data protection

2. Your rights

Under applicable data protection law, in particular the EU General Data Protection Regulation (GDPR), you have extensive rights as a data subject with regard to the processing of your personal data, which we would like to inform you about below. You have the right:

• pursuant to Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making, including profiling and, if applicable, meaningful information about its details;

• to request the immediate correction of incorrect or incomplete personal data stored by us in accordance with Art. 16 GDPR;

• to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;

• pursuant to Art. 18 GDPR, to request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful, but you refuse to have it deleted and we no longer need the data, but you need it to assert, exercise, or defend legal claims, or you have objected to the processing pursuant to Art. 21 GDPR;

• pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request its transfer to another controller;

• to revoke your consent at any time in accordance with Art. 7 (3) GDPR. As a result, we will no longer be permitted to continue processing data based on this consent in the future; and

• to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our practice location for this purpose. A list of supervisory authorities and their contact details can be found at the following link:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

• Pursuant to Art. 21 GDPR, the right to object to data collection in specific cases and to direct marketing:

Explanation of Article 21 GDPR:

If data processing is based on Art. 6 (1) (e) or (f) GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims (objection pursuant to Art. 21(1) GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will no longer be used for the purposes of direct marketing or profiling (objection pursuant to Art. 21 (2) GDPR).

3. Data collection when visiting our website

a) Cookies

This website uses cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our website more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Some of the cookies we use are so-called "session cookies." They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser the next time you visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited. Cookies that are necessary for the electronic communication process or for the provision of certain functions you have requested are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If other cookies (e.g., cookies for analyzing your surfing behavior) are stored, these are treated separately in this privacy policy.

b) Server log files

When you use our website for informational purposes only, i.e. if you do not otherwise provide us with information, we only collect the personal data that your browser transmits to our server (so-called server log files). When you visit our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• Amount of data transferred in each case
• Website from which the request originates
• Browser
• Operating system and its interface
• Language and version of the browser software.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the above-mentioned purposes of data collection. This data is not merged with other data sources.

c) Contact via email, telephone, fax, or contact form

If you contact us by email, telephone, fax, or contact form, your request, including all resulting personal data (name, request), will be stored and processed by us for the purpose of processing your request. When you contact us using the contact form, personal data will also be transferred to HubSpot (see No. 10) within the framework of a data processing agreement in accordance with Art. 28 GDPR.

This data is processed on the basis of Art. 6 (1) (b) GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on your consent (Article 6(1)(a) GDPR) and/or on our legitimate interests (Article 6(1)(f) GDPR), as we have a legitimate interest in the effective processing of inquiries addressed to us.

The data you send us via contact requests will remain with us until you request us to delete it, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular statutory retention periods—remain unaffected.

d) Newsletter / Blog 

We offer the option of subscribing to our blog on our website. This is done by entering your email address and confirming it afterwards (double opt-in). Your email address will be transmitted to the newsletter provider sendinblue (see No. 10) and processed there within the framework of a contract processing agreement in accordance with Art. 28 GDPR. Your email address will not be stored or processed in our systems. No further data is required for this service.

4. Matomo

Our website uses the web analytics service Matomo. Matomo is an open source solution. Matomo uses "cookies." These are small text files that your web browser stores on your device and that enable an analysis of website usage. Information generated by cookies about the use of our website is stored on our server. Your IP address is anonymized before it is stored. Matomo cookies remain on your device until you delete them. Matomo cookies are set on the basis of Art. 6 (1) lit. f GDPR.

As the operator of this website, we have a legitimate interest in anonymously analyzing user behavior in order to optimize both our website and, where applicable, our advertising. The information stored in the Matomo cookie about the use of this website is not passed on. You can prevent your web browser from setting cookies. However, this may restrict some of the functions of our website.

You can deactivatethestorage and use of your datahere. Your browser will set an opt-out cookie that prevents Matomo from storing usage data. If you delete your cookies, the Matomo opt-out cookie will also be removed. When you visit our website again, you will need to set the opt-out cookie again to prevent the storage and use of your data.

5. Sendinblue

We have integrated a newsletter system called Sendinblue into our website. The operating company is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, with a branch office in Germany.

The service used is an integrated software solution that we use to manage customer data and cover various aspects of our online marketing. This includes regularly sending newsletters via email to registered subscribers.

This involves the use of web beacons and cookies stored on the device you are using. The following personal data may be collected, for example: IP address, geographical location, type of browser, duration of visit, pages viewed. Furthermore, sendinblue collects the data entered by the user (only your email address) when they fill out the contact form. The information collected is stored on sendinblue servers in Germany.

We have concluded a data processing agreement with sendinblue in accordance with Art. 28 GDPR. Our data is also stored there. You can find more information about sendinblue's privacy policy at https://de.sendinblue.com/datenschutz-uebersicht/.

6. External hosting

This website is hosted by an external service provider on servers in Germany (host). The host is Raidboxes GmbH, Friedrich-Ebert-Straße 7, DE – 48153 Münster (https://raidboxes.io/).

Personal data collected on our website is stored on the host's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website visits, and other data generated via a website.

The use of the host is based on a contract processing agreement and serves the purpose of initiating and fulfilling contracts with our potential and existing customers (Art. 6 (1) (b) GDPR) and is in the interest of secure, fast, and efficient provision of our online services by a professional provider (Art. 6 (1) (f) GDPR).

Our host will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data.

7. Our social media presence

a) Data processing by social networks

We maintain publicly accessible profiles on social networks. The specific social networks we use are listed below. Social networks such as Facebook, Google+, etc. can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media sites triggers numerous data processing operations that are relevant to data protection. Specifically:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection is carried out, for example, via cookies that are stored on your device or by recording your IP address.

With the help of the data collected in this way, the operators of social media portals can create user profiles that store your preferences and interests. In this way, interest-based advertising can be displayed to you both within and outside the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are or were logged in.

Please also note that we cannot track all processing operations on social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and privacy policies of the respective social media portals.

b) Legal basis

Our social media presence is intended to ensure the most comprehensive presence possible on the internet. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. The analysis processes initiated by social networks may be based on different legal grounds, which must be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6(1)(a) GDPR).

c) Responsible party and assertion of rights

When you visit one of our social media sites (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, correction, deletion, restriction of processing, data portability, and complaint) both against us and against the operator of the respective social media portal (e.g., against Facebook).

Please note that despite our joint responsibility with social media portal operators, we do not have full control over the data processing operations of social media portals. Our options are largely determined by the corporate policy of the respective provider.

d) Storage period

The data collected directly by us via our social media presence will be deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it, you revoke your consent to its storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions—in particular retention periods—remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of social networks for their own purposes. For details, please contact the operators of social networks directly (e.g., in their privacy policy, see below).

e) Social networks in detail

aa) Facebook

We have a profile on Facebook. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified under the EU-US Privacy Shield.

We have entered into a joint processing agreement (Controller Addendum) with Facebook. This agreement specifies which data processing operations we and Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads. For details, please refer to Facebook's privacy policy: https://www.facebook.com/about/privacy/.

bb) LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn is certified under the EU-US Privacy Shield. LinkedIn uses advertising cookies.

If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. For details on how they handle your personal data, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

8. Right to make changes

Please note that we reserve the right to adapt or amend this privacy policy from time to time in accordance with applicable laws.

Last update: April 25, 2021