Data Privacy Policy

1. Data privacy at a glance

General information

The following information provides a simple overview regarding what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. Extensive information on the topic of data privacy can be found in the Data Privacy Policy below.

Data collection on this website

Who is responsible for data collection on this website?

The processing of data collected from this website is carried out by the website operator. You can find the website operator's contact data in the section "Information on the data controller" in this Data Privacy Policy.

How do we collect your data?

We collect the data which you provide us. For instance, the data you enter into a contact form.

Other data is collected by our IT systems automatically or with your given consent when you visit the website. These collections involve primarily technical data (browser, operating system, or time of visit). The collection of this data is carried out automatically when you visit this website.

How do we use your data?

Part of the data is collected to make the use of our website easier. Other data can be used to analyse your user behaviour.

What are your rights with regard to your data?

You have the right to receive information on the origin, purpose, and recipients of your stored personal data at any time and at no cost. You also have the right to demand the rectification or deletion of this data. If you have given consent to the processing of your data, you can revoke this consent at any time with effect for the future. You also have the right under certain circumstances to demand restriction to the processing of your personal data. You also have the right to appeal to the competent supervisory authority.

You may contact us at any time with questions regarding this or other data privacy matters.

Analysis tools and third-party tools

When you visit this website, your internet surfing behaviour can be statistically evaluated. This is done primarily through analysis programmes.

Detailed information on these analysis programmes can be found in the Data Privacy Policy below.

2. Hosting and content delivery networks (CDN)

External hosting

This website is hosted by an external provider. The personal data collected on this website is stored on the host's servers. This may include IP addresses, contact requests, metadata, communication data, contact information, names, website access, and other data that is generated over a website.

The host is used for the purpose of contract fulfilment vis-à-vis our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of a secure, fast, and efficient provision of our online offer by a professional provider (Art. 6 (1) (f) GDPR). Our web host will process your data only to the extent necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.

We use the following web hosts:

Host Europe GmbH
Hansestrasse 111
51149 Cologne, Germany

Amazon Web Services, Inc.
410 Terry Avenue North
Seattle, WA 98109
United States

Conclusion of a contract for commissioned processing

We have concluded an order processing contract with our host in order to ensure data protection-compliant processing.

Cloudflare

We use the service Cloudflare. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter "Cloudflare").

Cloudflare provides worldwide content delivery network services (DNS). In this process, the transfer of information between your browser and our website is technically routed via Cloudflare's network. This enables Cloudflare to analyse traffic between your browser and our website and act as a filter between our servers and potentially malicious data traffic from the internet. Cloudflare may also use cookies or other tools for internet user recognition, but these are used solely for the purposes described here.

The use of Cloudflare is based on our legitimate interest in making our website as error-free and secure as possible (Art. 6 (1) (f) GDPR).

The data transmission to the USA is based on the standard contractual clauses of the European Commission. You can find details here: https://www.cloudflare.com/privacypolicy/

Further information on Cloudflare's security and data privacy can be found here: https://www.cloudflare.com/privacypolicy/.

3. General instructions and obligatory information

Data privacy

The operators of these web pages take your data privacy seriously. We handle your personal data confidentially and in line with the statutory data privacy regulations as well as with this Data Privacy Policy.

When you visit this website, various personal data is collected. Personal data is any data with which you can be personally identified. This Data Privacy Policy explains which data we collect and what we use it for. It also explains how and for what purpose.

Please note that any transmission of data over the internet (for example in communication by email) may not be completely secure. It is not possible to guarantee complete protection of data from access by third parties.

Information on the data controller

The data controller for the processing of data on this website is:

Equineum AG
Kapellenstrasse 34 b
65193 Wiesbaden, Germany

Represented by:
Mareike Feß
Nardi Datcu
Andreas Gartz
Christopher Schweiger

Telephone: +49-611-44575370
email: info@equineum.com

The data controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (such as names, email addresses, or similar).

Retention period

Unless a more specific storage period is stated within this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a justified request to erase your data or revoke consent for us to process it, your data will be erased so long as we have no other legally permitted reasons to store it (e.g. retention periods related to tax or commercial law); in the latter case, erasure will take place once these reasons no longer apply.

Legally prescribed data protection officer

We have ordered a data protection officer for our company.

External data protection officer DSBOK Oliver Krause

Telephone: 06144 402197
email: equineum@dsbok.de

Information on data transfer to the USA and other third countries

Our website uses the tools of companies based in the USA or other third countries that are insecure for data privacy purposes. If these tools are active, your personal data may be transmitted to these third countries and processed there. Please be advised that no level of data protection similar to that found in the EU can be guaranteed in these countries. For example, US companies are obligated to hand over personal data to security authorities without you as the data subject having the right to take legal action against this. It cannot therefore be discounted that US authorities (such as intelligence services) might process, evaluate, and permanently store your data located on US servers for surveillance purposes. We have no control over these processing activities.

Revocation of your consent to data processing

Many data processing procedures are only possible with your express consent. You may revoke your previously given consent at any time. Such revocation shall not affect the legality of data processing carried out prior to the revocation.

Right to object to data collection in special cases and against direct marketing (Art. 21 GDPR)

IF THE DATA PROCESSING IS BASED ON ART. 6 (1) (E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, INCLUDING PROFILING BASED ON THOSE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE, OR DEFENCE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21 (1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED IN ORDER TO ENABLE DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING OF THE RELEVANT PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING AT ANY TIME; THIS ALSO APPLIES TO PROFILING IF DONE IN CONNECTION WITH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21 (2) GDPR).

Right of appeal to the competent supervisory authority

In the event of GDPR violations, the data subject has the right to appeal to a supervisory authority, particularly in the member state of their habitual residence, their workplace, or the place of the alleged violation. The right of appeal remains without prejudice to any other administrative or judicial recourse.

Right to data portability

You have the right to have data processed automatically by us, on the basis of your consent or in the fulfilment of a contract, delivered to you or to a third party in a standard, machine-readable format. If you request the direct transfer of the data to another controller, this will be carried out only if technically feasible.

SSL/TLS encryption

This site uses SSL or TLS encryption for security purposes and to protect the transmission of confidential content such as orders or enquiries that you send to us as the site operator.

You will recognise an encrypted connection by the fact that the URL changes from "http://" to "https://" and by the padlock icon in your browser's address bar.

If SSL/TLS encryption is activated, the data that you send us cannot be read by third parties.

Encrypted payment transactions on this website

If, following the conclusion of a contract, you are required to transmit your payment data to us (such as a bank account number for direct debit authorisation), this data is needed for the processing of payment.

Payment transaction via standard payment methods (Visa/MasterCard, direct debit) is carried out exclusively over an encrypted SSL/TLS connection. You will recognise an encrypted connection by the fact that the URL changes from "http://" to "https://" and by the padlock icon in your browser's address bar.

Encrypted communication prevents your entered payment information from being read by third parties.

Information, erasure, and rectification

Through the applicable statutory provisions, you have the right to information regarding your stored personal data, its origin and recipient, and the purpose of the data processing, at any time and at no charge, and if appropriate a right to the rectification or erasure of this data. You may contact us at any time with questions regarding this or other data privacy matters.

Right to restriction of processing

You have the right to demand the restriction of the processing of your personal data. You may contact us in this regard at any time. The right to restriction of processing applies to the following cases:

If you contest the accuracy of the stored personal data, we may require time to verify this. You have the right to demand the restriction of the processing of your personal data for the duration of this verification.

If the processing of your personal data occurred or occurs unlawfully, you may demand, in place of its erasure, the restriction of its processing.

If your personal data is no longer needed by us but needed by you for the exercise, defence, or assertion of legal claims, you have the right to demand that, instead of its erasure, the processing of your personal data be restricted.

If you have raised an objection in accordance with Art. 21 (1) GDPR, a balancing of your interests and ours must be made. As long as it has not yet been determined whose interests prevail, you have the right to demand that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, this data (apart from being stored) may only be processed with your consent or for the assertion, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

Objection to unsolicited emails

Objection is hereby raised on the use of contact data published within the framework of the Legal Notice obligation for the purpose of sending unsolicited advertising and information material. The website operators expressly reserve the right to take legal action in the event of the unsolicited sending of advertising, for example in spam emails.

4. Data collection on this website

Cookies

Our web pages use cookies. Cookies are small text files that do not harm your computer. They either expire at the end of a session (session cookies) or remain permanently on your end device (persistent cookies). Session cookies are automatically deleted after your visit. Persistent cookies remain on your device until you delete them or until they are deleted automatically by your web browser. In some cases, cookies from third-party companies (third-party cookies) may also be stored on your end device when you visit our website. These allow us or you to use certain third-party services (e.g. cookies for payment processing services). Cookies have a variety of functions. Many cookies are technically necessary, as certain website features will not function without them (e.g. the shopping cart feature or the playing of videos). Other cookies help us evaluate user behaviour or show advertising. Cookies that are needed to carry out electronic communication processes (strictly necessary cookies), to provide certain desired functions (functional cookies, e.g. for the shopping cart function), or for website optimisation (e.g. cookies for measuring web audiences) are stored on the basis of Art. 6 (1) (f) GDPR if no other legal bases are given. The website operator has a legitimate interest in the storage of cookies for the technically flawless and optimized provision of its services. If consent is requested for the storage of cookies, the storage of these cookies takes place exclusively on the basis of this consent (Art. 6 (1) (a) GDPR); this consent may be revoked at any time.

You can configure your browser so that you will be notified of the storage of cookies and can allow them on a case-by-case basis, allow them for certain situations, generally decline them, or have them automatically deleted when you close your browser. The deactivation of cookies may impair this website's functionality.

If third-party cookies or cookies for analytical purposes are used, we will inform you of this separately within the framework of this data privacy policy and, if applicable, request your consent.

Cookie consent with Cookiebot

Our website uses the cookie consent software from Cookiebot to collect your consent to the placement of certain cookies on your end device and to document this in a way that meets data privacy requirements. The provider of this software is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter "Cookiebot").

When you visit our website, a connection is created to Cookiebot's servers to collect your consent and other information on the use of cookies. Cookiebot then places a cookie in your browser so that consent or revocation is assigned to you. The data recorded in this way is stored until you request its erasure, delete the Cookiebot cookie yourself, or until the purpose for the data storage no longer applies. Mandatory statutory retention obligations remain unaffected.

Cookiebot is used to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 (1) (c) GDPR.

Server log files

The website provider automatically collects and stores information in server log files which your browser automatically transmits to us. These include:

This data is not merged with other data sources.

The collection of this data is carried out on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of the website, which requires recording of the server log files.

Contact form

If you send us enquiries through our contact form, we store your submission from the form including the contact data supplied by you for the processing of your request and in case of follow-up questions. We do not pass this data on without your consent.

The processing of this data is carried out on the basis of Art. 6 (1) (b) GDPR, insofar as your request is connected with the fulfilment of a contract or necessary to carry out pre-contractual measures. In all other cases, the data processing is based on our legitimate interest in the effective processing of requests directed at us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) insofar as this was requested.

The data that you enter via the contact form remains with us until you demand its deletion, revoke your consent to its storage, or the purpose for the data storage no longer applies (e.g. after the completed processing of your enquiry). Mandatory statutory provisions – in particular, retention periods – remain unaffected.

Request by email, telephone or telefax

If you contact us by email, telephone, or telefax, we will save and process your request, including all included personal data (name, request) for the purpose of handling your request. We do not pass this data on without your consent.

The processing of this data is carried out on the basis of Art. 6 (1) (b) GDPR, insofar as your request is connected with the fulfilment of a contract or necessary to carry out pre-contractual measures. In all other cases, the data processing is based on our legitimate interest in the effective processing of requests directed at us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) insofar as this was requested.

The data that you enter via the contact form remains with us until you demand its deletion, revoke your consent to its storage, or the purpose for the data storage no longer applies (e.g. after the completed processing of your request). Mandatory statutory provisions – in particular, retention periods – remain unaffected.

Use of chatbots

We use chatbots to communicate with you. Chatbots are able to respond to your questions and other submissions without human interaction. To provide appropriate answers, chatbots analyse your entered data and other data (e.g. names, email addresses and other contact data, customer names and other identifiers, orders, and chat logs). They may also record your IP address, log files, location information, and other metadata. This data is stored on the chatbot provider's servers.

The collected data may be used to create user profiles. The data may also be used for purposes of interest-based advertising insofar as the remaining statutory preconditions (particularly consent) are met. Chatbots may also be linked to analytical and marketing tools.

The recorded data may also be used to improve our chatbots and their response behaviour (machine learning).

The data that you enter via the contact form remains with us until you demand its deletion, revoke your consent to its storage, or the purpose for the data storage no longer applies (e.g. after the completed processing of your request). Mandatory statutory provisions – in particular, retention periods – remain unaffected. The legal basis of the use of chatbots is Art, 6 (1) (b) GDPR insofar as the chatbot is used for contract initiation or as part of contract fulfilment. If consent is requested for this purpose, processing takes place exclusively on the basis of this consent (Art. 6 (1) (a) GDPR); this consent may be revoked at any time. In all other cases, use is based on our legitimate interest in effective customer communication (Art. 6 (1) (f) GDPR).

Crisp

Our website uses chat software from the company Crisp IM SARL, 149 rue Pierre Sémard, 29200 Brest, France.

If you use the chat feature, the following data will be transmitted:

We use Crisp to provide assistance in using the website and to answer questions about the content of our texts and offers. This represents a legitimate interest as defined by Art. 6 (1) (f) GDPR.

More information on Crisp's handling of user data can be found in Crisp's Privacy Policy: https://crisp.chat/en/privacy/

Please do not use the chat function if you do not wish your data to be passed on.

Registration on this website

You have the option of registering on our website for access to additional features. We use the data entered for this purpose only for the use of the corresponding offer or service for which you have registered. The information required for registration must be provided in full, or registration will be declined.

We will use the email address provided at registration to inform you of important changes, such as changes to the scope of an offer or technically necessary changes.

The processing of data provided at registration is carried out for the purpose of implementing the user relationship established by registration and, if appropriate, for the initiation of further contracts (rt. 6 (1) (b) GDPR).

The data collected for registration is stored by us for as long as you are registered at our website and deleted afterwards. Statutory retention periods remain unaffected.

Comment function on this website

In addition to your comment, the comment function on this website will store information on when the comment was entered, your email address, and, unless you post anonymously, your selected username.

Storage of IP addresses

Our comment function stores the IP addresses of users who leave comments. Since we do not verify comments on this website before publication, we need this data in order to be able to take action against comment authors in the event of legal violations such as insults or propaganda.

Comment subscription

As a user of this site, you may subscribe to comments after registration. You will receive a confirmation email to verify that you are the owner of the email address provided. You may unsubscribe from this function at any time by using the link in the informational email. The data entered within the framework of comment subscription shall be erased in this case; if you sent this data to use elsewhere for other purposes (e.g. newsletter subscription), this data will be retained by us.

Comment storage period

Comments and their associated data are saved and remain on this website until the commented content has been completely deleted or the comments are deleted for legal reasons (e.g. offensive comments).

Legal basis

Data processing is undertaken on the basis of your consent (Art. 6 (1) (a) GDPR). You may revoke your consent at any time. An informal notification per email is sufficient for this. Such revocation shall not affect the legality of data processing operations carried out prior to the revocation of consent.

5. Analysis tools and advertising

Cloudflare Insights

Type and scope of processing

We have integrated Cloudflare Insights on our website. Cloudflare Insights is a service provided by Cloudflare, Inc. that develops cloud-based software that website and application owners can use to track the performance of their services.

Cloudflare Insights offers the possibility to determine statistical evaluations of the technical performance of our services (e.g. the duration of a certain database query, the stability and availability of our servers, or the response time of our servers). For this purpose, application and browser data are collected and stored in the browser using cookies.

In this case, your data will be passed on to the operator of Cloudflare Insights, Cloudflare, Inc.,.

Purpose and legal basis

The use of Cloudflare Insights is based on our legitimate interests, i.e. interest in optimizing our services in accordance with Art. 6 Paragraph 1 lit.f GDPR.

Storage period

The specific storage duration of the processed data cannot be influenced by us, but is determined by Cloudflare, Inc. Further information can be found in the data protection declaration for Cloudflare Insights: https://www.cloudflare.com/privacypolicy/.

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool which allows us to use tracking or statistics tools and other technologies on our website. Google Tag Manager does not create its own user profiles, place cookies, or carry out its own analyses. It serves merely for the administration and function of the tools used through it. Google Tag Manager does record your IP address, which may also be transmitted to its parent company, Google, in the United States.

The use of Google Tag Manager is carried out on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in a fast and uncomplicated integration and administration of various tools on the website. Insofar a corresponding consent was requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR; consent may be revoked at any time.

etracker

The provider of this website uses the services of etracker GmbH, Hamburg, Germany (www.etracker.com) to analyse usage data. We do not use cookies for web analysis by default. If we use analysis and optimisation cookies, we will obtain your explicit consent separately in advance. If this is the case and you agree, cookies are used to enable a statistical range analysis of this website, a measurement of the success of our online marketing measures and test procedures, e.g. to test and optimise different versions of our online offer or its components. Cookies are small text files that are stored by the Internet browser on the user's device. etracker cookies do not contain any information that could identify a user.

The data generated by etracker on behalf of the provider of this website is processed and stored by etracker solely in Germany by commission of the provider of this website and is thus subject to the strict German and European data protection laws and standards. In this regard, etracker was independently checked, certified and awarded with the ePrivacyseal data protection seal of approval.

The data processing is based on Art. 6 Section 1 lit f (legitimate interest) of the General Data Protection Regulation (GDPR). Our legitimate interest is the optimisation of our online offer and our website. As the privacy of our visitors is very important to us, the data that may possibly allow a reference to an individual person, such as IP address, registration or device IDs, will be anonymised or pseudonymised as soon as possible. etracker does not use the data for any other purpose, combine it with other data or pass it on to third parties.

You can object to the outlined data processing at any time. Your objection has no disadvantageous consequences.

Further information on data protection with etracker can be found here.

6. Newsletter

Newsletter data

When you sign up for our newsletter, we will need your email address and information that allows us to verify that you are the owner of the submitted email address and that you agree to receive the newsletter. Other data is not collected, or only collected on a voluntary basis. We use this data exclusively to send the requested information and we do not pass it on to third parties.

The processing of the data submitted in the newsletter registration form is carried out exclusively on the basis of your consent (Art. 6 (1) (a) GDPR). You may revoke your consent to the storage of your data, your email address, and their use for sending the newsletter at any time, for example through the "Unsubscribe" link in the newsletter. Such revocation shall not affect the legality of data processing operations carried out prior to the revocation of consent.

We or the newsletter service provider will store the data provided by you for the purpose of receiving the newsletter until you unsubscribe from the newsletter; after you have unsubscribed or the purpose no longer exists, this data will be deleted. We reserve the right at our own discretion to delete or block email addresses from our newsletter distribution list as part of our legitimate interest according to Art. 6 (1) (f) GDPR.

After you are removed from the newsletter distribution list, your email address will be blacklisted by us or the newsletter service provider in order to prevent its use for future emails. The blacklisted data will be used by us for this purpose only and not combined with other data. This serves both your interests as well as our interest in compliance with the statutory provisions on the sending of newsletters (legitimate interest as laid down in Art. 6 (1) (f) GDPR). There is no time restriction for the storage of blacklisted data. You may object to this storage if your interests outweigh our legitimate interest.

SendGrid

We use the services of SendGrid for the dispatch of emails. The provider is the company SendGrid, Inc., 1801 California Street, Suite 500, Denver, CO 80202, USA.

SendGrid is a service that, among other services, organises and analyses the dispatch of emails and newsletters. If you submit an email address, this will be stored on SendGrid's servers in the USA.

SendGrid has "EU-US Privacy Shield" certification. The Privacy Shield is a framework authored by the European Union (EU) and the United States, created to ensure US compliance with European data privacy standards.

SendGrid assists us in the analysis of email dispatch, for example in determining whether a message was opened, and which links were used. Technical information (e.g. time of access, IP address, browser, operating system) is also collected. This data serves exclusively for the statistical analysis of messages. The results of these analyses can be used to better determine delivery issues.

Data processing is undertaken on the basis of your consent (Art. 6 (1) (a) GDPR). You may revoke this consent at any time. Such revocation shall not affect the legality of data processing operations carried out prior to the revocation of consent.

SendGrid's data privacy provisions can be found at: https://sendgrid.com/policies/privacy/privacy-shield-certification/

7. Plugins and tools

YouTube with Extended Data Protection Mode

This website contains YouTube videos. The site provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in Extended Data Protection Mode. Pursuant to YouTube specifications, in this mode YouTube stores no information on visitors to this website before they view a video. Extended Data Protection Mode does not necessarily mean that no data will be sent to YouTube's partners. YouTube thus creates a connection to the Google subsidiary DoubleClick whether or not you watch a video.

As soon as you begin to play a YouTube video on our website, a connection is made to YouTube's servers. This connection informs the YouTube server which of our sites were visited by you.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

In addition, YouTube can place cookies on your end device or use comparable recognition technologies (e.g. device fingerprinting) when you play a video. In this way, YouTube can receive information on visitors to this website. This information is used to collect video statistics, improve user friendliness, and prevent attempts at fraud, among other things.

Further data processing operations over which we have no control may be triggered after the start of a YouTube video.

The use of YouTube is undertaken in the interest of an attractive representation of our website. This represents a legitimate interest as defined by Art. 6 (1) (f) GDPR. If consent is requested for this purpose, processing takes place exclusively on the basis of this consent (Art. 6 (1) (a) GDPR); this consent may be revoked at any time.

More information on data privacy at YouTube can be found in its privacy policy at: https://policies.google.com/privacy?hl=de

Google Web Fonts (local hosting)

This website uses Google Web Fonts for the uniform presentation of fonts. Google fonts are hosted locally, i.e., no connection to Google's servers takes place.

More information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's Privacy Policy: https://policies.google.com/privacy?hl=de

Google reCAPTCHA

This website uses Google reCAPTCHA (hereinafter "reCAPTCHA"). The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA verifies whether the submission of data on this website (e.g. in a contact form) is carried out by a human or through an automated software. reCAPTCHA analyses website visitor behaviour for different characteristics. This analysis begins automatically as soon as the visitor visits the website. reCAPTCHA evaluates a variety of information (IP address, time spend on the website, the user's mouse movements, etc.). The data collected for analysis is transmitted to Google.

The reCAPTCHA analyses are run entirely in the background. Website visitors are not made aware that this analysis is taking place.

The storage and analysis of the data is carried out on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in protecting its web pages from spybots and spambots. If consent is requested for this purpose, processing takes place exclusively on the basis of this consent (Art. 6 (1) (a) GDPR); this consent may be revoked at any time.

More information on Google reCAPTCHA is contained in Google's data privacy provisions and Google's terms, found at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de

8. eCommerce and payment providers

Processing of data (customer and contract data)

We collect, process, and use personal data only to the extent required for the establishment, content arrangement, or amendment of the legal relationship (contract data). This is carried out in line with Art. 6 (1) (b) GDPR, which permits the processing of data for contract fulfilment or pre-contractual measures. We collect, process, and use personal data through the use of our internet sites (user data) only to the extent necessary to enable the user to use the service or for billing.

The collected customer data is erased after the conclusion of the order or the end of the business relationship. Statutory retention periods remain unaffected.

Data transmission upon conclusion of a contract for services and digital content

We only transmit personal data to third parties when this is necessary for the handling of the contract, such as credit institutes commissioned with payment processing. No further transmission of the data takes place, or only with your express consent. Your data will not be passed on to third parties without your express consent (for example for advertising purposes).

Data processing is carried out in line with Art. 6 (1) (b) GDPR, which permits the processing of data for contract fulfilment or pre-contractual measures.

Payment services

We include third-party payment services on our website. If you make a purchase on our website, your payment data (e.g. name, payment amount, account number, credit card number) is processed by the payment service provider for the purpose of payment processing. For these transactions, the respective provider's contractual and data protection provisions apply. The use of payment service providers is carried out on the basis of Art. 6 (1) (b) GDPR (performance of a contract) as well as in the interest of a payment process that is as smooth, convenient, and secure as possible (Art 6 (1) (f) GDPR. If your consent is requested for certain actions, Art. 6 (1) (a) GDPR shall form the legal basis for the data processing: consent may be revoked at any time with effect for the future. We use the following payment services / payment service providers in connection with this website.

Mollie

On our website we offer the option of payment through Mollie. The provider of this payment service is Mollie B.V., Keizersgracht 313, 1016 EE Amsterdam, Netherlands (hereinafter "Mollie"). If you choose to pay via Mollie, the payment information entered by you is sent to Mollie and to the corresponding chosen payment provider (iDEAL, Bancontact, SOFORT Banking, Overboeking, PayPal, Bitcoin, KBC/CBC Payment Button, Belfius Direct Net).

The transmission of your data to Mollie is carried out on the basis of Art. 6 (1) (a) GDPR (consent) and Art. 6 (1) (b) GDPR (processing for the performance of a contract). You have the option of revoking your consent to the processing of your data at any time. Such revocation shall not affect the validity of data processing operations carried out prior to the revocation.

PayPal

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").

The data transmission to the USA is based on the standard contractual clauses of the European Commission. Details can be found at: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full . Details can be found in PayPal's Data Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

9. Audio and video conferences

Data processing

We use online conference tools to communicate with our customers. These tools are listed individually below. If you communicate with us online via video conference or audio conference, your personal data is collected and processed by us and by the respective conference tool provider.

Conference tools collect all data that you provide to use the tool (your email address and/or telephone number). The conference tools additionally process data on conference duration, starting and ending times of conference participation, number of participants, and other "context information" in connection with the communication process (metadata).

In addition, the tool provider processes all technical data necessary for the performance of the online communication. This includes in particular IP address, MAC address, device ID, type of device, type and version of operating system, client version, type of camera, microphone or loudspeaker, and type of connection.

If content is exchanged, uploaded, or provided in some way within the tool, this content will also be stored in the tool provider's servers. Such content includes in particular cloud recordings, chat/text messages, voicemails, uploaded photos or videos, files, whiteboards, and other information shared during the use of the service. Please be aware that we do not have complete control over the data processing procedures of the tools used. Our options are largely determined by the respective provider's corporate policy. For further information on conference tool data processing, please refer to the data

privacy policies of the respective tools used which we have listed below.

Purpose and legal basis

The conference tools are used in order to communicate with potential or existing contract partners or to offer certain services to our customers (Art 6 (1) (b) GDPR). In addition, the use of the tools serves generally to simplify and accelerate communication with us and our company (legitimate interest in line with Art. 6 (1) (f) GDPR). If consent has been requested, the respective tools are used on the basis of this consent; consent may be revoked at any time with effect for the future.

Retention period

The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you request its erasure, revoke your consent to its storage, or if the purpose for the data storage no longer applies. Cookies stored on your end device remain there until you delete them. Mandatory statutory retention periods remain unaffected.

We have no control over how long your data is stored by the operators of the conference tools for their own purposes. For details, please contact the conference tool operators directly.

Conference tools used by us

We use the following conference tools:

Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Details on data processing can be found in Microsoft Teams' Data Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement

9. Our social media presence

Data processing through social media networks

We maintain public profiles on social networks. The individual social networks can be found below.

Social networks like Facebook, Twitter, etc. can generally make thorough analyses of your user behaviour when you visit their websites or websites with integrated social media content ("Like" buttons or advertising banners). Visiting our social media profiles triggers numerous processing operations relevant to data privacy. Specifically:

If you are logged into your social media account and visit our social media profile, the operator of the social media portal can connect this visit with your user account. Under certain circumstances, your personal data can also be collected when you are not logged in or do not have an account with the respective social media portal. In this case, data collection is carried out for example through cookies stored on your end device or through collection of your IP address.

The data collected this way helps the operator of the social media portal to create user profiles that include your preferences and interests. This enables you to be shown targeted advertising within the respective social media profile as well as elsewhere. If you have an account by the respective social network, the targeted advertising can be shown on all devices which you are or were logged into.

Please also note that we cannot trace all the data processing operations of social media portals. Further processing operations may therefore be carried out by the operators of the social media portals, depending on the provider. More information can be found in the terms of use and data privacy policies of the respective social media portals.

Legal basis

Our social media profiles are intended to ensure as comprehensive an online presence as possible. This involves a legitimate interest as defined by Art. 6 (1) (f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases which must be specified; these must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) (a) GDPR).

Data controller and assertion of rights

When you visit one of our social media profiles (for example Facebook), we, together with the operator of the social medial platform, are responsible for the data processing operations initiated by this visit. You may assert your rights (information, rectification, erasure, restriction of processing, data portability, and complaints) both against us and against the operator of the respective social media portal (for example against Facebook).

Please note that, despite our joint responsibility as controller with the operators of the social media portals, we cannot fully control the data processing operations of the social media portals. Our options are largely determined by the respective provider's corporate policy.

Retention period

The data collected directly by us via the social media profiles will be deleted from our systems as soon as you request its erasure, revoke your consent to its storage, or if the purpose for the data storage no longer applies. Cookies stored on your end device remain there until you delete them. Mandatory statutory provisions – in particular, retention periods – remain unaffected.

We have no control over how long your data is stored by the operators of the social networks for their own purposes. For more information, please contact the operators of the social networks directly (for example in their data privacy policies: see below).

Individual social networks

Facebook

We maintain a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, Facebook states that the data collected is also transferred to the USA and other third countries.

You may change the advertising settings in your user account yourself. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

The data transmission to the USA is based on the standard contractual clauses of the European Commission. Details can be found at: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Details can be found in Facebook's Data Privacy Policy: https://www.facebook.com/about/privacy/.

Twitter

We maintain a profile on Twitter. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

You may change the data privacy settings in your Twitter user account yourself. To do so, click on the following link and log in: https://twitter.com/personalization.

The data transmission to the USA is based on the standard contractual clauses of the European Commission.

Details can be found at: https://gdpr.twitter.com/en/controller-to-controller-transfers.html. Details can be found in Twitter's Data Privacy Policy: https://twitter.com/de/privacy.

Instagram

We maintain a profile on Instagram. The provider is Instagram Inc., 1601 Amphitheatre Parkway, Mountain View, CA, 94025, USA.

The data transmission to the USA is based on the standard contractual clauses of the European Commission. Details can be found at: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.

Details on the handling of your personal data can be found in Instagram's Data Privacy Policy: https://help.instagram.com/519522125107875.

LinkedIn

We maintain a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you wish to disable LinkedIn's advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

The data transmission to the USA is based on the standard contractual clauses of the European Commission. Details can be found at: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

Details on the handling of your personal data can be found in LinkedIn's Data Privacy Policy: https://www.linkedin.com/legal/privacy-policy.