Data protection declaration

Introduction

With this information we inform visitors and users of the website about the type, scope and purpose of the processing of personal data when visiting the website or using the services provided on it. We also inform about the rights that the data subject (the person concerned, website visitor) is entitled to as a result of data processing.

It is possible to visit the Internet pages without personal data being collected. However, for the use of some services offered on the website, it may be necessary to process personal data. The processing is carried out either on the basis of a legal permission standard, or, in the event that a legal permission standard does not exist, on the basis of a consent that has been obtained from the data subject beforehand.

Definitions

This information and explanations are based on the terms of the German General Data Protection Regulation law (DSGVO):

Personal Information

Personal data is all information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject"). Considered to be identifiable is a natural person who can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

Processing

Processing means any operation or set of operations which is carried out with or without the aid of automated processes and which relates to personal data, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparing or connection, qualification, erasure or destruction.

Restriction of processing

The limitation of processing is the marking of stored personal data with the aim of limiting its future processing.

Profiling

Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movement of that natural person.

Pseudonymisation

Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data is not attributed to an identified or identifiable natural person.

Controller or data controller (person responsible for the processing)

The person responsible or person responsible for the processing, also known as the controller or data controller, is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are laid down by European Union law or by the law of the Member States, the controller or controllers may be designated in accordance with European Union law or with the law of the Member States on the basis of certain criteria.

Processors

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipients

The recipient is a natural or legal person, public authority, agency or other body to whom personal data is disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the context of a specific investigation mandate under European Union law or the law of the Member States shall not be considered as recipients.

Third parties

A third party means any natural or legal person, public authority, agency or body other than the visitor to the website, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or processor.

Consent

Consent shall mean any voluntary and informed and unequivocal expression of intention, in the particular case, in the form of a statement or other unequivocal affirmative act by which the data subject indicates his or her consent to the processing of his or her personal data.

Data protection officer

The following office is responsible for data protection:
Ann Vielhaben, Heerstraße 18/20, 14052 Berlin

Cookies

So-called cookies are used on the website. Cookies are text files that are stored on the computer system of the person visiting the website,

Many cookies contain a unique identifier that consists of a string of characters that can be used by the system to recognise users. This serves to adapt the Internet offer individually and in a user-friendly way to the respective visitor.

There are different types of cookies. Most cookies are deleted from the hard disk at the end of the browser session (so-called session cookies). Other cookies remain on the computer and make it possible to recognise the computer during the next visit (so-called permanent cookies). These cookies serve, for example, to greet you with your individual user name and, for example, make it unnecessary to re-enter user names and passwords or fill out forms

If the use of cookies is not desired, the visitor can prevent the use of cookies by preventing the setting and storage of cookies in the settings of their browser. In the settings, you can also delete existing cookies at any time. This is possible in all common Internet browsers.

In the event that the visitor to the website has prevented the setting of cookies in the settings, not all functions of the website may be fully usable under certain circumstances.

Cookies from third parties are generally not used.

Collection of data and information

When the website is accessed, general data and information are collected, which are stored in log files on the server.

Data is collected about the type of browser used and the version of the browser, the operating system used to access the website, the website from which the visitor accesses the website, the sub-pages that the visitor accesses, the date and time of access, the IP address, the Internet service provider and other similar data and information used to avert an attack on the IT system.

Under no circumstances will conclusions be drawn about the visitor. Rather, the information is needed so that the contents of the website can be displayed correctly. The data is also collected in order to make available, in the event of a cyber-attack, the information required for prosecution by the competent law enforcement authorities.

In any event, the data will be collected anonymously and stored separately from other personal data, which may be collected elsewhere in compliance with statutory data protection requirements.

Contact via the website

Due to legal regulations, the website contains information that enables rapid electronic contact or direct communication with the operator of the website.

In the event of contact being established, e.g. by email or via a contact form, the personal data transmitted will be automatically stored.

In any event, the data will only be processed for the purpose resulting from the establishment of contact and will not be passed on to third parties unless the transfer is necessary for the processing of the establishment of contact.

Comment functions

If there is the possibility to leave individual comments on the website, the comment itself, as well as the time of the comment entry and the pseudonym chosen by the user will be saved and published. The IP address is also logged.

The data is stored for security reasons and in the event that the comment violates the rights of third parties or unlawful content is published. A passing on to third parties does not take place in principle, unless the passing on is legally prescribed or necessary for legal defence.

Routine deletion and blocking of personal data

Personal data will only be stored for the period of time necessary for the respective purpose of processing or due to legal requirements.

After the purpose has been achieved or the statutory retention period has expired, the personal data will be deleted routinely and in accordance with the statutory provisions. If the intended purpose of the processing has been achieved, but the data may not yet be deleted due to legal requirements, the data will be blocked.

Legal basis of the processing

1. Data processing is based on Art. 6 para. 1. DSGVO, the German GDPR law. Thereafter, data processing shall be permitted if such processing
   • takes place with the consent of the person concerned;
   • is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures;
   • is necessary to fulfil a legal obligation;
   • is necessary to protect the vital interests of the visitor to the website or any other natural person;
   • is necessary to safeguard the legitimate interests of the person responsible or of a third party, unless the interests or fundamental rights and freedoms of the visitor to the website which require the protection of personal data prevail, in particular where the person concerned is a child.
2. Insofar as data processing cannot be based on any other legal basis thereafter, data processing shall in principle only take place with the consent of the data subject, which shall be obtained and documented by the data subject prior to the commencement of processing.
3. If the data processing is based on a legitimate interest, it is necessary to weigh the interests of the data subject before starting the processing, which can nevertheless exclude data processing, even if the data processing appears appropriate for business purposes. In this case, expediency is not generally sufficient. What is required is that significant interests of the company, its employees or shareholders are directly affected by the data processing.

Right of access and rectification

Persons whose data is processed have a legal claim to information, correction and deletion of their data. The rights may be exercised at any time at the request of the data subject to the data protection officer or the management.

In the event of a request for information, the following information shall be provided:

• processing purposes;
• categories of personal data processed;
• recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
• if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
• the existence of a right to the rectification or erasure of personal data concerning him or her or to the limitation of the processing by the controller or of a right to object to such processing;
• existence of a right of appeal to a supervisory authority;
• if the personal data is not collected from the data subject; All available information about the origin of the data;
• Existence of automated decision-making, including profiling in accordance with Article 22(1) and (4) of the DSGVO (the German GDPR law) and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject; transfer of data to a third country or to an international organisation and on the appropriate safeguards in relation to the transfer.

In the event of a request for rectification, incorrect data must be rectified or completed.

Right to deletion

In the event of a request for deletion, the relevant personal data must be deleted immediately,

• if the personal data has been collected or otherwise processed for purposes for which they are no longer needed;
• the data was collected exclusively on the basis of the consent of the data subject, which the data subject has revoked;
• the data subject objects to the processing pursuant to Art. 21 DSGVO (the German GDPR law) and in the event of revocation pursuant to Art. 21 para. 1 DSGVO (the German GDPR law) there are no overriding legitimate reasons for the processing;
• the personal data has been processed unlawfully;
• the deletion is required by law.

In the event that the data to be deleted has been made public, appropriate measures will be taken pursuant to Art. 17 para. 1 DSGVO (the German GDPR law), taking into account the available technology and implementation costs, to inform third parties processing the published personal data of the request for deletion.

Right to limitation of processing

The data subject has a statutory right to demand the restriction of the processing of their data if they dispute the accuracy of the personal data or has lodged an objection pursuant to Art. 21 (1) DSGVO (the German GDPR law). In such a case, the processing shall be limited for such time as is necessary to verify the accuracy of the personal data or to establish whether there are reasons for the processing outweighing the interest of the data subject. If the processing is subsequently unlawful and the data subject refuses to have their data erased, they may instead request that the processing of their data be restricted.

The processing of the data must also be limited if it is no longer needed for the purpose for which it was collected, but are still required for the assertion, exercise or defence of legal claims.

The aforementioned rights may be exercised at any time at the request of the data subject to the data protection officer or the management.

Right to data transferability

Persons whose data is processed have a legal right to the data being transferred in a structured, common and machine-readable format or being transferred to a third party without hindrance, if the processing is based on the consent pursuant to Art. 6 para. 1 letter a DSGVO (the German GDPR law) or Art. 9 para. 2 letter a DSGVO (the German GDPR law) or on a contract pursuant to Art. 6 para. 1 letter b DSGVO (the German GDPR law) and the processing is carried out by means of automated procedures, provided that the processing is not necessary for the performance of a task which is in the public interest or which is carried out in the exercise of official authority assigned to the data controller.

The rights may be exercised at any time at the request of the data subject to the data protection officer or the management.

Right to object

Affected parties have a legal right to object to data processing at any time.

In the event of an objection, the data will no longer be processed unless there are demonstrable compelling reasons worthy of protection for the continuation of the data processing, which outweigh the interests, rights and freedoms of the visitor to the website, or the processing serves the assertion, exercise or defence of legal claims.

In the event of an objection to processing for advertising purposes, the objection shall in principle take precedence. The data will then no longer be used for advertising purposes.

The rights may be exercised at any time at the request of the data subject to the data protection officer or the management.

Automated decisions in individual cases, including profiling

Data subjects have a statutory right that a decision affecting them which has legal effect is not taken exclusively on the basis of automated processing or in a similar manner that significantly affects them. This shall not apply to decisions which are necessary for the conclusion or performance of a contract with the data subject or which are permitted by law and which contain appropriate measures to safeguard the rights and freedoms, as well as the legitimate interests of the visitor to the website or which are taken with the express consent of the visitor to the website.

Where the decision is necessary for the conclusion or performance of a contract or where the automated decision is taken with the express consent of the data subject, appropriate measures shall be taken to safeguard the rights and freedoms and legitimate interests of the visitor to the website, such as measures whereby the data subject may intervene in the procedure and present his or her views.

If the data subject wishes to exercise rights relating to automated decisions, he or she may at any time contact our data protection officer or another employee of the data controller for this purpose.

The rights may be exercised at any time at the request of the data subject to the data protection officer or the management.

An automated decision in individual cases and profiling does not take place in the present case despite this.

Right to revoke consent under data protection law

Affected parties can revoke their consent to data processing at any time.

The rights may be exercised at any time at the request of the data subject to the data protection officer or the management.

Use of analysis tools and other services

The website may contain components from various third-party companies which can be used to collect and analyse information on visitors to the website and their surfing behaviour, in some cases in real-time. Interactions are statistically recorded and processed in order to gain an overview of the online activities of visitors and users of the website.

On the one hand, the use of these components serves the purpose of adapting the marketing for the Internet offer to the visitors and users and thereby increasing the advertising effectiveness of the Internet pages. On the other hand, this serves to identify and eliminate technical or other errors.

The components are third-party software components. If such components are used, the type, content and scope, as well as the purpose of the data processing are explained and pointed out below.

The components use different types of cookies. These are also explained below. As already described above under clause 4, you can prevent cookies from being set in the settings in the Internet browser. This prevents the collection of personal data by the components used.

In addition, provider companies frequently provide an opportunity to centrally object to the collection of data by their components. To the extent possible, this is also explained below.

Privacy policy for the use of Google Analytics (with anonymisation function)

The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Further information and Google's applicable privacy policy can be found at https://www.google.de/­intl/de/policies/privacy/ and http://www.google.com/­analytics/terms/de.html Google Analytics is explained in more detail under this link https://www.google.com/­intl/de_en/analytics/.

Google Analytics is a web analytics service. Web analysis is the collection, collection and evaluation of data about the behaviour of visitors to Internet sites. A web analysis service collects data on, among other things, from which website a person concerned has accessed a website (so-called referrers), which subpages of the website have been accessed or how often and for how long a subpage has been viewed. A web analysis is mainly used for the optimisation of a website and for the cost-benefit analysis of Internet advertising.

The IP address of the Internet connection of the visitor to the website is abbreviated and anonymised by Google if the Internet pages are accessed from a Member State of the European Union or from another Contracting State to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us showing the activities on our website and to provide other services in connection with the use of our website.

Google Analytics places a cookie on the website visitor's system to help the website analyse how users use the site. When the website is accessed, data is transmitted to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the visitor to the website, which Google uses, among other things, to track the origin of visitors and clicks and subsequently to enable commission invoices.

The cookie is used to store personal information, such as the access time, the location from which an access originated and the frequency of visits to our website by the person concerned. Each time you visit the website, this personal data, including the IP address of the Internet connection used by the visitor to the website, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal information collected through the technical process with third parties.

In addition to the options described above for preventing the use of cookies, visitors to the website also have the option of opposing the collection of data generated by Google Analytics and relating to the use of this website and the processing of this data by Google, and of preventing such data from being collected. For this purpose, the person concerned must download and install a browser add-on under the link https://tools.google.com/­dlpage/gaoptout. This browser add-on tells Google Analytics via JavaScript that no data and information about visits to Internet pages may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as an objection.

Privacy policy for the use of Google AdWords

The company operating the Google AdWords services is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. For more information and to review Google's current privacy policy, please visit https://www.google.de/­intl/de/policies/privacy/

Google AdWords is an Internet advertising service that allows advertisers to serve ads both in Google's search engine results and on the Google advertising network. Google AdWords allows an advertiser to pre-define keywords that will be used to display an ad in Google's search engine results only when the user uses the search engine to retrieve a keyword relevant search result. In the Google advertising network, the ads are distributed to relevant Internet sites using an automatic algorithm and in accordance with the keywords defined beforehand.

The purpose of Google AdWords is to promote the website by displaying advertisements of interest on the websites of third parties and in the search results of the Google search engine and by displaying third-party advertisements on our website.

If a visitor reaches the website via a Google advertisement, a so-called conversion cookie is stored on his system. A conversion cookie loses its validity after thirty days and does not serve to identify the visitor to the website. If the cookie has not yet expired, the conversion cookie is used to track whether certain subpages, such as the shopping cart from an online shop system, have been accessed on the website, to see whether the visitor has completed or cancelled the purchase.

The data and information collected through the use of the conversion cookie is used by Google to compile visit statistics for the website, to determine the success or failure of the respective AdWords ad and to optimise our AdWords ads for the future. An identification of the visitor on their part is thereby not possible.

The conversion cookie is used to transfer personal data, including the IP address of the Internet connection used, to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal information collected through the technical process with third parties.

In addition to the options described above for preventing the use of cookies, visitors to the website also have the option of opting out of interest-related advertising by Google. To do this, the person concerned must access the link www.google.de/­settings/ads from any of the Internet browsers they use and make the desired settings there.

Privacy policy on the use and application of YouTube

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The data protection regulations published by YouTube, which are available at https://www.google.de/­intl/de/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.

YouTube is an Internet video portal that allows registered users to publish video clips.

When visiting the website containing the YouTube plug-in, the browser downloads a Twitter component display. In this way, YouTube will know which pages are visited.

If the user presses one of the integrated buttons, the transferred data and information are assigned to the personal YouTube user account of the visitor of the website and stored and processed by YouTube.

YouTube also receives information about the visit of the website if the visitor is logged in to YouTube at the same time. This applies regardless of whether the button is clicked or not. To prevent this, the user must log out of the account during this time.

Using Google Web Fonts

Google Web Fonts services are operated by Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. For more information and to review Google's current privacy policy, please visit https://www.google.de/­intl/de/policies/privacy/

Google Web Fonts is a service that allows fonts to be integrated into a web page. When you visit the website where Google Web Fonts is integrated, the browser downloads the font. In this way, Google Web Fonts obtains information about which pages are visited.