Privacy policy
1 General information
This privacy policy was last updated on 9.9.2024 and informs you about the type, scope, legal basis and purpose of the processing of your personal data by us.
This information relates on the one hand to the processing of personal data on or through our website. On the other hand, you will receive information about the processing of your personal data in other internal and external processes of our company. If necessary, you will receive additional information on further processing in an appropriate manner. If, for example, we use your personal data to register your visit to us on site, you will also be informed on site.
We take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with the statutory national and European regulations as well as the requirements and recommendations of the state data protection authority responsible for us, the State Commissioner for Data Protection of Lower Saxony, Prinzenstr. 5 in 30159 Hanover. We reserve the right to implement the published recommendations of other data protection authorities if, in our opinion, this can better ensure the protection of your personal data. The same applies to publications in literature and case law.
**Please note that the absolute security of your data can never be guaranteed 100 percent. There is always a risk that unauthorized persons may illegally access your data or use it to contact us. There is also the possibility of data loss, whether by employees, former employees or service providers, whether through carelessness or intent. We also cannot rule out the possibility that a provider or an affiliated company may share your data with other companies or have it processed by other companies without our knowledge. Likewise, we cannot rule out the possibility that data processing by providers may take place in whole or in part in a third country without our consent, where an adequate level of data protection may not be guaranteed. Please therefore also take the time to read our information on data processing in third countries in this privacy policy. Our aim is to raise your awareness of your responsibility when handling your personal data and the data of others. If you notice any signs of possible misuse of your data, we urge you to inform us immediately. The protection of your data is of the utmost importance to us and we will do everything in our power to ensure its security.
For the sole purpose of better readability, gender-specific spelling has been omitted. All personal designations in this “Information on data protection” (e.g. customer, controller, data subject, data protection officer) are therefore to be understood as gender-neutral.
2 Scope of application
2.1 European and national law
The processing of your data is subject, among other things, to the European General Data Protection Regulation (GDPR), OJ L 119 of May 4, 2016, p. 1-88 (in the version applicable at the time this data protection notice was prepared) and the German Federal Data Protection Act (BDSG) in the version of June 30, 2017; (BGBl. I p. 2097), last amended by Art. 12 G of November 20, 2019; (BGBl. I p. 1626, 1633).
2.2 Material scope of application
With this data protection information (also “data protection declaration”, “data protection information”) we inform you in accordance with Art. 12 ff. GDPR about which of your personal data we process (definition of the terms “personal data”, “processing”: see below) in order to display this website and to be able to use the functions of the website.
We also inform you about the other processes associated with the display of the website or the functions used (e-mail communication, hosting, newsletter, etc.). If and insofar as we process personal data in other processes (telephone system, guest WLAN, video surveillance, etc.), you will receive further information in a timely and comprehensive manner. This information may also be provided on this website; we will therefore also inform you about the way in which we store the information in the other processes.
This data protection information also applies to our other online presences (e.g. websites, landing pages, stores, social media presences) as well as to other processes, insofar as we expressly refer to this data protection information.
2.3 Applicability of the Swiss Federal Act on Data Protection (FADP)
Our data processing is also subject to the Swiss Federal Act on Data Protection (FADP), which came into force on September 1, 2023, including the implementing provisions of the Swiss Data Protection Ordinance (DPO) in accordance with Article 3 paragraph 1 FADP. We also take into account the recommendations of the Federal Data Protection and Information Commissioner (FDPIC).
In our privacy policy, we primarily use the terminology of the GDPR to simplify and clarify matters for data subjects from Switzerland and the EU. This includes equating “personal data” pursuant to Article 5(a) FADP with “personal data” pursuant to Article 4(1) GDPR, “sensitive personal data” pursuant to Article 5(c) FADP with “special categories of personal data” pursuant to Article 9(1) GDPR, “processing” pursuant to Article 5(d) FADP with “processing” pursuant to Article 4(2) GDPR, and “processor” pursuant to Article 5(k) FADP with “processor” pursuant to Article 4(1) GDPR. 2 GDPR, and “processor” pursuant to Article 5(k) GDPR with “processor” pursuant to Article 4(8) GDPR.
Insofar as we base the processing of personal data on Art. 6(1)(a) GDPR (consent), this also refers to processing pursuant to Art. 30, Art. 31(1) GDPR. If we process data in direct connection with the conclusion or execution of a contract (Art. 30, Art. 31 para. 2 lit. a GDPR), this corresponds to processing in accordance with Art. 6 para. 1 lit. b GDPR (initiation, establishment, execution and termination of a contract). Insofar as we base our processing on our legitimate interest within the meaning of Art. 6 (f) GDPR, this corresponds to processing in the overriding private interest pursuant to Art. 30, Art. 31 (1) FADP or processing for non-personal purposes within the meaning of Art. 30, Art. 31 (2) (e) FADP. If we base our processing on Art. 6 para. 1 lit c i.V.m. para. 3 GDPR (fulfillment of legal obligations), this corresponds to the justification pursuant to Art. 30, Art. 31 para. 1 FADP (justification by law), Art. 31 para. 2 lit. e FADP (processing for non-personal purposes).
In the event of overlapping or differing standards of protection under European and Swiss laws and regulations, we give preference to the regulation which, in our opinion, offers the best protection of personal data, unless the application of a particular regulation is mandatory or an alternative regulation is not possible.
2.4 Collision of different regulations
In the event of conflicts between different applicable data protection standards or differences in these standards, we generally follow the regulation that, in our judgment, ensures the highest level of protection of personal data. This applies unless the application of a specific regulation is mandatory or an alternative regulation does not appear feasible. However, we reserve the right to comply only with the legally prescribed minimum standard if any further compliance would result in unreasonable economic or operational burdens for our company, our employees, customers, interested parties or contractual partners. In such cases, we will make explicit reference to this decision where necessary or appropriate.
3 Contact details of the controller
The controller responsible for the processing of data on this website within the meaning of the General Data Protection Regulation (GDPR), other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is
- Sattler Media Group GmbH
- Kurt-Sattler-Str. 9
- 38315 Hornburg
- Telefon: +49 5334 29-0
- E-Mail: info@sattler.media
You can contact us at any time if you have any questions about this data protection notice or wish to assert your rights.
4 Contact details of the data protection officer
You – and any other data subject – can contact our data protection officer
Attorney Michael F Ochsenfeld c/o OCHSENFELD+COLL Rechtsanwälte Bahnhofsallee 9 Hildesheim Telephone: 05121102210 E-mail: sattler@ochsenfeld.com
at any time with any questions or suggestions regarding data protection.
5 Definitions
In this Privacy Policy (“Privacy Policy”), we use, among other things, the terms defined in the European General Data Protection Regulation (GDPR), OJ L 119 of May 4, 2016, p. 1-88 (in the version applicable at the time this Privacy Policy was prepared) and the German Federal Data Protection Act (BDSG) in the version of June 30, 2017; (BGBl. I p. 2097), last amended by Art. 12 G of November 20, 2019; (BGBl. I p. 1626, 1633).
Insofar as additional terms are used in this privacy policy that result from other laws or the terms are used to understand this privacy policy, we have explained them in the following text.
5.1 Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (cf. Art. 4 No. 1 GDPR).
Personal data includes, for example, the name, address, account or telephone number, but also the IP address or ID number.
5.2 Person concerned
Data subject is any identified or identifiable natural person whose personal data is processed by the controller (cf. Art. 4 No. 1 GDPR).
Data subject is, for example, the user of the website or the customer, client, patient, etc. of a company.
5.3 Processing
Processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (cf. Art. 4 No. 2 GDPR).
Processing therefore takes place when we collect, pass on, store or delete personal data.
5.4 Delete
In data protection law, a distinction is made between “erasure” and “destruction” of personal data (cf. e.g. Art. 4 No. 2 at the end “… erasure or destruction”).
Data deletion refers to the removal of data from an electronic system or database. Deleted data can usually be recovered as long as no special measures have been taken to permanently overwrite or destroy it. In many cases, deletion means that the data can first be moved to the recycle bin or the “Deleted Items” folder, from where it can be permanently deleted later. Deleted data can be restored – albeit with considerable effort – but it is not readily accessible or usable after deletion.
5.5 Destroy
In data protection law, a distinction is made between “erasure” and “destruction” of personal data (cf. e.g. Art. 4 No. 2 at the end “… erasure or destruction”).
Data destruction is a physical process in which data is destroyed in such a way that it cannot be recovered. This can be done by shredding paper documents or overwriting electronic data carriers with special software. The destruction of data ensures that no traces of the information remain and that it can no longer be reconstructed.
5.6 End user
End user is any natural or legal person who uses a public telecommunications service (e.g. Internet access services) without providing a public telecommunications network or a publicly accessible telecommunications service themselves.
5.7 Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting its future processing (cf. Art. 4 No. 3 GDPR).
If you contact us, for example, and inform us that your data is incorrect, we will restrict the processing of your data in order to check the accuracy of the data (cf. Art. 18 para. 1 lit. b GDPR)
5.8 Profiling
Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements (cf. Art. 4 No. 4 GDPR).
Profiling would be, for example, the evaluation of your economic situation based on your purchasing behavior.
5.9 Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person (cf. Art. 4 No. 5 GDPR).
Pseudonymization is given, for example, if the personal data are replaced by, for example, a customer number. Without knowing which customer number has been assigned to which customer, it is not possible to assign the data to a specific person (customer).
5.10 Anonymization
Anonymization is the complete and irreversible removal of the personal reference of the data.
If, for example, all customer contact data is overwritten with random numbers and no storage has been made of which number was assigned to which customer, the data can no longer be assigned to a person.
Anonymized data is not subject to the rules of the GDPR and the BDSG due to the lack of personal reference (see recital 26 GDPR).
5.11 "Controller" or "controller responsible for the processing"
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law (cf. Art. 4 No. 7 GDPR).
The controller responsible for the processing of data when using this website is the provider of this website (see contact details of the controller).
5.12 Processors
A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller (cf. Art. 4 No. 8 GDPR).
We use a so-called hoster as a processor, i.e. a company that stores our website on its own servers. If, for example, you enter your personal data (e.g. name, email address, etc.) via a contact form, this data is stored on the hoster’s server. The hoster only processes the data in the way that we have contractually agreed with it. It therefore processes the data “on our behalf” and is therefore a “processor”.
5.13 Receiver
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients (see Art. 4 No. 9 GDPR).
Recipients of this privacy policy are, for example, you.
5.14 Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Third party is, for example, a public authority that accesses data on the basis of a legal authorization (cf. Art. 4 No. 10 GDPR).
5.15 Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her (cf. Art. 4 No. 11, Art. 7 GDPR). For example, you give us your consent when you place your order – you then consent to us processing the data you provide so that we can fulfill your order.
5.16 Content Delivery Network (CDN)
A Content Delivery Network (CDN) is a network of servers that are connected via the Internet and send data to end devices. A CDN can consist of several thousand regionally distributed servers that deliver data as quickly as possible according to certain rules. The main advantage of a CDN is that not only the server on which our website is stored (hosted), for example, delivers the required data (e.g. text or images), but many servers at the same time. This allows our website to be displayed much faster on your device.
For the CDN to work, it requires data such as browser type, IP address, screen resolution, etc.
If you do not want to use the CDN, you can install a JavaScript blocker (e.g. Sybu https://sybu.co.za or NoScript https://noscript.net) on the device you are using. Delivery of the website may then be slower.
5.17 Terminal equipment
By the term “terminal equipment” we mean any equipment connected directly or indirectly to the interface of the telecommunications network you use for sending, processing or receiving messages or data, regardless of the type of connection (wire, electromagnetic, etc.).
5.18 Mobile devices
The term “mobile devices” refers to all Internet-enabled devices that are not stationary but mobile, i.e. movable. These can be smartphones, tablets, etc., for example.
5.19 Website
By “website” (also: web presence, internet presence, web presence etc.) we mean the presence of a provider that can be reached under an individual web address. A website can be displayed with browsers. It is comparable to a “house” at a specific address (domain) and usually has several web pages (i.e. “rooms”). In addition to the web application (homepage), other services such as e-mail, storage space, etc. can be used.
5.20 IP address
The IP address is the unique address (e.g. 216.58.190.0) of the computer or end device you are using, similar to a postal address. According to a decision of the European Court of Justice (judgment of 19.10.2016, ref.: C-582/14), IP addresses are personal data (see also recital 30 GDPR). It follows that the GDPR and the BDSG also apply to IP addresses.
The IP address is used to deliver data to your computer. You can find out the IP address of your computer in the network using the “ipconfig” command or research it online (e.g. at https://www.heise.de/netze/tools/meine-ip-adresse/). Your IP address is then transmitted to the provider.
5.21 Java, JavaScript
**Java** is a platform-independent programming language developed in 1995 by the US company Sun Microsystems Inc, Santa Clara, USA (now part of Oracle Corporation, Austin, USA), whose language specification is constantly being further developed. Today, Java is not only used by web browsers, but also in cars, hi-fi systems and other electronic devices.
**JavaScript** (JS for short) is a scripting language that was developed in 1995 by Brendan Eich for dynamic HTML in web browsers. JS extends the possibilities of HTML. JavaScript was developed independently of Java and differs in many ways.
5.22 Cookies
Cookies are small data packages in the form of text files that are used to temporarily store certain information on your end device. This makes it possible, for example, to recognize your computer when you visit our website again or to save content in forms or your shopping cart. Tracking services use cookies to store collected information.
There are two types of cookies: Transient cookies are automatically deleted when you close your web browser. These include session cookies, which store a session ID to assign requests in your current session. This enables your device to be recognized when you visit our website again. Session cookies are deleted when you log out or close the browser. Persistent cookies, on the other hand, are deleted after a specified period of time, the duration of which varies depending on the cookie.
Technically necessary cookies are essential in order to display the website correctly. These include shopping cart cookies, login cookies and language selection cookies.
If you do not want cookies to be stored, you can deactivate the corresponding settings in your web browser. You can delete existing cookies in the browser settings. Detailed instructions can be found in the help sections of your browser under the following links:
- Internet Explorer: https://support.microsoft.com/de-de/windows/l%C3%B6schen-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
- Mozilla Firefox: https://support.mozilla.org/de/kb/verbesserter-schutz-aktivitatenverfolgung-desktop?redirectslug=cookies-erlauben-und-ablehnen&redirectlocale=de
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
- Safari: https://support.apple.com/de-de/HT201265
- Opera: https://help.opera.com/en/latest/web-preferences/#cookies
- Microsoft Edge: https://support.microsoft.com/de-de/topic/passen-sie-ihre-datenschutzeinstellungen-in-microsoft-edge-an-600ee799-081c-4ab7-b6c2-d8a9baeda3c4
In addition, you can prevent the collection and forwarding of personal data by deactivating (“blocking”) JavaScript in your browser. It is also possible to install script blockers that prevent the execution of certain code. Script blockers can be found under the following links: - \[https://addons .mozilla.org/de/firefox/addon/noscript/\]- \[https://noscript .net/\]- \[https://www .ghostery.com \]
- \[https://chrome .google.com/webstore/detail/umatrix/ogfcmafjalglgifnmanfmnieipoejdcf\]
Further information on cookies and their use can be found at the Bundesverband Digitale Wirtschaft (BVDW) e. V. at \[www .bvdw.org\](www.bvdw.org). Additional information is available on the BVDW e. V. website \[https://meine-cookies .org/ \].
We use a separate tool – a so-called cookie consent tool – to obtain and document any consent you may need for the processing of cookies (see also the explanation of the keyword “Cookie Consent Tool”).
5.23 Cookie Consent Tool
Cookie Consent Tools (“consent”) manage the consents you have given for the use of certain technically unnecessary tools.
Before using tools that require cookies, you will be informed in a pop-up window about the cookies you want. You can then decide whether and with which cookies you agree or not. Your decision will then be stored for a period of up to twelve months. Personal data, such as your IP address – as well as a pseudonymous user ID, the time of consent and the selection, etc.) are used. This data is stored either in a cookie on your end device or on the server we use.
**You can adjust or revoke your consent at any time.
The use of the cookie consent tool is based on our legitimate interest in operating the website in an efficient and legally compliant manner. Without its use, it is not possible for us to request the necessary consent and document the user’s decision. We require the documentation in accordance with Art. 5 para. 2 GDPR in order to be able to prove that we operate the website in accordance with the applicable law. Further information can be found in the explanations of the cookie consent tool used.
5.24 Web beacons
Web beacons are not graphics in HTML e-mails or on websites. The image is usually only 1×1 pixel in size, often transparent or designed in the color of the background and therefore invisible or barely visible.
If the document is loaded, the web beacon is loaded from a server and the download is registered there. This can then be used to determine whether the document has been downloaded, e.g. whether the email has been opened.
You can prevent the use of web beacons if, for example, you open the email offline, do not open the email as an HTML email or block external graphics with your email program.
You can also use tools that recognize and block web beacons, e.g.
- Privoxy – https://www.privoxy.org/
- Proxomitron – https://www.proxomitron.info/
Further information can be found in the explanations of the “web beacons” used.
5.25 Third countries/third countries, transfer of data to third countries
The term “third countries” refers to countries that are not part of the European Union (i.e. Belgium, Bulgaria, Romania, Czech Republic, Denmark, Germany, Estonia, Greece, Spain, France, Ireland, Italy, Cyprus, Latvia, Lithuania, Luxembourg, Hungary, Malta, Netherlands, Austria, Poland, Portugal, Slovenia, Slovakia, Finland and Sweden, as of 29.8.2024) or the European Economic Area (member states of the EU as well as Iceland, Liechtenstein and Norway, as of 29.8.2024).
In addition to the United States of America (USA), India, China, Russia, Brazil, South Africa and Australia, there are around 160 other countries (as of 29.8.2024) that are potential third countries.
Data transfers to third countries are lawful in accordance with the strict legal requirements (cf. Art. 44 et seq. GDPR), inter alia, if
- either the European Commission has determined in accordance with Art. 45 (3) GDPR that an adequate level of data protection exists in the third country. Such so-called adequacy decisions are available for Andorra, Argentina, Canada (only commercial organizations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, Japan and the United Kingdom (as of 29.8.2024). An overview of the adequacy decisions adopted is provided by the European Commission.
- or if the data recipient provides appropriate safeguards to protect the personal data and the data subjects have enforceable and effective legal remedies (Art. 46 (1) GDPR).
According to Art. 46 para. 2 GDPR, such suitable guarantees include the **use of the Commission’s standard data protection clauses** (Art. 46 para. 2 lit. c, Art. 93 para. 2 GDPR). These standard data protection clauses or standard contractual clauses (SCCs) are templates provided by the EU Commission. You can find these clauses here: https://eur-lex.europa.eu/eli/dec\\\\_impl/2021/914/oj?locale=en. The clauses used ensure that personal data is also processed in the third country concerned at a level of data protection that corresponds to the European level.
The **”Trans Atlantic Data Privacy Framework “** (TADPF) has applied to data transfers to the USA since 10.07.2023. The TADPF introduces new binding safeguards for US recipients of data. These include the restriction of access to data of EU citizens by US intelligence services and the establishment of the Data Protection Review Court (DPRC), a supervisory authority that is also accessible to non-US citizens. The DPRC can also order the deletion of data in the event of violations. The TADPF is regularly reviewed by the European Commission together with representatives of the European data protection authorities and the relevant US authorities. The first review is scheduled to take place within one year of the TADPF coming into force.
The TADPF has the effect of an adequacy decision pursuant to Art. 45 (1) GDPR and applies with immediate effect to US companies participating in the TADPF. Additional legitimation instruments such as standard contractual clauses (SCC) are therefore no longer required for data exports to US recipients, as the USA is once again considered a safe third country. However, US companies must carry out self-certification and undertake to comply with certain data protection obligations in order to benefit from the effects of the TADPF. The current status can be viewed from 17.07.2023 at https://www.dataprivacyframework.gov/s/.
Data transfer is also permitted if the data subject has consented to the transfer in accordance with Art. 49 para. 1 lit. a GDPR or if the transfer is necessary for the conclusion or performance of a contract concluded by the controller with another natural or legal person in the interest of the data subject (Art. 49 para. 1 lit. c GDPR) or if another exception to Art. 49 GDPR applies.
If we work with providers who are either based in a third country or process data in a third country (e.g. the USA), we ensure compliance with the legal requirements and check this regularly. We also only work with providers who have concluded the necessary contracts with us.
Should we need or wish to deviate from this in exceptional cases, we will inform you accordingly and seek your consent.
5.26 Advertising
Advertising is a form of communication in which companies or organizations disseminate messages or information about their products, services or brands to potential customers or target groups via various media channels (banner ads on websites, social media ads, video ads, etc.). The main aim of advertising is to raise awareness of a product or service, generate interest among potential customers and ultimately promote the sale or use of the advertised offer.
6 Storage period
In principle, we only store personal data for as long as is necessary for the processing of the data (“retention period”). Once this period has expired, the data is generally deleted automatically.
The necessity of storage also depends on retention periods prescribed by law or ordered by authorities. These can be, for example, tax regulations or regulations under commercial law. Retention periods may also result from contractual regulations (e.g. information on the contractual partner). The data will therefore only be deleted in compliance with the statutory, official and, if applicable, judicial requirements for the storage or deletion of personal data.
Sometimes it may be necessary for a contract to be concluded that a data subject provides us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data would mean that the contract with the data subject could not be concluded.
7 Rights of the data subject
The applicable data protection law grants you comprehensive data subject rights vis-à-vis the controller with regard to the processing of your personal data (rights of access and intervention, etc.), about which we inform you below:
7.1 Right to information pursuant to Art. 15 GDPR
You can request confirmation from the controller as to whether personal data concerning you is being processed by the controller (“right to confirmation”). Furthermore, you have a right to information about
- the purposes of processing;
- the categories of personal data that are processed;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; – the existence of the right to lodge a complaint with a supervisory authority;
- if the personal data are not collected from the data subject: All available information about the origin of the data;
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Furthermore, you have the right to obtain information as to whether personal data are transferred to a third country or to an international organization. If this is the case, you also have the right to obtain information about the appropriate safeguards in the context of the transfer.
If you wish to exercise this right to information, you can contact us or our data protection officer at any time.
7.2 Right to rectification pursuant to Art. 16 GDPR
You have the right to immediate correction of incorrect data concerning you and/or the completion of your incomplete data stored by us; the correction or completion must take place immediately.
7.3 Right to erasure pursuant to Art. 17 GDPR
You have the right to demand that the personal data concerning you be deleted immediately if one of the following reasons applies and insofar as the processing is not necessary:
- The personal data were collected or otherwise processed for purposes for which they are no longer necessary.
- The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR.
- The personal data was processed unlawfully.
- The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
- The personal data was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.
If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by us, he or she may contact us at any time.
If the personal data has been made public and our company is obliged to delete the personal data in accordance with Art. 17 para. 1 GDPR, we shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform other data controllers who process the published personal data, that the data subject has requested the deletion of all links to this personal data or of copies or replications of this personal data from these other data controllers, insofar as the processing is not necessary.
7.4 Right to restriction of processing pursuant to Art. 18 GDPR
You have the right to demand the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is being verified, if you refuse to delete your data due to inadmissible data processing and instead demand the restriction of the processing of your data, if you need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;
If the processing of personal data concerning you has been restricted, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been restricted, you will be informed by the controller before the restriction is lifted.
Right to information in accordance with Art. 19 GDPR
If you have exercised your right to rectification, erasure or restriction of processing, the controller is obliged to inform all recipients to whom your personal data have been disclosed of this rectification or erasure of the data or restriction of processing, unless this is impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.
7.5 Right to data portability pursuant to Art. 20 GDPR
You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller, insofar as this is technically feasible.
7.6 Right of revocation pursuant to Art. 7 para. 3 GDPR
**You have the right to object at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
**You also have the right to revoke your declaration of consent under data protection law at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal **.
**In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
**If we process personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. This also applies to profiling insofar as it is associated with such direct advertising. If you object to direct advertising, we will no longer process your personal data for these purposes. However, we reserve the right to store your data in a so-called blacklist so that we can ensure that you are not the recipient of advertising from us in the future. The maintenance of a blacklist and thus the processing of your personal data is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR). We have an interest in ensuring that you are no longer the addressee of our advertising after your objection by maintaining the blacklist.**
**You also have the right to object, on grounds relating to your particular situation, to processing of personal data concerning you which is carried out for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, unless such processing is necessary for the performance of a task carried out for reasons of public interest.**
**You can contact us directly to exercise your right to object. You are also free, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.**
7.7 Right to lodge a complaint pursuant to Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority. You can contact the supervisory authority of your place of residence, your place of work or the place of the alleged infringement if you are convinced that the processing of your personal data violates data protection regulations. The State Commissioner for Data Protection of Lower Saxony, Prinzenstr. 5 in 30159 Hanover, telephone 0511/120-4500, e-mail poststelle@lfd.niedersachsen.de is responsible for the provider of this website. You can also contact this authority. You can find a list of the contact details of the supervisory authorities here: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html. In this compilation of the Federal Commissioner for Data Protection and Freedom of Information you will also find the addresses of other national and European data protection authorities.
8 Legal bases of the processing
All data processing is based on a valid legal basis (cf. Art. 5 para. 1 lit. a GDPR – principle of lawfulness/principle of lawfulness. We process personal data either on the basis of consent, to fulfill a contract or a legal obligation or on the basis of our legitimate interest.
8.1 Consent
If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR if special categories of data pursuant to Art. 9 para. 1 GDPR (e.g. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation) are processed.
In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information on your end device or information stored there, the data processing is also carried out on the basis of Section 25 (1) of the German Data Protection Act (TTDSG). Consent can be revoked at any time.
8.2 Fulfillment of a contract
If the processing of personal data is necessary for the \*\*fulfillment of a contract\*\* to which you are a party (e.g. in the case of a purchase or consulting contract), the processing is based on Art. 6 para. 1 lit. b GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services.
8.3 Legal obligation
If our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 para. 1 lit. c in conjunction with. para. 3 GDPR.
8.4 Vital interests
In rare cases, it may be necessary to process personal data in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if you were injured during a visit to our company and we then had to pass on your name to a doctor, hospital or other third party. The processing would then be based on Art. 6 para. 1 lit. d GDPR.
8.5 Legitimate interest
Processing may also be based on a so-called legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company (e.g. intention to make a profit, presentation of the company, etc.) or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. The balancing of any conflicting interests is always a case-by-case assessment and decision, whether process- or system-related.
According to EC 47 sentence 2, a legitimate interest in data processing exists if the data subject is a customer of the controller or if the processing of personal data is necessary for the prevention of fraud, etc. (cf. EC 47 sentence 6). (cf. EC 47 sentence 6) or for the purposes of direct marketing (cf. EC 47 sentence 7).
9 Data processing by this website
9.1 Collection of general data and information
Our website collects a range of general data and information each time it is accessed. This general data and information is stored in the server log files. The following can be recorded
- browser types and versions used,
- the operating system used by the accessing system, – the website from which an accessing system reaches our website (so-called referrer URL),
- the sub-websites which are accessed via an accessing system on our website,
- the date and time of access to the website,
- Amount of data sent in bytes
- an Internet Protocol address (IP address),
- the Internet service provider of the accessing system and
- other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
This data is not merged with other data sources. The data is always anonymized. However, it is generally possible that we may not or cannot carry out anonymization due to legal, official or judicial requirements.
The basis for the collection of general data and information when you visit our website is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. If you do not conclude a contract with us or no pre-contractual measures are necessary, we process the data on the basis of Art. 6 para. 1 lit. f GDPR (so-called “legitimate interest”). Insofar as we are legally obliged to process data, the processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR. If we request your consent to the processing, the legal basis for the data processing is Art. 6 para. 1 lit. a, 4 no. 11, 7, 9 GDPR.
We do not use the above-mentioned information to draw conclusions about the data subject, but to
- to deliver the content of our website correctly,
- to optimize the content of our website and the advertising for it
- to ensure the long-term functionality of our information technology systems and the technology of our website, and
- to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack.
This anonymously collected data and information is therefore evaluated by us both statistically and with the aim of increasing data protection and data security in our company in order to ensure an optimal level of protection for the personal data processed by us.
The anonymous data of the server log files are stored separately from all personal data provided by you. It is therefore not possible to draw any conclusions about you. For example, we cannot determine which browser type you are using. We only have data on which browser types were used by visitors in a certain period of time.
If, for example, a visitor logs into the customer area incorrectly several times, we store the IP address – which is a personal date – in order to detect (hacker) attacks on our system and ward them off in good time.
If we have concrete evidence of unlawful use of our website, we will subsequently check the server log files and use the data, for example, to file a criminal complaint or assert civil claims.
If personal data is stored in log files, it will be deleted no later than seven days after use. Longer storage is possible if, for example, unlawful use has been detected and we wish to pursue this misconduct. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.
9.2 External hosting
Our website is technically hosted and stored by an external service provider (“hoster”). The personal data collected on this website is therefore stored directly on the hoster’s servers and not on servers that we maintain directly.
The hoster is used for the purpose of fulfilling contracts with our customers or initiating contracts with potential customers (Art. 6 para. 1 lit. b GDPR) and in our interest in a secure, fast and efficient provision of our online offer as well as the presentation of our company and our services by a professional provider (so-called “legitimate interest” within the meaning of Art. 6 para. 1 lit. f GDPR).
After weighing up our interests against your interests, in particular your right to informational self-determination, we have come to the conclusion that our interests prevail; the interference with your rights is minimal. You are also free to use our offer or not and to disclose data.
Our hoster processes your data only to the extent necessary to fulfill its contractual obligations to us. We have concluded a contract with the hoster for the processing of personal data on our behalf (so-called “order processing contract”) and thus comply with the strict requirements of the General Data Protection Regulation, the Federal Data Protection Act and other laws. Data is only processed by the hoster on our instructions and within the framework of the applicable laws; in particular in compliance with the protection of your data.
We work together with the hoster Raidboxes GmbH Hafenstraße 32, 48153 Münster (Germany). Further information can be found on the provider’s website, in particular in the privacy policy or the information on data protection https://raidboxes.io/legal/privacy/.
9.3 Cookie Consent Tool (COOKIE-MANAGER)
When we use technically unnecessary cookies (referred to as “cookies” above) on this website, for example to analyze information about your interaction on our website, we use a so-called cookie consent tool (referred to as “cookie consent tool” above). A cookie consent tool – or cookie manager – allows you to control the use of cookies according to your preferences. You can consent to the use of cookies or reject them. You can also specify which types of cookies you wish to accept. For example, you can allow functional cookies that are necessary for the basic functionality of the website, while blocking advertising cookies.
A cookie management tool also allows you to delete certain cookies when you no longer need them. This helps to protect your privacy and ensure that no outdated cookies store your browsing data. Furthermore, a cookie consent tool provides information about which cookies are used and for what purpose they are used.
We use the cookie manager cookiebot from the provider Cybot AS, Havnegade 39, 1058 Copenhagen, Denmark. Further information on data protection etc. can be found on the provider’s website https://www.cookiebot.com/de/, in particular in the privacy policy https://www.cookiebot.com/de/privacy-policy/.
9.4 Website modular system
We use a content management system (CMS) from the provider Elementor Ltd, Rehov Tuval 40, 5252247 Ramat Gan (Israel) for the design of our website. With the help of the CMS, we can also use many functions for our website and our web store without any programming effort. CMS process technical data such as operating system, browser, hosting provider, language and keyboard settings as well as other personal data (e.g. IP address, geographical location data).
The legal basis for the processing of personal data is our legitimate interest in designing our website efficiently and effectively (Art. 6 para. 1 lit. f GDPR). When weighing up our interests against your interests, in particular your right to informational self-determination, we have come to the conclusion that our interests prevail; the interference with your rights is minimal. You are also free to use our offer and disclose data. If the CMS uses cookies, you also have the option of objecting to their use.
Further information on data protection can be found on the website and in the provider’s privacy policy https://elementor.com/ .
In addition to the aforementioned content management system, we use tools from the provider Elfsight, LLC, 0015, Yerevan, Paronyana str., 19/3, 201, Armenia. This allows us to optimize the programming of our website. When using the so-called widgets, your IP address, information about the operating system and the browser used are transmitted to the provider. The processing (transfer) takes place on the basis of our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. When weighing up the interests, we have come to the conclusion that our interests in an efficient design of the website prevail, also because the provider cannot find out your name or address with the IP address. Based on the IP address, the provider only knows approximately in which region the end device was used – but not if you use an anonymization service. Further information can be found on the provider’s website https://elfsight.com/ and the privacy policy https://elfsight.com/privacy-policy/ We have concluded the contracts required under data protection law with the provider.
9.5 Communication
Due to legal regulations, the website contains information that enables quick electronic contact to our company and direct communication with us, which also includes a general address for so-called electronic mail (e-mail address).
If a data subject contacts the data controller by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller are stored for the purposes of processing or contacting the data subject. This personal data is not passed on to third parties.
If you contact us by email, telephone or fax, we will store and process your request, including all resulting personal data (name, request) for the purpose of processing your request. We will not pass on this data without your consent.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.
The data you send to us will be stored by us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
9.6 Social media
Social media channels (also known as social networks) are platforms (websites or apps) through which logged-in or registered users can provide content and share it with the general public or in groups to which only certain users have access, and can also network with other users. We use social media channels to present and optimize our corporate services, for advertising and marketing purposes and to keep in touch with our visitors, interested parties, applicants, partners and suppliers.
When you use our social media channel, personal data that you provide, such as your title, gender, name and e-mail address, will be collected. e.g. title, gender, name, e-mail addresses, contact details, etc.) and other personal data (e.g. data on usage behavior, IP address) are processed, i.e. collected, stored, evaluated, deleted, etc.
If you share media, e.g. publish photos, texts or videos, these are usually stored by the provider. The processing is carried out by the provider of the social media channel. The data is analyzed by the provider for the purpose of developing marketing and advertising strategies for the provider itself or for other companies and to draw conclusions about your interests, needs and purchasing behavior. As a rule, cookies are stored on your mobile device for this purpose.
We therefore also provide you with information on cookies and your rights in this privacy policy; the information and notices (e.g. on the right to object) naturally apply. We recommend that you also carefully read the provider’s data protection notices and declarations. There you will also find the necessary information on which data is processed, how long data is stored and what rights you have vis-à-vis the provider.
**Only use the social media channel if you have read and understood the data protection information.**
We ourselves have no significant influence on the processing of data by the respective provider. In particular, we do not know whether and how the data is processed, especially whether data is passed on to affiliated or third-party companies, but must rely on the information provided by the provider. We also cannot ensure that the data is not processed in third countries outside the EU for which an adequate level of protection for your data is not or cannot be guaranteed. Providers generally refuse to carry out checks or audits, including on site if necessary. You should therefore inform yourself about other possible risks if you make your data available to third parties or the public (all users of a social media channel). You will often no longer be able to delete data completely if you want to – e.g. because another user has stored the data in such a way (e.g. on their local storage medium) that you cannot access it or because you have no knowledge of the user, the storage and the storage location.
You should therefore handle your data and the data of other people (especially children) responsibly. If you yourself have a profile with a social media channel provider, the personal data generated through the use of our social media channel may also be linked to your profile by the provider. Depending on the social media channel or provider, the personal data may also be seen by other users of the channel and may also be processed for their own purposes.
With some providers, you can decide for yourself in the settings provided which personal data can be seen by third parties. Find out how you can protect your personal data. We assume that you are aware that your personal data is always at risk when using the Internet. We therefore strongly recommend that you take care of your personal data yourself. You should also only disclose personal data of third parties with their prior consent (e.g. in the case of images or texts).
9.6.1 Contract with the provider for the protection of your personal data
In its judgment of 29.07.2019 (case number C-40/17 – Fashion ID – published in the ECJ’s digital collection curia.europa.eu/juris/liste.jsf), the European Court of Justice ruled that in certain cases, the operator of the social media platform is jointly responsible with the website operator within the meaning of Art. 26 GDPR. Where this is the case, we have concluded a corresponding agreement with the provider. We process the personal data in compliance with the agreement. If the provider makes the contract text publicly accessible, we have linked it for you below. You can then also use the contract text to check whether you accept data processing. **If you do not agree, please do not use the channel.
9.6.2 Legal bases of the processing
If you have consented to the processing of your data, this consent is also the legal basis for data processing (Art. 6 para. 1 lit. a, Art. 4 no. 11, Art. 7 GDPR) when using the social media channel. In addition, your data is also processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or others. We have designed our website and the integration of social media channels in such a way that you are informed in good time (e.g. when you click on a button) that data will be transferred to the provider. We only use social media channels in such a way that your data is only transferred to the provider once you have given your consent.
9.6.3 Possible data processing in third countries
We cannot rule out the possibility that personal data may also be processed in third countries, in particular the USA. Please also note our information on data processing in third countries (see above).
9.6.4 Channels used
In the following compilation you will find further information on the channels we use:
Facebook (Provider: Meta Platforms Ireland Limited, address: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, website: https://www.facebook.com/, privacy policy: https://www.facebook.com/privacy/policy/)
Instagram (provider: Meta Platforms Ireland Limited, address: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, website: https://instagram.com, privacy policy: https://privacycenter.instagram.com/policy/)
LinkedIn (provider: LinkedIn Ireland Unlimited Company, address: Wilton Place, Dublin 2, Ireland Ireland, website: https://de.linkedin.com/, privacy policy: https://de.linkedin.com/legal/privacy-policy)
9.7 Application procedure
We enable you to apply online on our website. You will need to provide personal data in order to participate in the application process. This data may include personal master data such as first name, surname, address, date of birth, contact details such as telephone number or email address as well as data relating to your educational and/or professional background such as school and work references, data on training, internships or previous employers.
This data may come from an application form that you fill out online on the application platform or from the documents you provide, such as a cover letter, CV, application photo, certificates or other evidence. Data that is mandatory for participation in the application process is marked accordingly as mandatory information. Unless a third-party provider whose service we use to provide the online application function is named in this privacy policy, the data will not be passed on to third parties.
We process the above data for the purpose of carrying out the application process. If you have given us your consent, the legal basis for processing the data is Art. 6 para. 1 sentence 1 lit. a GDPR. Insofar as the processing of the above data takes place for the initiation of contractual relationships, the legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR, Art. 88 para. 1 in conjunction with. § Section 26 para. 1 sentence 1 BDSG. The application process ends when you are informed by us or after a period of twelve months. Once the application process has ended, we will generally delete your data within a further six months.
The data will generally be deleted as soon as it is no longer required for the purpose for which it was collected or the purpose has already been achieved. However, the data will not be deleted if we are obliged to continue to store the data due to legal or official requirements. Deletion will also not take place if the further processing of your personal data is necessary for the assertion, exercise, defense or defense of legal claims. In this case, we have a legitimate interest in the further processing of your personal data. The legal basis in this case is Art. 6 para. 1 sentence 1 lit. f GDPR, as we have a legitimate interest in asserting or defending against legal claims, etc.
In the event that an employment relationship, training relationship, internship or other employment relationship is established following the application process, the data will initially continue to be stored and transferred to the personnel file.
As part of the application process, you should only provide us with the personal data that is necessary for participation in the application process and its implementation. There is no legal or contractual obligation to provide data, unless there is an obligation to apply for other reasons (e.g. official request, etc.). However, we would like to point out that we cannot carry out the application process and consider your application without this data. The same applies in the event of an objection to the processing of your data. If you are obliged to apply, we will inform the respective institution of the application or the revocation of the processing, if this makes it impossible for us to carry out the application procedure.
We also offer you the opportunity to have your application saved in an application pool. This gives you the opportunity for us to consider your application beyond the specific reason for your application in other future application procedures. The storage of your application in the application pool requires your consent, which we will request on a case-by-case basis. The legal basis for processing (inclusion in the applicant pool) is Art. 6 para. 1 sentence 1 lit. a GDPR if consent has been given. You can revoke the consent given to us at any time with effect for the future (cf. Art. 7 para. 3 GDPR; see additional information in the “Consent” section).
9.8 Web analytics
Web analysis services enable us to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data may be summarized in a profile that is assigned to the respective user or their end device.
Technologies are used that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected about the use of this website is usually transmitted to a server of the provider and stored there.
The use of these analysis tools is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
Data may be transferred to the USA; please note our information in the “Definitions” section on the keyword “Data transfer to third countries”.
As far as possible, we have activated the IP anonymization function. This shortens your IP address. Only in exceptional cases will the full IP address be transmitted to a server of the provider in the USA and only shortened there. This information is used to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage.
This website uses functions of the following web analysis services.
Google Analytics (Provider: Google LLC, address: 1601 Amphitheatre Parkway Mountain View, CA 94043 USA, website: https://www.google.com/, privacy policy: https://policies.google.com/privacy?gl=DE&hl=de)
Further information can be found in this privacy policy under the keywords “Cookies”, “Cookie Consent Manager”, “Consent” as well as on the website of the respective provider, in particular in the privacy policy.
9.9 Video
We use the tools of various providers to integrate and provide videos. Further information on the processing of your data and your rights can be found on the website of the respective provider, in particular in the information on data protection.
We work together with the following providers:
Youtube (Provider: Google Ireland Limited, address: Gordon House, Barrow Street Dublin 4, Ireland, website: https://www.youtube.com, privacy policy: https://policies.google.com/privacy?hl=de&utm\_source=ucb)
The legal basis for processing is our legitimate interest (cf. Art. 6 para. 1 sentence 1 lit. f GDPR) in the effective and efficient provision of videos to present our company and our products. As far as possible and reasonable, we only use the videos if you have given your express prior consent (cf. Art. 6 para. 1 sentence 1 lit. a GDPR). If this is not possible because, for example, a video is used to display our website – e.g. in the header of a page – we make sure that no other personal data is processed apart from your IP address, which is necessary for the delivery of the video. The contracts required under data protection law have been concluded by us; compliance with data protection regulations by the provider is regularly checked by us – usually annually by a data protection auditor commissioned by us.
Your data may also be processed outside the EU or the EEA; please note our information on this (see “Third countries/third countries, transfer of data to third countries” above).
10 Minors
Our Services are not directed to children under the age of 13. We do not knowingly collect information from children under the age of 13. If you are under the age limit, do not use the Services and do not provide us with your Personal Data. If you are a parent of a child under the age limit and you become aware that your child has provided us with personal data, please contact our data protection officer (see above for contact details) or us directly immediately so that we can take the necessary steps, such as blocking or deleting the data.
11 Copyright to the privacy policy
The copyright to this privacy policy lies with
OCHSENFELD+COLL Rechtsanwälte Bahnhofsallee 9, 31134 Hildesheim, Germany Phone +49 (0) 5121 10221-0 Fax +49 (0) 5121 10221-22 E-mail ticket@ochsenfeld.com Website https://www.ochsenfeld.com
**Duplication, processing, distribution and any kind of exploitation outside the limits of copyright law and a contract of use require the written consent of OCHSENFELD+COLL Rechtsanwälte. Anyone who violates copyright law, e.g. by using texts or parts of texts without written consent, is liable to prosecution and must expect a warning with costs and claims for damages.
If you are of the opinion that this data protection declaration is incorrect, in particular incomplete, please contact us so that we can remedy the situation immediately.
We reserve the right to amend this privacy policy with effect for the future without notice or notice period.