Our privacy policy

Thank you for your interest in our website and the offers of lennartgehl.com GmbH. Of course, the protection of your personal data during your visit to our website is also important to us.

1. Overview

With the following data protection information, we inform you about the type and scope of the processing of personal data. We collect and use personal data of visitors to our website only to the extent necessary to make the website as well as our content and services functional and to make them conveniently usable for visitors.

Personal data is regularly processed only with the consent of the visitor. In addition, processing may take place if prior consent cannot be obtained for factual reasons and data processing is permitted by legal regulations – in particular by the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG 2018).

According to Article 4 (1) GDPR, "personal data" means any information relating to an identified or identifiable natural person ("data subject"). This includes, for example, the name, address, date of birth, e-mail address and telephone number.

According to Article 4 No. 2 GDPR, "processing" means any operation or set of operations carried out with or without the help of automated procedures in connection with personal data (e.B. the collection, storage, use or disclosure).

According to Art. 4 No. 7 GDPR, "controller" is the natural or legal person, public authority, agency or other body that alone or jointly with others decides on the purposes and means of the processing of personal data.

 

2. Name and contact details of the person responsible

Responsible for data processing when visiting and using this website is:

lennartgehl.com GmbH
represented by the managing director
Lennart Maximilian Gehl
Hans-Henny-Jahnn-Weg 53
22085 Hamburg, Germany
represented by the managing director Lennart Maximilian Gehl

Phone: +49 176 40781724
lg@lennartgehl.com  

3. Processing of data when visiting and using our website

3.1 Storage of access data in http log files

This website is hosted by Squarespace. Squarespace collects personal information when you visit this website. These include. This data is as follows:

-                  IP address of the requesting computer
-                  browser software used as well as its version and language
-                  Operating system of the requesting computer
-                  Date and time of access
-                  Name and URL of the retrieved page or file
-                  Website from which access is made
-                  Zugriffsstatus/http-Statuscode
-                  Amount of data transferred in each case

 

Type and purposes of data processing:

This data is temporarily stored in its own log file. This initially serves the purpose of permanently ensuring system security and stability and enabling technical administration in order to ensure trouble-free connection establishment and operation of our website as well as its comfortable use. In addition, this data is evaluated for internal administrative and statistical purposes in order to improve our online offer. A combination of this data with other data or data sources, which would allow conclusions to be drawn about your person, will not be made.

Squarespace also needs the data to operate this website and to protect and improve its platform and services. Squarespace analyzes the data in a depersonalized form.

Legal basis:

The legal basis for this processing is Article 6 (1) sentence 1 (f) GDPR. With this data processing, we pursue the legitimate interest of maintaining the operational security of our website in order to be able to provide this website and the information contained therein in a trouble-free and comfortable manner.

Storage period:

The data will be deleted as soon as they are no longer required to achieve the aforementioned purposes for their collection. In the case of the collection of data for the provision of our website, the data will therefore be deleted when the respective session has ended. Otherwise, the data will be deleted regularly after seven days at the latest.

 

3.2 Cookies

Type and purposes of data processing and storage period:

When you visit our website, so-called "cookies" are also stored on your device or data carrier. Cookies are text or information files that your Internet browser automatically stores on your device when you visit our website. They contain certain data or settings that are exchanged between your Internet browser and our system. This is mainly information about which subpages of our Website are called up and how often.

The information generated or passed on by means of cookies is not personal data. You cannot therefore be personally identified on the basis of this information. Cookies also cannot run programs or damage your device. Rather, cookies are used to compile statistics on the use of our website and thus to optimize it.

On the one hand, the use of cookies serves to make the use of our offer more pleasant or easier for you. Some functions of our website cannot be offered without the use of cookies; for these it is necessary that the browser is recognized after a page change. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after leaving our website.

In addition, to optimize user-friendliness, we use temporary cookies that are stored on your device for a certain specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.

In addition, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies allow us to automatically recognize that you have already been with us when you visit our site again. The use of such analysis cookies is for the purpose of improving the quality of our website and its contents. Through the analyses, we learn how the website is used and can thus constantly optimize our offer. These cookies are automatically deleted after a defined period of time.

The data of the visitors collected in this way are pseudonymized by technical precautions. The data is not stored together with other personal data of the visitors. Therefore, it is no longer possible to assign the data to the calling visitor.

A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, cookies are again distinguished between:

 

- Technical cookies: these are strictly necessary to move around the website, to use basic functions and to ensure the security of the website; they do not collect information about you for marketing purposes, nor do they store which websites you have visited.

- Performance cookies: These collect information about how you use our website, which pages you visit and e.B whether errors occur when using the website; they do not collect any information that could identify you – all information collected is anonymous and is only used to improve our website and find out what interests our users;

- Advertising cookies, targeting cookies: These are used to offer the website user needs-based advertising on the website or offers from third parties and to measure the effectiveness of these offers; Advertising and targeting cookies are stored for a maximum of 13 months

- Sharing cookies: These are used to improve the interactivity of our website with other services (e.B. social networks); Sharing cookies are stored for a maximum of 13 months.


The following cookies are used:

_acloggedin
This cookie supports the scheduling customer's login if the customer has an account
Until 01.01.2025

_client_acloggedin
This cookie supports the scheduling customer's login if the customer has an account
Until 01.01.2025

CART
This cookie indicates when a visitor places a product in their shopping cart
2 weeks

CHECKOUT_WEBSITE
This cookie Identifies the correct website for checkout if Checkout is disabled on your domain.
Until the end of the session

client_username
This cookie remembers the username of a logged-in scheduling customer between visits.
one year

Crumb
This cookie prevents the browser from performing unwanted actions in an application when someone is logged in ("Cross-Site Request Forgery")
Until the end of the session

hasCart
This cookie tells Squarespace that the visitor has a shopping cart.
2 weeks

Locked
This cookie prevents the password protection screen from appearing when a visitor enters the correct password for the entire website
Until the end of the session

PHPSESSID
This cookie securely authenticates a visitor during the payment process in scheduling.
one month

RecentRedirect
This cookie prevents redirect loops when a website has custom URL redirects.
30 minutes

remember_client
This cookie remembers the scheduling customer's credentials when they have an account.
365 days

siteUserCrumb
This cookie prevents "Cross-Site Request Forgery" (see above) for registered site visitors.
3 years

SiteUserInfo
This cookie identifies a visitor who logs in to a customer account.
3 years

SiteUserSecureAuthToken
This cookie authenticates a visitor who logs in to a customer account.      
3 years

ss_cookieAllowed
This cookie remembers whether a visitor has consented to the placement of analytics cookies in their browser when a website restricts the placement of cookies.
30 days

ss_sd
This cookie ensures that visitors to the Squarespace 5 platform remain authenticated during their sessions.
Until the end of the session

Test
This cookie checks whether the browser supports cookies and prevents errors.
Until the end of the session

 

 In addition to cookies, we also use the so-called local storage technology (also called "local data" and "local storage").  Data is stored locally in the cache of your browser, which continues to exist and can be read even after closing the browser window or terminating the program - unless you delete the cache.

 

Furthermore, we use the so-called session storage technology. This enables the temporary storage of session-related and short-lived data.

 

Local Storage makes it possible for your preferences when using the website to be stored on your computer and used by you.  Third parties cannot access the data stored in the local storage. They will not be passed on to third parties and will not be used for advertising purposes.

 

The following licual or temporary data is used:

algoliasearch-client-js
This data adds auto-filled suggestions to address fields in Scheduling to help customers fill out forms faster.
durable

Commerce-checkout-state
This data stores the status of the checkout while the visitor completes his order in PayPal.
Until the end of the session

squarespace-announcement-bar
this data prevents the message bar from appearing when a visitor closes it
durable

squarespace-likes
This data shows you whether you have already marked a blog entry with a "Like"
durable

squarespace-popup-overlay
This data prevents the advertising pop-up from being displayed when a visitor closes it
durable

TC
This data allows the correct display of a scheduling customer's appointments based on the time zone settings.
durable


Legal basis:

Any use of cookies that are not absolutely technically necessary constitutes data processing that is only permitted with your express and active consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. This applies in particular to the use of advertising, targeting or sharing cookies. In addition, we only pass on your personal data processed by cookies to third parties if you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

Cookies that are required to carry out the electronic communication process or to provide certain functions desired by you (e.B. shopping cart function) are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services.

We use the local and session storage techniques in our legitimate interest in order to be able to make you an attractive fully functional offer on the basis of Article 6 (1) (f) GDPR.

Possibility of objection with regard to the storage of cookies or  Local and Session Storage Techniques:

You can also use our website without cookies; however, we would like to point out that you may then no longer be able to use all the services or functionalities of our Website in full.

You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent to you. You can also delete cookies at any time via the corresponding browser setting and prevent the setting of new cookies; please contact your respective browser provider for more information. You can usually deactivate cookies via deactivation links.

 

3.3 Google Analytics (Universal)

Type and purposes of data processing:

Our website uses functions of the web analysis service Google Analytics (Universal). The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyse the behaviour of website visitors. In this case, the website operator receives various usage data, such as .B page views, length of stay, operating systems used and origin of the user. This data may be summarized by Google in a profile that is assigned to the respective user or his device. Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.B. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there.

Anonymization and storage period:

We only use Google Analytics (Universal) with activated IP anonymization. This means that the IP address of the users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

You can prevent the collection and processing of your data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

More information on the handling of user data by Google Analytics (Universal) can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de. Data stored by Google at the user and event level, which is associated with cookies, user identifiers (e.B. User ID) or advertising IDs (e.B.  DoubleClick cookies, Android advertising ID) are anonymized or deleted after 14 months. Details can be found under the following link: https://support.google.com/analytics/answer/7667196?hl=de

Legal basis:

The use of this analysis tool takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; we ask for consent to the storage of cookies. This consent can be revoked at any time with effect for the future.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

There is an agreement with Google on order processing, which includes the standard data protection clauses of the EU as a basis for data transfer to third countries. More details can be found at: https://privacy.google.com/businesses/processorterms/.

 

3.4 Online advertising

3.4.1 Google Ads

Our website uses the offer of Google Ads Conversion.  The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Type and purpose of data processing:

Google Ads can use advertising media (so-called "Google Ads" formerly "Google AdWords") to draw attention to our attractive offers on external websites. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. We thus pursue the interest of showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs.

These advertising media are delivered by Google via so-called "ad servers". For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the display of ads or clicks by users, can be measured. If you access our website via a Google ad, Google Ads stores a cookie on your device. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that a user no longer wants to be addressed) are usually stored as analysis values.

These cookies allow Google to recognize your Internet browser. If a user visits certain pages of the website of Ads customers and the cookie stored on his computer has not yet expired, Google and the customers can recognize that a user has clicked on the ad and has been redirected to this page. Each Ads customer is assigned a different cookie. Cookies can therefore not be  followed via the websites of Ads customers. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising material, in particular we cannot identify the users on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection to Google's server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: By integrating Ads Conversion, Google receives the information that you have accessed the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that Google will find out and store your IP address.

We use the remarketing function within the Google Ads service. With the remarketing function, we can present users of our website on other websites within the Google advertising network (in Google Search or on YouTube, so-called "Google Ads" or on other websites) advertisements based on their interests. For this purpose, the interaction of users on our website is analyzed, e.B which offers a user has been interested in, in order to be able to display targeted advertising to users on other pages even after visiting our website. For this purpose, Google stores cookies on the end devices of users who visit certain Google services or websites in the Google Display Network. These cookies are used to record the visits of these users. The cookies are used to uniquely identify a web browser on a specific device and not to identify a person.

 

Anonymization and storage period:

You can prevent participation in this tracking procedure in various ways: a) by setting your browser software accordingly, in particular by suppressing third-party cookies, so that you do not receive advertisements from third parties; b) by disabling cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com", https://www.google.de/settings/ads, whereby this setting will be deleted if you delete your cookies; c) by disabling the interest-based ads of the providers that are part of the self-regulatory campaign "About Ads" via the link http://www.aboutads.info/choices , whereby this setting is deleted when you delete your cookies; d) by permanent deactivation in your browsers Firefox, Internet Explorer or Google Chrome under the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all the functions of this offer to their full extent.

The cookies mentioned usually lose their validity after 30 days and are not intended to identify you personally.


Legal basis:

The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. a GDPR. Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html.

 

3.4.2 Facebook Ads

Within our online offer, the so-called "Facebook pixel" of the social network Facebook, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is used.

Type and purpose of data processing:

With the help of the Facebook pixel, Facebook is on the one hand able to determine you as a visitor to our online offer as a target group for the presentation of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.B interests in certain topics or products that are determined on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). "). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not appear annoying. With the help of the Facebook pixel, we can further understand the effectiveness of Facebook advertisements for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook advertisement (so-called "conversion").

Anonymization and storage period:

The data collected is anonymous to us, so it does not allow us to draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy (https://www.facebook.com/about/privacy/). The data may enable Facebook and its partners to place advertisements on and off Facebook.

In principle, Facebook stores data until it is no longer needed for its own services and Facebook products. Facebook has servers all over the world. However, customer data will be deleted within 48 hours after it has been compared with your own user data.

Legal basis:

The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. To exercise your revocation, remove the check mark next to the setting for the "Facebook Pixel" set in the "Cookie Consent Tool" integrated on the website.

Facebook also processes your data in the USA. As a basis for data processing for recipients based in third countries (in particular in the USA), Facebook uses so-called standard contractual clauses, which ensure that European data protection standards are complied with.

For more information, see https://www.facebook.com/about/privacy/.


3.4.3 Instagram Ads

This website uses Instagram Ads, a service Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, through which sponsored advertising content is published on the Instagram platform to reach a larger and more targeted audience.

Type and purpose of data processing:

As part of Instagram Ads, we use retargeting, which allows us to analyze the activities of visitors to our website on or outside of Instagram and Facebook, the location and other demographic data such as the age, gender and language of our website visitors and their interests, e.B apps they use, advertisements they have clicked on or accounts,  that they have subscribed to analyze and find new people who resemble existing customers in order to show you targeted advertising. Instagram may transfer this information to third parties, e.B. US authorities, if this is required by law, or if third parties process this data on behalf of Instagram.

Anonymization and storage period:

Instagram is a company of Facebook Inc. Therefore, you can deactivate the Instagram marketing function under https://www.facebook.com/settings/?tabs=ads# when you log in to your Facebook account. The data collected is anonymous to us, so it does not allow us to draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy (https://www.facebook.com/about/privacy/). The data may enable Facebook and its partners to place advertisements on and off Facebook.

In principle, Facebook stores data until it is no longer needed for its own services and Facebook products. Facebook has servers all over the world. However, customer data will be deleted within 48 hours after it has been compared with your own user data.

Legal basis:

The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time with effect for the future.  Further information on data processing by Facebook via Instagram can be found under https://help.instagram.com/519522125107875.

 

3.4.4 Marketing Solutions

On our website, we use "Marketing Solutions (formerly: LinkedIn Ads)", a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter: "Marketing Solutions").

Type and purpose of data processing:

We use marketing solutions for marketing and optimization purposes, in particular to analyze the use of our website and to be able to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behavior, we can improve our offer and make it more interesting for you as a user.

Anonymization and storage period:

If you are registered with LinkedIn and logged in with your account, LinkedIn will record this visit in your user account. The data collected about you is anonymous to us and does not allow any conclusions to be drawn about individual persons. How much data LinkedIn collects through the use of its insight tag and how LinkedIn reuses this data cannot be influenced by us. You can prevent the collection of the aforementioned information by LinkedIn by setting an opt-out cookie on one of the following linked websites: https://www.linkedin.com/psettings/guest-controls. The cookies are stored for a maximum of 90 days.

Legal basis:

The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. Further information on data protection can be found at: https://www.linkedin.com/legal/privacy-policy.

 

3.4.5 ConvertKit

We use the "ConvertKit" service. The provider of this service is ConvertKit LLC, 750 W Bannock Street 761, Boise, ID 83702, USA.

Type and purpose of data processing:

ConvertKit is an email marketing service that can be used, among other things, to organize and analyze the sending of newsletters, webinar registrations and other user registrations. The data you enter for the purpose of subscribing to the newsletter or other registration will be stored on the ConvertKit servers. ConvertKit stores the data in the USA, among other places.

With the help of ConvertKit, we are able to analyze our newsletter campaigns and the volume of registrations. So we can e.g. For example, see whether a newsletter message has been opened and which links, if any, have been clicked. In this way, we can determine, among other things, which links were clicked particularly often. We can also see whether certain previously defined actions were carried out after opening/clicking (conversion rate). We can e.g. B. recognize whether you have made a purchase after clicking on the newsletter. ConvertKit also enables us to subdivide ("cluster") the newsletter recipients according to different categories. The newsletter recipients and registered persons, e.g. B. by age, gender or place of residence. In this way, the newsletters and webinars, for example, can be better adapted to the respective target groups. If you do not want an analysis by ConvertKit, you must unsubscribe from the newsletter or unsubscribe from the respective service. For this purpose, we provide a corresponding link in every newsletter message or in every confirmation of a registration (e.g. for a webinar or podcast). We will only send you the newsletter or register you if you have given us your prior consent.

You can find ConvertKit's privacy policy at: https://convertkit.com/privacy.

Storage duration:

The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter.

Legal basis:

The legal basis for processing your data is Art. 6 (1) (a) GDPR). You can revoke your consent at any time with effect for the future.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://convertkit.com/security.

3.4.6 Userlike

We use the service "Userlike", a chat software, of the company Userlike UG (haftungsbeschränkt), Probsteigasse 44-46, 50670 Cologne, Germany.

Type and purpose of data processing:

You can use Userlike's chat function such as a contact form to get in touch with our employees in almost real time. When the chat starts, the following data is stored:

  • date and time of the call,

  • Browser type/version,

  • IP address

  • operating system used,

  • URL of the previously visited website,

  • Amount of data sent.

  • First name, surname, and e-mail address (insofar as this data is provided by you)

Depending on the course of the conversation with our employees, further personal data may be generated in the chat, which will be entered by you. The nature of this data depends heavily on your request or the problem you describe to us. The processing of all this data serves to provide you with a fast, reliable and efficient contact option and thus to improve our customer service. The storage of chat data also serves the purpose of ensuring the security of our information technology systems. 

All our employees have been and are trained on the subject of data protection and instructed on the secure and trustworthy handling of customer data.

By visiting the web page www.lennartgehl.com, the chat widget is loaded in the form of a JavaScript file from AWS Cloudfront. The chat widget technically represents the source code that runs on your computer and enables chat.

Userlike is based in the European Union, but uses the servers of Amazon Web Services, so that your data can also be transferred to the USA. The data transfer to the USA is based on the EU standard contractual clauses. Details can be found here: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/. For more information, see Amazon Web Services' Privacy Policy: https://aws.amazon.com/de/privacy/?nc1=f_pr.

Data storage period:

Userlike stores the history of the chats for a period of 30 days. This serves the purpose of possibly sparing you extensive explanations about the history of your request as well as the constant quality control of our chat offer. After that, the history and the above-mentioned data are automatically and irretrievably deleted. If you wish the data to be deleted before the deadline, you are welcome to inform us of this using the contact details listed below. Stored chats will then be deleted by us immediately.

Legal basis:

The use of Userlike is based on Art. 6 para. 1 lit. f GDPR.  If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR. There  is an agreement with Userlike for order processing.

Further information can be found in the data protection regulations (https://www.userlike.com/de/terms#privacy-policy) of Userlike UG (haftungsbeschränkt).

3.5 HubSpot

We use the services of the software manufacturer HubSpot.  HubSpot is a software company from the USA with an office in Ireland (HubSpot European Headquarters, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland).

Type and purpose of data processing:

HubSpot is a service platform. The service used is an integrated software solution that allows us to manage customer data and cover various aspects of our online marketing. So-called "web beacons" are used and cookies are stored on the device you are using.

For example.B the following personal data may be collected: IP address, geographical location, type of browser, duration of the visit, pages accessed.

The information collected and the content of our website are stored on servers of our software partner HubSpot Ireland. We use HubSpot to analyse the use of our website. This allows us to constantly optimize our website and make it more user-friendly.

Anonymization and storage period:

However, we only use your IP address in a shortened version. This means that the IP address of the users is shortened by HubSpot within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a HubSpot server  in the USA and shortened there.

The cookies have a usual lifetime of 13 months. In addition, we delete the personal data collected via HubSpot as soon as the purpose for which it was collected has been achieved, unless the deletion is contrary to statutory retention periods.

Legal basis:

The information generated by the cookie about the use of the online offer by users can usually also be transmitted to a Google server in the USA and stored there. The processing is carried out on the basis of EU standard contractual clauses. In this way, HubSpot offers  a guarantee to comply with European data protection law.

The cookies are stored on the basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent here. Further information can be found here: https://legal.hubspot.com/de/privacy-policy/.


3.6 Docusign

We used the services of Docusign for the creation and transmission of digital signatures for the purpose of concluding a contract. Provider is Docusign, at the address 9 Appold St, London EC2A 2AP, Great Britain.

Type and purpose of data processing:

DocuSign's core product and essential services  assist the user in setting up transactions digitally or electronically, conducting them or demonstrating their effectiveness. In accordance with the wishes of our users, as part of the provision of our services, we collect and document the data that allows the parties to prove the effectiveness of the transactions they have made. This data also includes the persons involved in the business transactions and the end devices used by these persons.

The data collected by this website via Docusign will be stored on servers of the contractor Docusign .

Legal basis:

Docusign has been approved under the terms of Corporate Binding Rules. The use of Docusign is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Further information on the handling of user data can be found at: https://www.docusign.de/unternehmen/datenschutz/.

 

3.7 Hotjar

This website uses the web analysis service Hotjar Provider is Hotjar Ltd., based in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe Tel.: +1 (855) 464-6788).

Type and purpose of data processing:

With this tool, movements on the websites on which Hotjar is used can be traced (so-called "Hotjar").  Heatmaps). For example, it is possible to see how far users scroll and which buttons users click on and how often. Furthermore, it is also possible to obtain feedback directly from the users of the website with the help of the tool. In this way, we gain valuable information to make our websites even faster and more customer-friendly.

Anonymization:

When using this tool, we pay particular attention to the protection of your personal data. So we can only understand which buttons you click on and how far they scroll. Areas of the websites in which personal data about you or third parties are displayed are  automatically hidden by Hotjar and are therefore not comprehensible at any time.

Hotjar offers every user the opportunity to prevent the use of the Hotjar tool with the help of a "Do Not Track header",  so that no data about the visit to the respective website is recorded. This is a setting that supports all common browsers in the current version. For this purpose, your browser sends a request to Hotjar with the note to deactivate the tracking of the respective user. If you use our website with different browsers/computers, you must set up the "Do Not Track header" for each of these browsers/computers separately.

Legal basis:

The above analysis is carried out on the basis of our legitimate interests in optimisation and marketing purposes and the interest-based design of our website in accordance with Art. 6 para. 1 lit. f GDPR.   For more information, see: https://www.hotjar.com/legal/policies/privacy/de/.

 

3.8 Microsoft 365 Business

To deal with your matter, we use the product "Microsoft 365 Business" from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown Dublin 18, D18 P521, Ireland.  The software acts as storage, organizational and communication software to simplify and optimize workflows.

Type and purpose of data processing:

When using Office 365, Microsoft processes a large amount of data and also processes personal data, in particular

- IP address with which the Microsoft 365 application is accessed;

- Username (credentials for the Microsoft 365 application), display name, data related to multifactor authentication;

- Surname, first name, official contact details (telephone number, e-mail address, fax number, etc.), profile picture (optional), preferred language;

- Data for authentication and use, e.B time of access, date, time, type of access, meeting ID, location as well as creation, modification, deletion of a document, establishment of a team and channels in teams; Taking notes in the notebook, starting a chat, replying in the chat; Information about the data, files, documents that have been accessed;

- Text, audio and video data.

Which personal data is specifically processed depends on the individual case.  We have entered into a data processing agreement with Microsoft Corporation based on the EU Standard Contractual Clauses.  In addition to the cases explicitly mentioned in this data protection declaration, your personal data will only be passed on without your express prior consent if it is legally permissible or necessary.

For information about Microsoft Teams as an online conferencing tool, see 3.9.

 

Data transfers to third countries:

Data processing outside the European Union (EU) generally does not take place, as we have limited our storage location to data centers in the European Union. However, this does not apply to telemetry or diagnostic data, the support hotline and possible other data that is processed outside the EU in Microsoft's area of responsibility.

Furthermore, due to legal obligations, personal data may be passed on or disclosed to third parties (in particular authorities), including to third countries (USA) with a different level of data protection. The data transfer to the USA is based on the standard contractual clauses of the EU Commission, which is part of Microsoft's Data Protection Addendum (DPA).

 

Anonymization and storage period:

Data is encrypted in transit and at rest. This includes messages, files (video, audio, etc.), meetings, and other content.

We have no influence on the storage period of your data, which is stored by Microsoft for its own purposes. Overall, we have no influence on this processing activity.

In principle, we delete personal data if there is no requirement for further storage. A requirement may exist in particular if the data is still needed to fulfil contractual services, to check warranty and, if necessary, to grant or defend warranty claims. In the case of statutory retention obligations, deletion is only possible after expiry of the respective retention obligation.

 

Legal basis:

The legal basis is Article 6 (1) sentence 1 lit.b GDPR. In addition, the use of Microsoft 365 applications serves to optimize communication with us or our group of companies. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in being able to use functional and widely used communication platforms in the business areas in order to be able to communicate efficiently with external partners. Insofar as consent has been obtained, the use of the Microsoft 365 application takes place exclusively on the basis of this consent. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.

For more information, see: https://privacy.microsoft.com/de-de/privacystatement.

3.9 Video communication

3.9.1 Microsoft Teams

We use Microsoft Teams to run online events. Microsoft Teams is part of Microsoft Office 365 For Business. Microsoft Office 365 Business is a software from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown Dublin 18, D18 P521, Ireland. Microsoft Teams is part of the cloud application Office 365, for which a user account must be created.

Type and purpose of data processing:

Through the video conferencing feature of Microsoft Teams, we can offer you to participate in our online events via video/audio. Data processing with Office 365 takes place on servers in data centers in the European Union in Ireland and the Netherlands. For this purpose, we have concluded an order processing agreement with Microsoft in accordance with Art. 28 GDPR. Accordingly, we have agreed extensive technical and organizational measures with Microsoft for Office 365 that correspond to the currently applicable state of the art in IT security, e.B. with regard to access authorization and end-to-end encryption concepts for data lines, databases and servers.

Microsoft reserves the right to process customer data for its own legitimate business purposes. We have no influence on this data processing by Microsoft. To the extent that Microsoft Teams processes personal data in connection with legitimate business purposes, Microsoft is the independent controller of these data processing activities and, as such, responsible for compliance with all applicable data protection regulations.

Anonymization:

At Microsoft Teams, we use Team Meetings mode. During team meetings, audio input and video recordings are prevented by appropriate settings. There will be no recording of the event.

Legal basis:

The legal basis for data processing when conducting online meetings is Art. 6 para. 1 lit.b) GDPR, insofar as the meetings are carried out within the framework of contractual relationships. In all other respects, your consent pursuant to Art. 6 para. 1 lit. a) GDPR is the legal basis for the processing.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. For more information, see https://privacy.microsoft.com/de-de/privacystatement.

 

3.9.2 Zoom

We use the video conferencing system "Zoom" to conduct online meetings and video conferences. Provider of this service is Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600

San Jose, CA 95113.

Type and purpose of data processing:

When using "Zoom", different types of data are processed. The scope of the data also depends on the information on data you provide before or when participating in an "online course". Registration with "Zoom" is not required to participate in our online courses.

The following personal data are the subject of processing:

- User details: first name, last name, telephone (optional), e-mail address, password (if "single sign-on" is not used), profile picture (optional), department (optional)

- Meeting metadata: topic, description (optional), participant IP addresses, device/hardware information

- For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat

- When dialing in with the telephone: Indication of the incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as .B the IP address of the device can be stored.

- Text, audio and video data: You may have the option of using the chat, question or survey functions in an "online meeting". In this respect, the text entries made by you will be processed in order to display them in the "online meeting" and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your End-2 device as well as from any video camera of the end device are processed accordingly during the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the "Zoom" applications.

In order to participate in an "online meeting" or to enter the "meeting room", you must at least provide information about your name.


Legal basis:

The legal basis for data processing is Art. 6 para. 1 lit.b GDPR, insofar as the video conferences are carried out within the framework of contractual relationships. If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f GDPR.  An adequate level of data protection is guaranteed on the one hand by the conclusion of the so-called EU standard contractual clauses. For more information, see: https://explore.zoom.us/de/privacy/.

 

3.9.3 Google Meet

We use Google Meet (formerly: Google Hangouts). This is a tool for audio and video conferencing. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Type and purpose of data processing:

As part of Google Meet, users can call or join calls from a computer, mobile phone, or a popular video conferencing system. Google sets a cookie on your device. Personal data can thus be stored and evaluated, in particular the activity of the user (in particular which pages have been visited and which elements have been clicked) and device and browser information (in particular the IP address and the operating system). The information generated by the cookie about your use of this online presence is transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this online presence, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Meet will not be merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly. In this case, you may not be able to use all the functions of our online presence to their full extent.

Legal basis:

The legal basis for data processing is Art. 6 para. 1 lit.b GDPR, insofar as the video conferences are carried out within the framework of contractual relationships. If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f GDPR. An adequate level of data protection is guaranteed on the one hand by the conclusion of the so-called EU standard contractual clauses. For more information, see https://policies.google.com/privacy?hl=de.

 

3.10 Quenza

We use the Quenza service of the provider Quenza B.V., Gandhiplein 16, Maastricht, Limburg 6229HN, The Netherlands.

Type and purpose of data processing:

In order to use our digital services, the creation of a Quenza account is required.  This serves to maintain contact with users and to display and manage information about users in relation to personal development. Furthermore, the service serves as organizational and communication software to simplify and optimize workflows.  There is an agreement with Quenza B.V. for order processing.

Storage period:

The personal data will be stored for as long as this is necessary for the fulfilment of the contract. In addition, longer storage may be necessary due to legal obligations, in particular due to commercial or tax retention obligations under the German Commercial Code (HGB) and the Tax Code (AO), which provide for storage for up to ten years.

Legal basis:

The legal basis for data processing is Art. 6 para. 1 lit.b GDPR.

For more information, see https://quenza.com/privacy-policy/.

 

3.11 Payment methods

We integrate payment services from third-party companies on our website. If you make a purchase from us, your payment data (e.B name, payment amount, account details, credit card number) will be processed by the payment service provider for the purpose of payment processing. For these transactions, the respective contractual and data protection provisions of the respective providers apply. The payment service providers are used on the basis of Art. 6 para. 1 lit.b GDPR (contract processing) and in the interest of the smoothest, most comfortable and secure payment process possible (Art. 6 para. 1 lit. f GDPR). Insofar as your consent is requested for certain actions, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; Consents can be revoked at any time for the future.

We use the following payment services / payment service providers within the framework of this website:

Stripe:

The provider of this payment service is the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Further information on Stripe's data protection can be found under https://stripe.com/de/privacy#translation.

Giropay:

The provider of this payment service is giropay GmbH, An der Welle 4, 60322 Frankfurt, Germany (hereinafter referred to as "giropay"). Details can be found in giropay's privacy policy: https://www.giropay.de/rechtliches/datenschutzerklaerung/.

PayPal:

Payment processing can be carried out, among other things, via the company PayPal. This company collects, stores and processes your usage data to determine and bill your orders. As part of the order process, you will be automatically redirected to the respective website. There you can make the payment. You will then be automatically redirected back to our website. We have no influence on and no responsibility for the data processing by PayPal. Therefore, please also note the General Terms and Conditions and Data Protection Declarations for the use of PayPal. We do not have access to your data entered there. With proper payment, we will only receive a notification of the release of the transaction. To prevent unauthorized access by third parties to your personal data, in particular financial data, the order process is encrypted using TLS technology. For further information on the data processing of our service provider, please click here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE.

Visa:

The provider of this payment service is Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, GB (hereinafter "Visa"). For details, see Visa's Privacy Policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

Mastercard:

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium ('Mastercard'). For details, please refer to Mastercard's privacy policy: https://www.mastercard.de/de-de/datenschutz.html.

American Express:

The provider of this payment service is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter referred to as "American Express"). American Express may transfer data to its parent company in the United States. The data transfer to the USA is based on the Binding Corporate Rules. Details can be found here: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing-principles/.

For more information, see American Express' Privacy Policy: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.

Clear:

The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter referred to as "Klarna"). Klarna offers various payment options (e.B. installment purchase). If you choose to pay with Klarna (Klarna checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimize the use of the Klarna checkout solution.

Details can be found in Klarna's privacy policy under the following link: https://www.klarna.com/de/datenschutz/.

Legal basis:

The legal basis for the aforementioned processing is Article 6 (1) (.b) GDPR. The processing takes place on the basis of the concluded contract.

Storage period:

Due to commercial and tax regulations, we are obliged to store your address, payment and order data for a period of ten years. However, after two years, we impose a restriction on processing, i.e. Your data will only be used to comply with legal obligations.

 

3.12 Contact form

Type and purposes of data processing:

  You can send us inquiries and request information material via the contact forms provided on our website. Mandatory information for the use of the contact form is your e-mail address, which we need in order to be able to answer your inquiry and to be able to contact you on our part. You can also voluntarily provide your company, title or title, your first and last name, your postal address and/or your telephone number in order to enable us to address us personally or to make it easier to answer your request. Should further information be necessary to answer your request, we will contact you separately.

As part of the use of the contact forms , the user's consent to the processing of this data is obtained. By giving your consent, you confirm that you would like us to answer your request and give your consent to the data you have provided for this purpose.

We will use the data entrusted to us via the contact forms or in the context of any other contact exclusively to answer your inquiry. We will not pass on this data to third parties either against payment or free of charge. Unless you have consented to further storage and use of your personal data, they will only be stored for as long as this is necessary to fulfil the purpose pursued with the transmission or as required by legal regulations (in particular tax and commercial retention periods).

At the time of sending a request, the IP address of the user as well as the date and time of use of the contact form are also stored. This serves to prevent misuse of our services or the data provided and to log the contact for verification purposes.

Storage period:

This data will be stored for as long as this is necessary to process the request in question. In addition, longer storage may be necessary due to legal obligations, in particular due to commercial or tax retention obligations under the German Commercial Code (HGB) and the Tax Code (AO), which provide for storage for up to ten years. Otherwise, a longer storage of data will only take place if this is necessary for the fulfilment of a contract.

Legal basis:

The legal basis for this processing is Article 6 (1) sentence 1 (a) GDPR. The processing will only take place if you have given your consent in this regard for the aforementioned purposes.

You can revoke your consent at any time (even if you have already given your consent before the GDPR came into force). The revocation of consent applies to the future, so that the legality of data processing carried out on the basis of your consent and before its revocation remains unaffected.

The legal basis for this processing is also Art. 6 para. 1 sentence 1 letter f) GDPR. Our legitimate interest is to enable our users to make comfortable contact and to process the data required to answer such a request.

The legal basis for the storage of the IP address as well as the date and time of use of the contact form is Art. 6 para. 1 sentence 1 letter f) GDPR. Data processing is necessary to safeguard our legitimate interests in the trouble-free use of our services and, in the event of misuse, possibly also to assert, exercise and defend legal claims. In the event of abusive input of third-party data, this data processing may also be necessary to safeguard the legitimate interests of a third party, namely the owner of the data entered.

 

3.13 Social Media - Profile

We maintain publicly accessible profiles on social networks. The social networks we use in detail can be found below. Social networks such as Facebook, Twitter, etc. can usually comprehensively analyze your user behavior when you visit their website or a website with integrated social media content (e.B. like buttons or advertising banners). By visiting our social media presences, numerous data protection-relevant processing operations are triggered.

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your device or by collecting your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or were logged in.

Please also note that we cannot track all processing processes on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.

Legal basis:

Our social media presences are intended to ensure the most comprehensive presence on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on deviating legal bases that must be specified by the operators of the social networks (e.B consent within the meaning of Art. 6 para. 1 lit. a GDPR).

Controller and assertion of rights:

If you visit one of our social media appearances (e.B. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against .dem operator of the respective social media portal (e.B vs. Facebook). Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely based on the corporate policy of the respective provider.

Storage period:

The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions – esp. Retention periods – remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.B. in their privacy policy, see below).

Social networks in detail:

-  Facebook:

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter "Meta"). According to Meta, the data collected will also be transferred to the USA and other third countries.

We have entered into a joint processing agreement with Meta (Controller Addendum). This agreement specifies for which data processing operations we or Facebook is responsible when you visit our Facebook page. This agreement can be viewed at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings independently in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Details can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/.

- Instagram:

We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://help.instagram.com/519522125107875. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or their use by Instagram. Privacy Policy: http://instagram.com/about/legal/privacy/.

Linkedln:

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you would like to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs. Details on their handling of your personal data can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

 

3.14 Social Media Plugins

We use social media plugins on our website  . In order to increase the protection of your data when you visit our online shop, these plugins are not unrestricted, but only integrated into the corresponding shop page using an HTML link (so-called "Shariff solution" from c't  ). This ensures that when you visit a page of our online shop with such plugins, no connection is established with the servers of the provider of the respective social network. If you click on one of the buttons, a separate browser window opens and calls up the page of the respective provider, where you can, for example, press the Like or Share button. For more information on the scope of collection and the handling of your data, please refer to the respective detailed data protection declaration of the provider.

We use the social media plugin on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR).

 

3.14.1 Youtube

Our website uses videos from the video portal "YouTube" of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "Google").

Type and purposes of data processing:

When you visit a page that has an embedded video, a connection to the Google servers is established and the content is displayed on the website by notifying your browser.

Anonymization:

We use the "enhanced privacy mode" option provided by Google. According to Google, in "extended data protection mode" your data – in particular which of our website you have visited as well as device-specific information including the IP address – will only be transmitted to the YouTube server in the USA when you watch the video. By clicking on the video, you consent to this transmission. If you are logged in to Google at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.

Rechtgrundlage:

The implementation takes place on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR, whereby our interest lies in the smooth integration of the videos and the thus appealing design of our website. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. For more information, see www.google.de/policies/privacy/.

 

3.14.2 Vimeo

Our website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

Type and purposes of data processing:

When you visit one of our pages equipped with Vimeo videos, a connection to Vimeo's servers is established. The Vimeo server is informed which of our pages you have visited. In addition, Vimeo obtains your IP address.

Anonymization:

We have set Vimeo so that Vimeo will not track your user activity and will not set cookies.

Legal basis:

The use of Vimeo is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time. The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on "legitimate business interests". Details can be found here: https://vimeo.com/privacy.

 

3.14.3 Vidyard

Our website uses the Vidyard service of Vidyard, 8 Queen St. N, Unit #1, Kitchener, ON, Canada, N2H 2G8 ("Vidyard"), to play videos on our website.

Type and purposes of data processing:

When a video is called up on our website, the videos are reloaded via Vidyard via a Vidyard server. Through these external calls, data such as the IP address of the user are transmitted to the Vidyard servers, which are also located in Kandada and the USA.

Anonymization:

However, we have set Vidyard so that Vidyard will not track your user activity and will not set cookies

Legal basis:

The use of Vidyard is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Vidyard processes the data in Canada on the basis of an adequacy decision pursuant to Art. 45 GDPR and in the USA on the basis of EU standard contractual clauses and thus offers sufficient guarantees within the meaning of Art. 46 para. 1, para. 2 lit.c) GDPR. Further information on the handling of user data can be found in Vidyard's privacy policy at: https://www.vidyard.com/privacy/.

3.15 Legal or contractual obligation to provide the data

If you send us a contact request and would like us to process and answer your request accordingly, we need the personal data specified there as necessary. Otherwise, we will not be able to process the request. If you would like to register for our webshop, we also need the data specified there as required in order to be able to carry out the registration. Without this required personal data, we will not be able to carry out these operations and conclude the contract properly with you.

3.16 Data transfers or recipients of data

In principle, we do not pass on any personal data to third parties. In particular, no data is passed on to third parties for advertising purposes.

Excluded from this are only our service partners, which we need to process the contractual relationship or service providers whom we use in the context of order processing. In all cases, we strictly observe the legal requirements. The scope of data transmission is limited to a minimum. If we use external service providers, they are subject to the same strict data protection regulations and are also integrated into our data protection concept.

In all other respects, your personal data will be transmitted to third parties exclusively for the purposes listed below.

We only pass on your personal data to third parties,

- if you have given your consent in accordance with Art. 6 para. 1 sentence 1 letter a) GDPR or

- if the disclosure is necessary in accordance with Art. 6 para. 1 sentence 1 letter f) GDPR for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in the fact that no disclosure of your data takes place, or

- insofar as there is a legal obligation for the transfer pursuant to Art. 6 para. 1 sentence 1 letter c) GDPR, or

- if this is legally permissible and the transfer is necessary for the performance of a contract with you in accordance with Art. 6 para. 1 sentence 1 letter b) GDPR.

 

3.16.1 Data transfer to collection agencies

For the fulfilment of the contract in accordance with Art. 6 para. 1 sentence 1 lit.b GDPR, we pass on your data to a commissioned collection agency if our payment claim has not been settled despite a previous reminder. In this case, the claim will be collected directly from the collection agency. In addition, the transfer serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in the effective assertion or enforcement of our payment claim in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

3.16.2 Bonitätsauskunft

If we make an advance payment, e.B. in the case of a purchase on account, we reserve the right to carry out a credit check on the basis of a mathematical-statistical procedure using the

SCHUFA Holding AG

Kormoranweg 5

D-65201 Wiesbaden 

Obtain. For this purpose, we transmit the personal data required for a credit check there and use the information received about the statistical probability of a payment default for a balanced decision on the establishment, execution and termination of the contractual relationship. Among other things, your address data is included in the calculation of these so-called score values. You can object to this processing of your data at any time by sending a message to the person responsible for the processing of your data or to the credit agency named here. However, we may still be entitled to process your personal data if this is necessary for the contractual payment processing.

3.17 Data security

We make every effort to ensure the security of your data. In order to prevent the loss, misuse and alteration of personal data, we have set up appropriate physical, electronic and administrative procedures and adapt them to the current state of the art.

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

 

3.18 No use of automated decision-making, including profiling

We do not use so-called profiling or other decision-making that is based exclusively on automated data processing and has legal effect on you or significantly impairs you in a similar way.

 

4. Use of your data for direct marketing newsletters after registration

If you subscribe to our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your e-mail address. The provision of further possibly data is voluntary and will be used to be able to address you personally. For the dispatch of the newsletter, we use the so-called double opt-in procedure. This means that we will only send you an e-mail newsletter if you have expressly confirmed to us that you consent to the sending of newsletters. We will then send you a confirmation e-mail with which you will be asked to confirm by clicking on a corresponding link that you want to receive newsletters in the future.

By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When registering for the newsletter, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace a possible misuse of your e-mail address at a later time. The data collected by us when registering for the newsletter will be used exclusively for the purpose of advertising by means of the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the person responsible named at the beginning. After unsubscribing, your e-mail address will be deleted immediately from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this declaration.

 

5. Your rights as a data subject

You have the following rights regarding the processing of your personal data:

5.1. Right to information (Art. 15 GDPR)

You have the right to request information about your personal data processed by us. In particular, you can find out about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision-making  including profiling and, where applicable, meaningful information on their details.

5.2. Right to rectification (Art. 16 GDPR)

You have the right to immediately request the correction of personal data that is incorrectly stored by us or to request its completion if it is incompletely stored by us.

5.3. Right to erasure (Art. 17 GDPR)

You have the right to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.         

5.4. Right to restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of the processing of your personal data insofar as the accuracy of the data is disputed by you, insofar as the processing is unlawful, but you reject the deletion of the data, insofar as we no longer need the data, but you need it to assert, exercise or defend legal claims, or if you have objected to the processing in accordance with Article 21 of the GDPR.

5.5. Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transmission to another controller.

5.6. Right to revoke a given consent at any time (Art. 7 para. 3 in conjunction .m Art. 6 para. 1 sentence 1 lit. a) or Art. 9 para. 2 lit. a) GDPR)

You have the right to revoke your consent to us at any time. As a result, we may no longer continue the data processing based on this consent for the future, unless it can be based on another legal basis.

5.7. Right to lodge a complaint with a supervisory authority (Art. 77 GDPR in conjunction .m. § 19 BDSG 2018)

You have the right to complain to a supervisory authority if you believe that the processing of your personal data infringes the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

5.8. Right to object (Art. 21 GDPR)

If we process data about you on the basis of legitimate interests, you can object to this for reasons arising from your particular situation.

In addition, you can object to data processing if we carry it out for direct marketing purposes.