Privacy policy

1. Data protection at a glance

General notes

The following notices provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.

Data collection on this website

Who is responsible for the data collection on this website?

Data processing on this website is carried out by the website operator. You can find the contact details of the website operator in the section “Information on the data controller” in this data protection declaration.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may be data that you enter in a contact form, for example.

Other data is collected automatically or with your consent by our IT
systems when you visit the website. This is mainly technical data (e.g. internet browser, operating system or time of
page access). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Part of the data is collected to ensure error-free provision of the website. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?

You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have a right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time with regard to this and other questions on the subject of data protection.

Third-party analysis tools and tools

When visiting this website, your surfing behaviour may be statistically analysed. This is mainly done with so-called analysis programmes.

Detailed information on these analysis programmes can be found in the following data protection declaration.

2. Hosting

We host the content of our website with the following provider:

Strato

The provider is Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin (hereinafter “Strato”). When you visit our
website, Strato collects various log files including your IP addresses.

For further information, please refer to Strato’s privacy policy:
https://www.strato.de/datenschutz/.

The use of Strato is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the most reliable presentation of our website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent
includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

3. General notes and mandatory information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

When you use this website, various personal data are collected.
Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

Note on the responsible body

The data controller for this website is:

Helena Bachmann
Schlehdorn 27
37434 Rhumspringe

Phone: +49 (0) 175/6026492
E-mail: Hello@helenabachmann.de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

We are available to answer any questions, concerns or requests relating to data protection and your data protection rights. If you would like to request information, exercise your data protection rights or have concerns about the processing of your personal data, you can contact us using the contact details provided.

Our data protection team will endeavour to respond to your enquiries in a timely manner and assist you with any data protection concerns. We value your trust and are committed to ensuring that your data protection rights and concerns are appropriately addressed. Please do not hesitate to contact us if you have any questions or concerns.

Storage period

Unless a more specific retention period is stated within this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be
deleted once these reasons no longer apply.

Note on data transfer to the USA

Among other things, tools from companies based in the USA are integrated on our website. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country in the sense of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO if special categories of data are processed according to Art. 9 para. 1 DSGVO. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 (1) a DSGVO. If you have consented to the storage of cookies or to the access to information in your terminal device (e.g. via device fingerprinting), the data processing is additionally carried out on the basis of Section 25 (1) TTDSG. This consent can be revoked at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b DSGVO. Furthermore, if your data is required for the fulfilment of a legal obligation, we process it on the basis of Art. 6 para. 1 lit. c DSGVO. Furthermore, the data processing may be
carried out on the basis of our legitimate interest according to Art. 6 para. 1 lit. f DSGVO. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this data protection declaration.

Recipients of personal data

In the course of our business activities, we cooperate with various external bodies. In some cases, this also requires the transfer of personal data to these external bodies. We only disclose personal data to external bodies if this is necessary in the context of the performance of a contract, if we are legally obliged to do so (e.g. disclosure of data to tax authorities), if we have a legitimate interest in the disclosure pursuant to Art. 6 (1) lit. f DSGVO or if another legal basis permits the disclosure of data. When using processors, we only disclose personal data of our customers on the basis of a valid contract on commissioned processing. In the case of joint processing, a joint processing contract is concluded.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to the collection of data in specific cases and to direct marketing (Art. 21 GDPR)

If the data processing is based on Art. 6 (1) e or f DSGVO, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Article 21(1) of the GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct advertising (objection pursuant to Art. 21 (2) DSGVO).

Right of appeal to the competent supervisory authority

In the event of breaches of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to any other administrative or judicial remedy.

Lower Saxony Data Protection Authority

State Commissioner for Data Protection: Barbara Thiel
Address: Prinzenstraße 5, 30159 Hanover
Phone: +49 5 11/120-45 00
E-mail address: poststelle@lfd.niedersachsen.de
Website: https://lfd.niedersachsen.de/startseite/

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Information, correction and deletion

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, a right to correction or deletion of this data. You can contact us at any time for this purpose and for further questions on the subject of personal data.

Right to restrict processing

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
  • If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of erasure.
  • If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
  • If you have lodged an objection pursuant to Art. 21 (1) DSGVO, a balancing of
    your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data may – apart from being stored – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Changes to the privacy policy

Please be advised that our Privacy Policy may be updated from time to time to reflect current legal requirements and our privacy practices. These updates may include changes to the information on data processing, privacy practices or other relevant areas of our privacy policy.

We will post any material changes to our privacy policy on this website, indicating the date of the last update. It is therefore advisable to check this page regularly for updates to ensure that you are always kept up to date with our privacy practices.

The last update took place on 06.09.2023.

If we make material changes that affect the way we process personal data or otherwise affect your data protection rights, we will also communicate this in an appropriate way, for example by email or notifications on our website.

Your continued use of our Services following the posting of changes to our Privacy Policy means that you accept and agree to those changes. If you do not agree with these changes, you have the right to stop using our services and are welcome to contact us to discuss your concerns. We appreciate your trust in our privacy practices and wille ndeavour to provide you with appropriate notice of any changes.

4. Data collection on this website

Cookies

Our internet pages use so-called “cookies”. Cookies are small data packets and do not cause any damage to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services of third-party companies within websites (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies can be used to evaluate user behaviour or for advertising purposes.

Cookies that are necessary to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping basket function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 (1) lit. f DSGVO, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimised provision of its services. Insofar as consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

You can find out which cookies and services are used on this website in this privacy policy.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources.

The collection of this data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – for this purpose, the server log files must be collected.

Contact form

If you send us enquiries via the contact form, the information you provide in the enquiry form, including the contact details you enter there, will be stored by us for the purpose of processing the enquiry and in case of follow-up enquiries. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b DSGVO if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO) if this has been requested; the consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your enquiry). Mandatory legal provisions – in particular retention periods – remain unaffected.

Request by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b DSGVO if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO) if this has been requested; the consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

Communication via WhatsApp Messenger

We use the WhatsApp messenger for communication purposes and ask you to observe the following information on the functionality, encryption, risks of WhatsApp, use of metadata within the Facebook group of companies and your objection options.

You do not have to use WhatsApp and can contact us in alternative ways, e.g. via telephone or email. Please use the contact options provided to you or use the contact options provided on our website.

WhatsApp (WhatsApp Inc. WhatsApp Legal 1601 Willow Road Menlo Park, California 94025, USA) is a US service, which means that the data you send via WhatsApp may first be transmitted to WhatsApp in the USA before being sent to us.

However, WhatsApp is certified under the Privacy Shield agreement and therefore assures to comply with European and Swiss data protection law https://www.privacyshield.gov/participant id=a2zt00000011sfnAAA&status=Active.

WhatsApp also assures that the communication content (i.e. the content of your message and attached images) is encrypted end-to-end. This means that the content of the messages cannot be viewed, not even by WhatsApp itself. You should always use an up-to-date version of WhatsApp to ensure that the encryption of the message content is guaranteed.

However, we would like to point out to our communication partners that WhatsApp cannot see the content, but can find out that and when communication partners are communicating with us as well as process technical information about the device used by the communication partners and, depending on the settings of their device, also location information (so-called metadata). With the exception of encrypted content, the communication partners’ data may be transmitted within the Facebook group of companies, in particular for the purpose of optimising the respective services and for security purposes. Likewise, communication partners should assume, at least as long as they have not objected to this, that their data processed by WhatsApp can be used for marketing purposes or display of advertising tailored to users.

If we ask communication partners for consent before communicating with them via WhatsApp, the legal basis of our processing of their data is Art. 6 para. 1 lit. a. DSGVO. Otherwise, if we do not ask for consent and they contact us on their own initiative, for example, we use WhatsApp in relation to our contractual partners as well as in the context of initiating a contract as a contractual measure pursuant to Art. 6 para. 1 lit. b. DSGVO and in the case of other interested parties and communication partners on the basis of our legitimate interests in fast and efficient communication and meeting the needs of our communication partners in communication via messengers pursuant to Art. 6 para. 1 lit. f. DSGVO.

Further information on the purposes, types and scope of the processing of your data by WhatsApp, as well as the relevant rights and settings options for protecting your privacy, can be found in WhatsApp’s privacy policy: https://www.whatsapp.com/legal.

You can object to communication with us via WhatsApp at any time. In the case of subscribing to messages (also known as “broadcasts”) via WhatsApp, you can delete our corresponding phone number from their contacts as well as request us to remove your contact from our directory. In the case of ongoing individual enquiries or communications, you can also request us not to continue the communication via WhatsApp as well as delete the communication content.

In the case of communication via WhatsApp, we delete the WhatsApp messages as soon as we can assume that we have answered any information provided by the user, if no reference to a previous conversation is to be expected and the deletion does not conflict with any statutory retention obligations.

Furthermore, we would like to point out that we do not transmit the contact data provided to us to WhatsApp without your consent (e.g. by contacting you via WhatsApp).

Finally, we would like to point out that we reserve the right not to answer enquiries via WhatsApp for reasons of your security. This is the case if, for example, contractual internals require special confidentiality or an answer via the messenger does not meet the formal requirements. In such cases, we refer you to more adequate communication channels.

Customer data

What is customer data?

In order to be able to offer our service or our contractual services, we also process data of our customers and business partners. This data always includes personal data. Customer data is all information that is processed on the basis of a contractual or pre-contractual cooperation in order to be able to provide the services offered. Customer data is therefore all collected information that we collect and process about our customers.

Why do we process customer data?

There are many reasons why we collect and process customer data. The most important is that we simply need different data to provide our services. Sometimes your email address is enough, but if you purchase a product or service, for example, we also need data such as your name, address, bank details or contract details. We also use the data for marketing and sales optimisation so that we can improve our overall service to our customers. Another important point is our customer service, which is always very important to us. We want you to be able to come to us at any time with questions about our offers, and for this we need at least your e-mail address.

What data is processed?

The exact data that is stored can only be described here on the basis of categories. This always depends on the services you receive from us. In some cases, you only give us your e-mail address so that we can contact you or answer your questions, for example. In other cases, you purchase a product or service from us and we need much more information, such as your contact details, payment details and contract details.

Here is a list of possible data we receive from you and process:

  • Name
  • Contact address
  • E-mail address
  • Telephone number
  • Date of birth
  • Payment data (invoices, bank data, payment history etc.)
  • Contract data ( term, content)
  • Usage data (websites visited, access data, etc.)
  • Metadata (IP address, device information)

How long will the data be stored?

As soon as we no longer need the customer data to fulfil our contractual obligations and our purposes and the data is also no longer necessary for possible warranty and liability obligations, we delete the corresponding customer data. This is the case, for example, when a business contract ends. After that, the limitation period is usually 3 years, although longer periods are possible in individual cases. Of course, we also comply with the statutory retention obligations. Your customer data will certainly not be passed on to third parties unless you have explicitly given your consent.

Legal basis

The legal basis for processing your data is Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. b DSGVO (contract or pre-contractual measures), Art. 6 para. 1 lit. f DSGVO (legitimate interests) and in special cases (e.g. medical services) Art. 9 para. 2 lit. a. DSGVO (processing of special categories).

In the case of the protection of vital interests, data processing is carried out in accordance with Art. 9 para. 2 lit. c. DSGVO. For the purposes of health care, occupational medicine, medical diagnosis, health or social care or treatment, or for the management of health or social care systems and services, the processing of personal data is carried out in accordance with Art. 9 para. 2 lit. h. DSGVO. If you voluntarily provide special category data, the processing is based on Art. 9 (2) lit. a. DSGVO.

PicDrop

For the selection and provision of their images, we work together with PicDrop GmbH. PicDrop is an online gallery that allows you to store and mark image data online and to access and share them in the form of variable galleries. We store personal image data there; this image data is password-protected and can only be accessed via a secure link, which we carefully generate for each customer and send to them by e-mail. Each image gallery has a separate link and password. Access is only possible with a password and the corresponding secure link. We send these access data (password and secure link) only to the designated customers; we do not assume any liability for forwarding the access data. Calling up (https://www.picdrop.de/web/) automatically triggers a connection to the operator of PicDrop.

PicDrop has its registered office in 10247 Berlin, Scharnweberstraße 30. The processing and use of data generally takes place in the territory of the Federal Republic of Germany, in a member state of the European Union or in another state party to the Agreement on the European Economic Area. By agreeing to these data protection provisions, we assume that you consent to the use of these data services. PicDrop GmbH itself is the responsible party for data protection within the meaning of the EU-DSGVO https://www.picdrop.de/web/privacy/.

5. Social media

Facebook

Elements of the social network Facebook are integrated on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

An overview of Facebook social media elements can be found here:
https://developers.facebook.com/docs/plugins/?locale=de_DE.

When the social media element is active, a direct connection is established between your end device and the Facebook server. Facebook thereby receives the information that you have visited this website with your IP address. If you click the Facebook “Like” button while you are logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please see Facebook’s privacy policy at:
https://de-de.facebook.com/privacy/explanation.

Insofar as consent has been obtained, the above-mentioned service is used on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 TTDSG. The consent can be revoked at any time. Insofar as no consent has been obtained, the use of the service is based on our legitimate interest in achieving the greatest possible visibility in social media.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the data protection-secure implementation of the tool on our website. Facebook is responsible for the data security of the Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Any company certified under the DPF undertakes to comply with these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

Instagram

Functions of the Instagram service are integrated on this website. These functions are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

An Instagram banner is embedded on this website, when you click on it, data may be transmitted to Instagram.

When the social media element is active, a direct connection is established between your end device and the Instagram server. Instagram thereby receives information about your visit to this website.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.

Insofar as consent has been obtained, the above-mentioned service is used on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 TTDSG. The consent can be revoked at any time. Insofar as no consent has been obtained, the use of the service is based on our legitimate interest in achieving the greatest possible visibility in social media.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook or Instagram. The processing by Facebook or Instagram that takes place after the forwarding is not part of the joint responsibility. Our joint obligations have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook or Instagram tool and for the
data protection-secure implementation of the tool on our website. Facebook is responsible for the data security of the Facebook and Instagram products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum,
https://help.instagram.com/519522125107875 and
https://de-de.facebook.com/help/566994660333381.

For more information, please see Instagram’s privacy policy:
https://instagram.com/about/legal/privacy/.

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Any company certified under the DPF undertakes to comply with these data protection standards. For more information, please contact the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

6. Plugins and tools

Google Analytics

This website uses the “Google Analytics” service provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to analyse website usage by users. The service uses “cookies” – text files that are stored on your terminal device. The information collected by the cookies is usually sent to a Google server in the USA and stored there.

IP anonymisation is used on this website. The IP address of the user is shortened within the member states of the EU and the European Economic Area. This shortening eliminates the personal reference of your IP address. Under the terms of the data sharing agreement between the website operators and Google Inc., Google Inc. uses the information collected to evaluate website usage and activity and to provide services relating to internet usage.

You have the option of preventing the cookie from being stored on your device by making the appropriate settings in your browser. It is not guaranteed that you will be able to access all functions of this website without restrictions if your browser does not allow cookies.

Furthermore, you can use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to and used by Google Inc. The following link will take you to the corresponding plugin: https://tools.google.com/dlpage/gaoptout?hl=de
 Here you will find further information on data use by Google Inc.: https://support.google.com/analytics/answer/6004245?hl=de

Wordfence

We have integrated Wordfence on this website. The provider is Defiant Inc, Defiant, Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter Wordfence).

Wordfence is used to protect our website from unwanted access or malicious cyberattacks. For this purpose, our website establishes a permanent connection to Wordfence’s servers so that Wordfence can check its databases against the accesses made to our website and block them if necessary.

The use of Wordfence is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting his website as effectively as possible against cyberattacks. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.wordfence.com/help/general-data-protection-regulation/.

Akismet

We use Akismet, an anti-spam solution for WordPress, for our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

Akismet also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of the data processing.

Akismet and WordPress use so-called standard contractual clauses (= Art. 46 para. 2 and 3 DSGVO) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, WordPress undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Data Processing Agreements, which refer to the standard contractual clauses, can be found at https://wordpress.com/support/data-processing-agreements/.

You can find out more about the data processed through the use of Akismet or WordPress in the privacy policy at https://automattic.com/de/privacy/.

UpdraftPlus

We use UpdraftPlus, a backup and security system for our website. The service provider is Updraft WP Software Ltd. 11 Barringer Way, St. Neots, PE19 1LW, Cambridgeshire, United Kingdom.

Due to the UK’s withdrawal from the European Union, the GDPR is also no longer applicable to data transfers there. However, the European Commission has decided on the basis of Art. 45 GDPR that the UK offers an adequate level of protection compared to the GDPR. The data transfer there is therefore permissible. You can view the decision here (download): https://ec.europa.eu/info/sites/default/files/decision_on_the_adequate_protection_of_personal_data_by_the_united_kingdom_-_general_data_protection_regulation_de.pdf

You can find out more about the data processed through the use of UpdraftPlus in the Privacy Policy at https://updraftplus.com/data-protection-and-privacy-centre/.

WordPress

We use the well-known content management system WordPress.com for our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

What is WordPress?

WordPress is one of the most popular content management systems (CMS) in the world. A CMS is software that helps us design our website and display content in a beautiful and orderly way. The content can be text, audio and video.
Through the use of WordPress, personal data may also be collected from you, stored and processed. As a rule, mainly technical data such as operating system, browser, screen resolution or hosting provider are stored. However, personal data such as IP address, geographical data or contact details may also be processed.

Why do we use WordPress?

Programming is not one of our core competences. Nevertheless, we want to have a powerful and attractive website that we can also manage and maintain ourselves. With a website builder or content management system like WordPress, that is exactly what is possible. With WordPress, we don’t have to be programming aces to offer you a beautiful website. Thanks to WordPress, we can operate our website quickly and easily even without any previous technical knowledge. If technical problems arise or we have special wishes for our website, there are always our experts who feel at home in HTML, PHP, CSS and Co.

How secure is the data transfer with WordPress?

WordPress also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the lawfulness and security of data processing.
WordPress uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular the USA) or a transfer of data there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, WordPress undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Data Processing Agreements, which correspond to the standard contractual clauses, can be found at https://wordpress.com/support/data-processing-agreements/.

You can find out more about the data processed through the use of WordPress.com in the privacy policy at https://automattic.com/de/privacy/.

Google Site Kit

What is Google Site Kit?

We have integrated the WordPress plugin Google Site Kit of the American company Google Inc. into our website. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With Google Site Kit, we can quickly and easily view statistics that come from various Google products such as Google Analytics directly in our WordPress dashboard. The tool or the tools integrated in Google Site Kit also collect personal data from you, among other things. In this privacy policy, we explain why we use Google Site Kit, how long and where data is stored and which other data protection texts are relevant for you in this context.

Google Site Kit is a plugin for the WordPress content management system. With this plugin, we can view important website analytics statistics directly in our dashboard. These are statistics that are collected by other Google products. First and foremost, Google Analytics. In addition to Google Analytics, the services Google Search Console, Page Speed Insight, Google AdSense, Google Optimize and Google Tag Manager can also be linked to Google Site Kit.

Why do we use Google Site Kit on our website?

As a service provider, it is our job to offer you the best possible experience on our website. You should feel comfortable on our website and find exactly what you are looking for quickly and easily. Statistical evaluations help us to get to know you better and to adapt our offer to your wishes and interests. We use various Google tools for these evaluations. Site Kit makes our work much easier in this respect because we can view and analyse the statistics of the Google products right in the dashboard. We no longer have to register for the respective tool. Site Kit thus always provides a good overview of the most important analysis data.

What data is stored by Google Site Kit?

If you have actively consented to tracking tools in the cookie notice (also called script or banner), Google products such as Google Analytics will set cookies and send data about you, such as your user behaviour, to Google, where it will be stored and processed. This also includes personal data such as your IP address.

For more detailed information on the individual services, we have separate text sections in this privacy policy. For example, take a look at our privacy policy on Google Analytics. Here we go into great detail about the data collected. You will learn how long Google Analytics stores, manages and processes data, which cookies can be used and how you can prevent data storage. We also have our own privacy statements with comprehensive information for other Google services such as Google Tag Manager or Google AdSense.

How long and where is the data stored?

Google stores collected data on its own Google servers, which are distributed worldwide. Most servers are located in the United States and therefore it is easily possible that your data is also stored there. At https://www.google.com/about/datacenters/locations/?hl=de you can see exactly where the company provides servers.

Data collected by Google Analytics is retained for a standard period of 26 months. After this period, your user data is deleted. The retention period applies to all data linked to cookies, user recognition and advertising IDs.

How can I delete my data or prevent data storage?

You always have the right to obtain information about your data, to have your data deleted, corrected or restricted. In addition, you can also deactivate, delete or manage cookies in your browser at any time.

If you basically want to deactivate, delete or manage cookies, you will find the corresponding links to the respective instructions of the most popular browsers under the section “Cookies”.

Legal basis

The use of Google Site Kit requires your consent, which we have obtained with our cookie pop-up. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data, as may occur during the collection by web analytics tools.

In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors in order to improve our services technically and economically. With the help of Google Site Kit, we detect website errors, can identify attacks and improve the economic efficiency. The legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use Google Site Kit if you have given your consent.

Google also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of the data processing.

Google uses so-called standard contractual clauses (= Art. 46 para. 2 and 3 DSGVO) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular the USA) or for data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

To learn more about Google’s data processing, we recommend that you read Google’s comprehensive privacy policy at https://policies.google.com/privacy?hl=de.

Yoast SEO

We use the analytics tool Yoast SEO WordPress Plugin for our website. The service provider is the Dutch company Yoast BV, Don Emanuelstraat 3, 6602 GX Wijchen, the Netherlands.

Yoast SEO is a plugin that we use to optimise the SEO functionality of our website. The plugin can process metadata and other information related to our content to improve the visibility of our website in search engines.

The data processed by Yoast SEO is not personal and is not used to identify individual users. It is used solely to improve the SEO performance of our website.

Please note that these plugins are developed and maintained by third-party providers, and we encourage you to review their privacy policies for more information about their privacy practices. If you have any questions or concerns about the use of these plugins or your data, please do not hesitate to contact us. Your privacy and data are important to us and we are committed to taking appropriate protective measures.

You can find out more about the data processed through the use of Yoast SEO WordPress Plugin in the privacy policy at https://yoast.com/privacy-policy/.

Cookie Consent Management Platform

What is a Cookie Consent Management Platform?

We use Consent Management Platform (CMP) software on our website to help us and you deal correctly and safely with scripts and cookies in use. The software automatically creates a cookie pop-up, scans and checks all scripts and cookies, provides cookie consent for you as required by data protection law and helps us and you to keep track of all cookies. With most cookie consent management tools, all existing cookies are identified and categorised. You as a website visitor then decide yourself whether and which scripts and cookies you allow or do not allow. The following graphic illustrates the relationship between browser, web server and CMP.

Why do we use a cookie management tool?

Our goal is to offer you the best possible transparency in the area of data protection. In addition, we are also legally obliged to do so. We want to inform you as well as possible about all tools and all cookies that can store and process data from you. It is also your right to decide for yourself which cookies you accept and which you do not. In order to grant you this right, we first need to know exactly which cookies have ended up on our website in the first place. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we know about all cookies and can provide you with DSGVO-compliant information about them. You can then accept or reject cookies via the consent system.

What data is processed?

Within the framework of our cookie management tool, you can manage each individual cookie yourself and have complete control over the storage and processing of your data. The declaration of your consent is stored so that we do not have to query you each time you visit our website again and we can also prove your consent if required by law. This is stored either in an opt-in cookie or on a server. Depending on the provider of the cookie management tool, the storage period of your cookie consent varies. In most cases, this data (e.g. pseudonymous user ID, time of consent, details of cookie categories or tools, browser, device information) is stored for up to two years.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. In general, we only process personal data for as long as is strictly necessary for the provision of our services and products. Data stored in cookies are stored for different lengths of time. Some cookies are already deleted after you leave the website, others may be stored in your browser for several years. The exact duration of data processing depends on the tool used, but in most cases you should be prepared for a storage period of several years. In the respective data protection declarations of the individual providers, you will usually receive precise information about the duration of data processing.

Right of objection

You also have the right and the possibility to revoke your consent to the use of cookies at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating or deleting cookies in your browser.

Information on special cookie management tools, if available, can be found in the following sections.

Legal basis

If you consent to cookies, your personal data will be processed and stored via these cookies. If we are allowed to use cookies through your consent (Article 6 (1) (a) DSGVO), this consent is also the legal basis for the use of cookies or the processing of your data. In order to be able to manage the consent to cookies and to enable you to give your consent, we use cookie consent management platform software. The use of this software enables us to efficiently operate the website in a legally compliant manner, which constitutes a legitimate interest (Article 6 (1) (f) DSGVO).

CookieYes | GDPR Cookie Consent

CookieYes | GDPR Cookie Consent is a plugin we use to obtain and manage user consent for the use of cookies on our website. We use cookies to improve the functionality of our website and optimise the user experience. By using this plugin, certain information is collected, including users’ consent to the use of cookies.

We respect your privacy and your choices regarding cookies. You can change your cookie settings or withdraw your consent at any time by visiting the cookie policy on our website.

You can find out more about the data processed through the use of CookieYes | GDPR Cookie Consent Plugin in the privacy policy at https://www.cookieyes.com/privacy-policy/.

Source:
https://www.e-recht24.de & https://www.adsimple.de/