This Privacy Policy explains the type, scope and purpose of the processing of personal data (hereinafter referred to as “data” for short) within our online offering and the associated websites, features and content, as well as external online presences, such as our social media profile (hereinafter jointly referred to as the “online offering”). With regard to the terms used, such as “processing” or “data controller”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Usage data (e.g., websites visited, interest in content, times of access).
Meta/communication data (such as device information and IP addresses).

Provision of the online offering, its functions and content.
Security measures.
Reach measurement/marketing

“Personal Data” refers to all information relating to an identified or identifiable natural person (hereinafter: “Data Subject”); a natural person is regarded as identifiable if he or she can be directly or indirectly identified, especially by means of association with an identifier, such as a name, with an identification number, with location data, with an online identifier (e.g., cookies) or with one or several special features reflecting the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person. “Processing” means any operation carried out with or without the aid of automated procedures, or any such series of operations in connection with personal data. The term is broad and covers virtually every aspect of dealing with data. “Data Controller” refers to the natural or legal person, public authority, agency, or other body that alone or jointly with others determines the purposes and means of the processing of personal data.

In accordance with Article 13 GDPR, we are informing you of the legal basis of our data processing. If the legal basis is not mentioned in the Privacy Policy, the following applies: the legal basis for obtaining consent is Art. 6 (1) (a) and Art. 7 GDPR, the legal basis for processing to fulfil our services and execute contractual measures, as well as for replying to enquiries, is Art. 6 (1) (b) GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 (1) (c) GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 (1)(f) GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR applies as the legal basis.

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this website. In this regard, either we or our hosting provider process the inventory data, contact data, content data, contract data, usage data, and meta and communication data of customers, interested parties and visitors of this online offering based on our legitimate interests in the efficient and secure provision of this online offering in accordance with Article 6 para (1) (f) GDPR in conjunction with Art. 28 GDPR (conclusion of order processing agreement).

We, or our hosting provider, collect data on the basis of our legitimate interests within the meaning of Art. 6 (1) (f) GDPR regarding each instance of access to the server on which this service is located (known as server log files). Access data includes the name of the requested website, file, date and time of access, amount of data transferred, a report as to whether the site was successfully accessed, the browser type and version, the user’s operating system, the referrer URL (the site visited before coming to our site), the user’s IP address, and the requesting internet service provider. Log file information is stored for a maximum of seven days for security reasons (e.g., to investigate misuse or fraud) and then deleted. Data which must be retained as potential evidence is not deleted until the relevant incident has been conclusively clarified.

Based on our legitimate interests (i.e. interests in the analysis, optimisation, and economical operation of our website in accordance with Article 6 para 1 lit f GDPR), we use Google Analytics, a web analytics service provided by Google LLC (“Google”). Google uses cookies. The information generated by the cookie about the user’s use of the website is generally transmitted to and stored on a Google server in the USA.
Google is certified under the Privacy Shield agreement, thereby offering a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

On our behalf, Google will use this information to analyse the use of our website by users, to compile reports on activities on this website, and to provide us with other services related to the use of this website and the internet. Pseudonymous usage profiles of users may be created from the data processed.

We use only Google Analytics with IP anonymisation enabled. This means that users’ IP addresses are truncated by Google within EU member states or other countries party to the Agreement on the European Economic Area. Only in exceptional cases are IP addresses transferred to a Google server in the USA and truncated there.

The IP address sent by your browser will not be associated with other data held by Google. Users may prevent the use of cookies by selecting the appropriate settings in their browser; users can also prevent Google from collecting the data generated by cookies regarding their use of the website, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Further information on Google’s use of data, settings and objection options, can be found in Google’s Privacy Policy (https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).

Users’ personal data will be deleted or anonymised after 14 months.

We integrate fonts (“Google Fonts”) provided by the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.