Data protection declaration

Data protection declaration

This data protection declaration informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as „data“) within the scope of the provision of our services as well as within our online offer and the websites, functions and contents connected with it as well as external online presences, such as our social media profiles (hereinafter jointly referred to as „online offer“). With regard to the terms used, such as „processing“ or „controller“, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Types of data processed

  • Inventory data (e.g., personal master data, names or addresses).
  • Contact data (e.g., e-mail, telephone numbers).
  • Content data (e.g., text entries, photographs, videos).
  • Usage data (e.g., web pages visited, interest in content, access times).
  • Meta/communication data (e.g., device information, IP addresses).

Categories of data subjects

Visitors and users of the online offer (hereinafter we also refer to the data subjects collectively as „users“).

Purpose of the processing

  • Provision of the online offer, its functions and contents.
  • Responding to contact requests and communicating with users.
  • Security measures.
  • Reach measurement/marketing.

Terminology used

„Personal data“ means any information relating to an identified or identifiable natural person (hereinafter „data subject“); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

„Processing“ means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually any handling of data.

„pseudonymisation“ means the processing of personal data in such a way that personal data can no longer be related to a specific data subject without additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.

„Profiling“ means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.

Controller“ means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

„Processor“ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Relevant legal basis

In accordance with Art. 13 DSGVO, we inform you of the legal basis for our data processing. For users from the area of application of the General Data Protection Regulation (DSGVO), i.e. the EU and the EEC, the following applies if the legal basis is not stated in the data protection declaration:

The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 DSGVO;

The legal basis for processing for the fulfilment of our services and implementation of contractual measures as well as answering enquiries is Art. 6 (1) lit. b DSGVO;

The legal basis for processing for the fulfilment of our legal obligations is Art. 6 para. 1 lit. c DSGVO;

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d DSGVO serves as the legal basis.

The legal basis for the processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller is Art. 6(1)(e) DSGVO.

The legal basis for processing to protect our legitimate interests is Art. 6 (1) lit. f DSGVO.

The processing of data for purposes other than those for which they were collected shall be determined in accordance with the provisions of Article 6 (4) of the GDPR.

The processing of special categories of data (in accordance with Art. 9 (1) of the GDPR) is governed by the provisions of Art. 9 (2) of the GDPR.

Security measures

We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input, disclosure, ensuring availability and segregation of the data. We also have procedures in place to ensure the exercise of data subjects‘ rights, deletion of data and response to data compromise. Furthermore, we already take the protection of personal data into account in the development and selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings.

Cooperation with processors, joint controllers and third parties

If, in the course of our processing, we disclose data to other persons and companies (processors, joint controllers or third parties), transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, is necessary for the performance of the contract), users have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we disclose or transfer data to other companies in our group of companies or otherwise grant them access, this is done in particular for administrative purposes as a legitimate interest and, in addition, on a basis that complies with the legal requirements.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or do so in the context of using third-party services or disclosing or transferring data to other persons or companies, this will only be done if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or allow data to be processed in a third country if the legal requirements are met. This means, for example, that the processing is carried out on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the „Privacy Shield“) or compliance with officially recognised special contractual obligations.

Rights of data subjects

You have the right to request confirmation as to whether data in question is being processed and to information about this data as well as further information and a copy of the data in accordance with the legal requirements.

You have the right, in accordance with the law, to request that data relating to you be completed or that inaccurate data relating to you be corrected.

You have the right, in accordance with the law, to request that data concerning you be deleted immediately or, alternatively, to request restriction of the processing of the data in accordance with the law.

You have the right to demand that the data concerning you that you have provided to us be received in accordance with the legal requirements and to demand that it be transferred to other persons responsible.

You also have the right to lodge a complaint with the competent supervisory authority in accordance with the law.