaces in apps), it is possible for Facebook to use the visitors of our online offer as a target group for the To determine the display of advertisements (so-called “Facebook Ads”). Accordingly, we use the Facebook pixel so that the Facebook ads we have placed are only available to users on Facebook and within the services of the partners cooperating with Facebook (so-called “Audience Network” https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offer or who have certain characteristics (e.g., interest in certain topics or products that can be seen from the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). We also want to use the Facebook pixel to ensure that our Facebook ads are relevant to users’ potential interests and are not annoying. The Facebook pixel also allows us to understand the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “Conversion Measurement”); Service Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Standard contractual clauses (guaranteeing the level of data protection when processing in third countries): The “Facebook EU Data Transfer Addendum” (https://www.facebook.com/legal/EU_data_transfer_addendum) applies in the case of order processing by Facebook as the basis for processing event data from EU citizens in the USA and inclusion in the “Facebook Platform Terms of Use” (https://developers.facebook.com/terms) with regard to the independent processing of event data by Facebook in the context of ad placement; More information: The “Data Processing Terms” (https://www.facebook.com/legal/terms/dataprocessing/update) apply with regard to event data that Facebook processes on behalf of companies to provide reports and analysis; Furthermore, the “Supplement for those responsible” applies as an agreement on joint responsibility (Art. 26 Para. 1 S. 3 DSGVO), which applies in the case of the independent processing of event data by Facebook for the purposes of targeting as well as improving and securing the Facebook products , is relevant.
- Google Ad Manager: We use the “Google Marketing Platform” (and services such as “Google Ad Manager”) to place ads on the Google advertising network (e.g., in search results, in videos, on websites, etc.). The Google Marketing Platform is characterized by the fact that ads are displayed in real-time based on users’ presumed interests. This allows us to display ads for and within our online offering in a more targeted manner in order to only present users with ads that potentially match their interests. If, for example, a user is shown ads for products that he was interested in on other online offers, this is referred to as “remarketing”; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; More information: Types of processing and the data processed: https://privacy.google.com/businesses/adsservices; Data processing terms for Google advertising products: Information on the services Data processing terms between controllers and standard contractual clauses for third-country transfers of data: https://business.safety.google/adscontrollerterms; if Google acts as a processor, data processing conditions for Google advertising products and standard contractual clauses for third-country transfers of data: https: //business.safety.google/adsprocessorterms.
- LinkedIn: Insights Tag / conversion measurement; Service Provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy, Cookie Policy: https://www.linkedin.com/legal/cookie_policy; Standard contractual clauses (ensuring the level of data protection when processing in third countries): https://legal.linkedin.com/dpa; Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Presence in social networks (social media)
We maintain online presences within social networks and process user data in this context to communicate with the active users or offer information about us.
We would like to point out that user data can be processed outside the European Union. This can result in risks for users, for example, because it could make it more difficult to enforce user rights.
Furthermore, user data is usually processed within social networks for market research and advertising purposes. For example, user profiles can be created on the basis of user behavior and the resulting interests of users. The user profiles can, in turn, be used, for example, to place advertisements inside and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the user behavior and the interests of the users are stored. Furthermore, data can also be stored in the usage profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
For a detailed description of the respective forms of processing and the possibility of objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.
Also, in the case of requests for information and the assertion of data subject rights, we would like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us.
- Types of data processed: contact details (e.g. e-mail, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
- Affected persons: users (e.g., website visitors, users of online services).
- Purposes of processing: contact requests and communication; Feedback (e.g., collecting feedback via online form); Marketing.
- Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Further information on processing processes, procedures, and services:
- Facebook pages: Profiles within the Facebook social network – we are jointly responsible with Meta Platforms Ireland Limited for the collection (but no further processing) of data from visitors to our Facebook page (so-called “fan page”). This data includes information about the types of content users view or interact with or the actions they take (see “Things Done and Provided by You and Others” in the Facebook Data Policy: https:// www.facebook.com/policy), as well as information about the devices used by the users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under “Device information” in the Facebook data policy: https: //www.facebook.com/policy). As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses the information to provide analytics services called “Page Insights” to site operators so that they can gain insights into how people are using their Pages and interact with the content associated with them. We have concluded a special agreement with Facebook (“Information on Page Insights”, https://www.facebook.com/legal/terms/page_controller_addendum), which regulates, in particular, which security measures Facebook must observe and in which Facebook itself has declared its willingness to fulfill the rights of the data subject (i.e., users can, for example, send information or requests for deletion directly to Facebook). The rights of users (in particular to information, deletion, objection, and complaints with a responsible supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Information on page insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data); Service Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Standard contractual clauses (ensuring the level of data protection when processing in third countries): https://www.facebook.com/legal/EU_data_transfer_addendum; More information: Joint Controllership Agreement: https://www.facebook.com/legal/terms/information_about_page_insights_data.
- LinkedIn: Social network; Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Order processing contract: https://legal.linkedin.com/dpa; Standard contractual clauses (ensuring the level of data protection when processing in third countries): https://legal.linkedin.com/dpa; Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- Xing: Social network; Service provider: XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany; Website: https://www.xing.de; Data protection declaration: https://privacy.xing.com/de/datenschutzerklaerung.
Plugins and embedded functions and content
We integrate functional and content elements into our online offer obtained from their respective providers’ servers (hereinafter referred to as “third-party providers”). These can be, for example, graphics, videos, or city maps (hereinafter referred to as “content” ).
The integration always requires that the third-party providers of this content process the IP address of the user, since without the IP address, they could not send the content to their browser. The IP address is therefore required for the display of this content or functions. We endeavor only to use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and contain, among other things, technical information about the browser and the operating system, websites to be referred to, the time of the visit and other information on the use of our online offer and can also be linked to such information from other sources.
Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient, economical and recipient-friendly services). In this context, we would like to draw your attention to the information on the use of cookies in this data protection declaration.
- Types of data processed: usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses); Inventory data (e.g. names, addresses); Contact information (e.g. email, phone numbers); Content data (e.g. entries in online forms).
- Affected persons: users (e.g. website visitors, users of online services).
- Purposes of processing: Provision of our online offer and user-friendliness.
- Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR); Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Further information on processing processes, procedures, and services:
YouTube Videos: video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Objection option (opt-out): opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertisements: https://adssettings.google.com/authenticated.
Management, organization, and support tools
We use services, platforms, and software from other providers (hereinafter referred to as “third-party providers”) for the purposes of organization, administration, planning, and the provision of our services. When selecting third-party providers and their services, we observe the legal requirements.
In this context, personal data can be processed and stored on the servers of third-party providers. Various data may be affected by this, which we process in accordance with this data protection declaration. This data can include, in particular, master data and contact details of users, data on transactions, contracts, other processes, and their content.
If users are referred to the third-party providers or their software or platforms as part of communication, business, or other relationships with us, the third-party providers can process user data and metadata for security purposes, service optimization, or marketing purposes. We, therefore, ask you to observe the data protection notices of the respective third-party providers.
Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Furthermore, their use can be part of our (pre)contractual services, provided that the use of third-party providers has been agreed upon in this context. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.
- Types of data processed: Inventory data (e.g. names, addresses); Contact information (e.g. email, phone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
- Affected persons: communication partners; Users (e.g., website visitors, users of online services).
- Purposes of processing: contact requests and communication; office and organizational procedures.
- Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR); Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Further information on processing processes, procedures and services:
- Cleveremo: Coaching platform; Website: https://clevermemo.com/; Data protection declaration: https://clevermemo.com/datenschutz.html
- Calendly: Online scheduling and appointment management; Service Provider: Calendly LLC., 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA; Website: https://calendly.com/de; Privacy Policy: https://calendly.com/pages/privacy; Order processing contract: https://calendly.com/dpa; Standard contractual clauses (ensuring the level of data protection when processing in third countries): https://calendly.com/dpa.
Change and Update of the Data Protection Declaration
We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.
If we provide addresses and contact information of companies and organizations in this data protection declaration, please note that the contact information can change over time and ask you to check the information before contacting us.
Rights of Data Subjects
As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:
- Right of objection: You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 Paragraph 1 lit. e or f GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
- Right of withdrawal for consent: You have the right to withdraw your consent at any time.
- Right to information: You have the right to request confirmation as to whether the data in question is being processed, and to request information about this data as well as further information and a copy of the data in accordance with legal requirements.
- Right to rectification: In accordance with legal requirements, you have the right to request the completion of the data concerning you or the correction of incorrect data concerning you.
- Right to erasure and restriction of processing: You have the right, in accordance with the legal requirements, to request that the data concerning you be deleted immediately, or alternatively to request a restriction of the processing of the data in accordance with the legal requirements.
- Right to data portability: You have the right to receive the data that you have provided to us in accordance with the legal requirements in a structured, common, and machine-readable format or to request that it be transmitted to another person responsible.
- Complaint to a supervisory authority: In accordance with the legal requirements and without prejudice to any other administrative or judicial remedy, you also have the right to complain to a data protection supervisory authority, in particular a supervisory authority in the member state in which you usually reside, the supervisory authority of your workplace or the place of the alleged infringement to complain if you consider that the processing of your personal data infringes the GDPR.
Congratulation – you’ve made it this far ?
Created with free Datenschutz-Generator.de by Dr. Thomas Schwenke
[/vc_column_text][/vc_column][/vc_row]