Affected
This data protection declaration is directed at all persons who visit the website here. All personal designations refer to all genders and the associated language forms, in particular diverse, female, male. Each personal designation is to be understood with the addition "(m/f/d)".
Responsible
The person responsible for the processing described here is: Greator GmbH, Brüsseler Str. 89-93, Phone: +49 (0)221 - 6695980, Fax: +49 (0)221 - 9543235, [email protected]. The managing directors are Dr. med. Stefan Frädrich and Mr. Alexander Müller. The external data protection officer is lawyer Dr. Stephan Gärtner, [email protected].
Right
(1) The data subjects have the following rights with regard to the data stored about them: the right to information, the right to correct incorrect data, the right to delete data for which there is no longer a reason for storage, to restrict processing and to data portability. Furthermore, they have the right to complain to the supervisory authority responsible for the controller.
(2) Insofar as the processing is based on the consent of the data subjects, the data subjects may revoke their consent at any time and with effect for the future; for example, by sending an informal message to one of the above-mentioned contact channels (responsible party).
(3) Insofar as the processing is based on the fulfillment of a legitimate interest, thus on Article 6 (1) sentence 1 lit. f DSGVO, the data subjects may object to the processing at any time; for example, by sending an informal message to one of the above-mentioned contact channels (responsible party). If the objection is justified, the processing will be terminated. If the legitimate interest lies in direct marketing; the objection is always justified.
Transfer to countries outside the European Union
(1) If personal data are transferred to entities outside the European Union, the controller must communicate supplementary safeguards pursuant to Article 44 et seq. GDPR shall be communicated.
(2) If the controller refers to a so-called adequacy decision in the following privacy statement, this means that the receiving entity is located in a country, territory or specific sector for which the EU Commission has decided that it provides an adequate level of data protection. The guarantee then follows from Article 45 GDPR.
(3) Insofar as the controller refers to the so-called EU standard contractual clauses in the following data protection declaration, this means that the receiving entity has contractually committed itself to respecting the EU data protection principles and has done so on the basis of the so-called EU standard contractual clauses, The guarantee then follows from Article 45 DSGVO.
(4) Insofar as the controller refers to so-called binding, internal data protection regulations in the following privacy statement, this means that the competent supervisory authority has approved the transfer. The guarantee then follows from Article 47 DSGVO.
(5) If the controller refers in the following privacy statement to the fact that the data subjects have expressly consented to the transfer to a country outside the European Union, this means that they nevertheless consent to the transfer in full knowledge of all the risks involved. The guarantee then follows from Article 49 (1) lit. a DSGVO. In this context, we draw attention to the following risks: In the USA, the Republic of India and the Russian Federation, no data protection law comparable to the GDPR has been codified. The state authorities there have approved intensive data access, whereby the principle of proportionality regulated in the EU is not applied. Furthermore, there is no effective legal protection for EU citizens in these countries. The same applies in the People's Republic of China, but to a considerably more serious extent, since no legal protection for EU citizens is conceivable there at all.
(6) The above information is provided only as a precautionary measure. They shall only apply if and insofar as reference is made to them in the following data protection declaration.
More hints
(1) Automated decision-making, including profiling, does not take place.
(2) A legal obligation to process exists only insofar as reference is made below to Article 6 (1) sentence 1 lit. c DSGVO.
Data processing in principle
(1) The data subjects initially use the website for information purposes, i.e. they call up the website without actively interacting with it. In doing so, the responsible party collects the following data of the data subjects, insofar as this is technically necessary for the presentation of the website: IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, data volume transferred in each case, Internet page from which the request comes, browser, operating system and its interface, language and version of the browser software. The purpose is the presentation of the website. The legal basis is Article 6 (1) sentence 1 lit. f DSGVO, whereby the legitimate interest results from the aforementioned purpose.
(2) After the end of the informative use, the data will be deleted. The purpose is the fulfillment of a legal obligation (Article 5(1) litt. a, e DSGVO). The legal basis is Article 6 Paragraph 1 Sentence 1 lit. c DSGVO.
Data processing on the basis of a legitimate interest
(1) In addition to the data processing in principle, the controller processes the data of visitors to the website on the basis of a legitimate interest. The legal basis is then Article 6 (1) sentence 1 lit. f DSGVO.
(2) Attention is drawn to the following processing operations:
Advertising approach to contractual partners
The data controller processes the e-mail address and name of the data subjects in order to send them useful information by e-mail at regular or irregular intervals. Furthermore, he stores the information that a contractual relationship exists or existed between them and him in order to be able to prove the legitimate interest. The legitimate interest here follows from the fact that a contractual relationship exists between the data subjects and the controller, in the context of which the promotional approach by e-mail is part of the usual expectations of the data subjects. This is supported by recital 47, sentence 7. The following data is processed here: (1) e-mail address, (2) name and (3) the status data of the contractual relationship. Special note on the right to object: Data subjects may object to the use of their data for this purpose at any time; for example, by sending an informal message to the person responsible (contact channels can be found at the beginning of this statement and in the imprint). In particular, the data subjects may object without incurring any costs other than the transmission costs according to the prime rates.
Rights management and external legal advice if necessary
Insofar as the data subjects assert claims - of whatever nature - against the data controller here, the data will be processed as follows:
1. the person in charge receives the request and stores all the data related to it.
2. the responsible person uses this data to examine the request. If necessary, he will seek external legal advice.
3. if the request is justified, the data will be used to comply with the request. Otherwise, the data will be used to inform the data subjects.
4. the controller shall retain the data that exists in the processing referred to in points 1 to 3 for three years, starting from December 31 of the calendar year in which step 3 took place.the legitimate interest in points 1 to 3 follows from the interest of the data subjects that the claims be processed and from the interest of the controller to avoid claims and sanctions. The legitimate interest at number 4 follows from the need of the responsible party to be able to defend itself later against civil claims and accusations of fines and criminal law. This interest in storage according to number 4 ends with the expiry of the limitation period according to §§ 193, 195 BGB. The following data is processed in this context: Name, contact data and communication content.
External web hosting
The responsible party has commissioned third-party service providers to provide storage space and delivery for the publication of this website. In order for these service providers to fulfill their mission, they inevitably receive some data of the data subjects. The legitimate interest follows from the claim to be allowed to present oneself publicly. In this context, the following data are processed: IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, Internet page from which the request comes, browser, operating system and its interface, language and version of the browser software; possibly also communication and interaction data from the behavior of the data subjects.
Evaluation
The data subjects have the possibility to evaluate the data controller here as well as its products/services, starting from this website. Three processing operations are to be distinguished:
a. First, a rating plugin is displayed on this website. As soon as the data subjects click on it, both the information that the data subjects are on this website and that they have clicked on the plugin are transmitted to us and an external third-party provider, i.e. the web server automatically saves some access data (server log file, your IP address, date and time of the retrieval, amount of data transferred and the requesting provider). This access data is not evaluated and is automatically overwritten a short time after the end of your visit to the site.
b. As soon as the data subjects submit a rating, the third-party provider processes their data for the purpose of presenting the rating and, if applicable, for further purposes about which this provider must inform the data subjects.
c. After the data subjects have submitted a rating, the third-party provider transmits the name and - if disclosed by the data subjects - the e-mail address as well as the customer ID of the order transaction to the data controller here.
The purpose of all three processing operations is that the data controller here grants the data subjects the voluntary opportunity, irrelevant to the contractual arrangement, to evaluate him and his products/services independently of his sphere of influence. In the case of processing operation lit. b u. c, the purpose is added that the evaluation is to be verified by concrete contractual relationship with the responsible party. The legitimate interest also follows from this.
In the case of processing operations b., c., the controller here is not a controller within the meaning of Article 4(7) of the GDPR, but rather the providers of the respective rating platforms. The legal basis of the processing is therefore disclosed by the respective rating platforms.
The following data is processed: Name, evaluation content, verification status of the contractual relationship.
Affiliate (active)
The responsible person recommends products and/or services of third parties to the visitors of his online presence. If the data subjects are forwarded to a recommended merchant or service provider via a link, plugin or other forwarding method, the responsible party processes this information and may receive a commission from the recommended merchant and/or service provider on this basis. The purpose is to document successful recommendations with the aim of being commissioned for them. This is also the legitimate interest. The following data is processed in this context: Statistical information about the data subjects is collected for the provision of the advertisements. This includes all data that is collected anyway in the context of informational use (see above) as well as the forwarding status, if applicable.
Data processing in connection with contracts
(1) In addition to the data processing in principle, the controller processes the data of visitors to the website in order to establish, execute and/or terminate contracts. The legal basis is then in principle Article 6 paragraph 1 sentence 1 lit. b DSGVO. Only in the event that the data subjects are employees (including applicants), the legal basis is Article 88 DSGVO in conjunction with. § Section 26 (1) BDSG2018.
(2) Attention is drawn to the following processing operations:
Form
The data controller provides a form tool on the website. This is used for communication between the data subject and the data controller, whereby the data subject's entries are documented and transmitted to the data controller. The following data is processed in the process: Data on the content, manner and scope of the entries in the respective form.
Payment
The data subjects visit the website and make declarations there (e.g. the activation of checkboxes, shopping cart decisions) that are aimed at concluding a contract that is subject to a charge. In this respect, the responsible party provides the option of online payment. For this purpose, you will be directed to a payment provider who will accept the payment order, execute it and send the responsible party confirmation that the payment has been completed. The following data are processed in the process: Payment status.
Reseller
If the data subjects wish to acquire access to the products/services of the responsible party here, they will in some cases be forwarded to a third-party provider. This is because this company, in its function as a reseller, makes the respective product or service available to them, possibly against payment. In this respect, the reseller itself is the data controller. The responsible party here then processes all the data it receives from the reseller in order to fulfill the contract. The following data will be processed: With the help of the reseller, the responsible party here collects, stores and uses the information,
1. that and for how long the persons concerned use the product or service and
2. when the data subjects terminate the contractual relationship.
The person in charge receives the information from the reseller.
Appointment
If the persons concerned wish to make an appointment for a meeting with the person responsible here, they can view available appointments via an appointment booking portal that is integrated on this website and simply choose one. The data controller here will then receive a notification from the appointment booking portal. The following data will be processed in the process: all data collected when making an appointment (usually name, e-mail address, appointment).
Recruiting
The data subjects can apply for employment on this website via a recruiting area and/or another contact channel. The data controller receives and processes this data in order to prepare a pre-selection and, if necessary, an interview and/or trial work day, or to communicate it for other purposes relevant to the application. In doing so, the data controller may
1. Access an internal area and view the applicant data (including the application documents and the date of receipt of the application).
Subsequently, there is the possibility that he
2. makes notes associated with the application data,
3. Conduct internal company communication about your application (if necessary, with the departments concerned),
4. document the decision to proceed with the application,
5. Execute and document the invitation to one or more interviews,
6. execute and document the invitation to one or more trial work days,
7. transmit the employment contract document,
8. Transmit and document a cancellation,
9. perform onboarding activities,
10. store the data of the data subjects, subject to their consent, in an applicant pool.
The following data are processed in the process: aall data from the application and other communication content between the data subjects and the data controller here.
Login area
On this website, the data subjects have the possibility to register for the use of an internal area, to subsequently log in to it and finally to log out again. When they register for the internal area, the responsible party collects the data that they provide during the registration process. Within the internal area, the responsible party registers actions of the data subjects to the extent necessary to provide the internal area with its functions. The following data is processed: (1) the registration data entered by the data subjects, (2) the data on logins, (3) on actions performed by the data subjects within the log-in area, (4) on the log-out status.
Automation in contract-related communication
In the context of the establishment, execution and/or termination of contracts, the responsible party has automated parts of the communication with you. In doing so, he processes all communication data of the data subjects that trigger automatic reactions of the data controller here, such as the delivery of a product or service. He controls in this respect
1. the collection of your personal data upon initiation of the respective contract,
2. the communication (in particular by e-mail) with the data subjects required for the establishment, performance and/or termination of the contract, as well as
3. the delivery of the products and/or services.
In this context, the following data will be processed: (1) all contact and order data entered by you, (2) payment data, if applicable, (3) data on delivery, and (4) data on the assertion of rights of the data subject and the response of the data controller here.
Data processing on the basis of consent
(1) In addition to the data processing in principle, the controller processes the data of visitors to the website on the basis of consent. The legal basis is then in principle Article 6 (1) sentence 1 lit. a DSGVO. Only in the event that the data subjects are employees (incl. applicants), the legal basis is Article 88 DSGVO in conjunction with. § Section 26 (2) BDSG2018.
(2) Attention is drawn to the following processing operations:
Analysis of usage behavior
So-called cookies are used to analyze the user behavior of the data subjects on this website. These are text files that are stored on the computer of the data subject and enable an analysis of the use of the website. The information about the usage behavior is used to create reports about the activities and interactions. The data controller here uses this data to be able to regularly improve the user experience on the website. The statistics obtained also enable him to improve his offer in order to direct the interest of the data subjects more specifically to products and services that are suitable for them. The following data is processed: cookie-based data about the interactions (ins. sequence of interactions, dwell time).
Social media / networks
The controller uses social media and social networks. Neither does he have any influence on the data collected and data processing operations, nor is he fully aware of the full extent of the data collection, the purposes of the processing, the storage periods and the circumstances of the deletion of personal data. If the data subjects visit the company and product pages of the data controller in social media or advertisements (so-called ads), there is the possibility that the providers of the social media and networks store the data collected about them as usage profiles and use these for the purposes of advertising, market research and/or demand-oriented design of their websites. The data subjects have a right to object to the creation of these user profiles, whereby they must contact the respective provider to exercise this right. Insofar as the data controller here can influence the type and scope of the processing of personal data associated with this, its purpose is to present the data controller, to analyze the usage behavior of the data subjects with regard to interaction with the company and/or product page maintained there, and to communicate with the data subjects via this social network (possibly in an advertising manner).
If and to the extent that the controller analyzes visitor interactions with its corporate site, both it and the respective provider of the social network or medium are jointly responsible in this respect under data protection law; this pursuant to Article 26 DSGVO. In all other cases, the respective provider of the social network or medium is commissioned in accordance with Article 28 DSGVO.
In addition to the general statements on the legal basis, the following should be noted: If the data subjects themselves maintain a profile with the respective social network or medium, the legal basis is also the consent within the meaning of Article 6 (1) sentence 1 lit. a DSGVO that they have given to the provider of the respective social network.
The following data is processed in this context: Cookie- or pixel-based data about the interactions with the website as well as the company and/or product pages of the responsible party, the e-mail address, the name and the communication data, if applicable.
Video playback
A video playback tool is used to present its own and/or third-party videos to the data subjects within the scope of this Internet presence, but also on the channel of the responsible party, if applicable. When the data subjects start these videos, both the provider of the video playback solution and the responsible party document this in order to be able to subsequently display interest-based information and ads to the data subjects. In doing so, the following data is processed: Cookie-based data that transports the following information: (1) information that the data subjects have visited this website (including the specific subpage, if applicable), (2) information that a specific video has been clicked on.
Useful information by e-mail
The data controller may process the data subjects' data in order to send them useful promotional information by e-mail. This is a regular and irregular electronic newsletter. At the beginning, they provide the data that the data controller requests for registration. After carrying out the double opt-in procedure, he uses this data to address the data subjects by means of these e-mails in an advertising manner. In doing so, the following data is processed: Cookie-based data that transport the following information: The data controller processes the data that the data subjects voluntarily provide to it for this purpose (usually e-mail and name) as well as the data that it needs to prove that consent has been granted (opt-in status data) and, if applicable, data for revoking consent.
Map display
On this website, a map is displayed that shows the data subjects directions to the site. As soon as the data subject accesses the corresponding page, the data, which is yet to be named, is transmitted to the data controller here as well as to the provider of the map service. The map will only be displayed if consent has been given in advance. The following data will be processed: (1) data about the use of this website, (2) IP address and, if applicable, (2) data about the address entered for route planning.
Turing test
To prevent misuse, a Turing test tool is used on this website. In this process, the persons concerned have to solve a short task, such as reproducing numbers written in italics by keyboard entries or recognizing pictures. These inputs are documented. The result is examined to determine whether it is human or machine input. Based on this information, a decision is made as to whether certain processing operations (e.g. registration) can be continued or not. The following data is processed in this process: Input data.
Data processing for the fulfillment of a legal obligation
(1) In addition to the data processing in principle, the controller processes the data of visitors to the website in order to fulfill a legal obligation. The legal basis is then Article 6 (1) sentence 1 lit. c DSGVO.
(2) Attention is drawn to the following processing operations:
Retention of data in connection with contracts
Insofar as the responsible party collects data in order to establish, execute and/or terminate contracts, it shall in principle retain data relevant to the taxation of the responsible party for six years. In derogation of this, data shall be retained for ten years. The respective period begins in the year in which the document was created. The purpose is to fulfill the legal obligation to retain data from § 147 AO.
Retention of data proving the granting of consent
Insofar as the controller processes data on the basis of consent, it shall store the data proving the granting of consent for three years. The period begins when the consent is revoked or the processing subject to consent ends, whichever occurs earlier. The purpose is to fulfill the retention obligation pursuant to Article 7(1) DSGVO in conjunction with. Article 5(2) DSGVO. The period is determined according to the statute of limitations under regulatory offence law pursuant to Section 31 (2) no. 1 OWiG in conjunction with. Article 83 (4), (5) DSGVO.
Double-Opt-In
In order to obtain consent for advertising by e-mail, the responsible party uses the so-called double opt-in procedure. This means that he sends the data subjects an e-mail to the specified e-mail address after their registration, in which he asks them to confirm their consent. If they do not confirm their registration within 30 days, their information will be blocked and automatically deleted after one month. In addition, the responsible party stores their respective IP addresses used and times of registration and confirmation. The purpose of the procedure is to be able to prove their registration and, if necessary, to clarify a possible misuse of their personal data. The legal obligation follows from Article 7(1) DSGVO and Article 5(1) DSGVO. This is because according to these provisions, the controller here is legally obliged to document that consent has been obtained. This is only possible if he collects the data of the data subjects for verification purposes.
Processors and third parties receiving data
The following third-party providers receive access to personal data of visitors to the website as part of the data processing described above:
Third-party provider: The web host "AWS" of Amazon Web Services EMEA SARL, Sàrl. (Luxembourg - EU), which has also been commissioned in accordance with Article 28 DSGVO. More details on the manner of processing by this third-party provider are described here: https://aws.amazon.com/de/websites/getting-started/. It cannot be ruled out that the parent company Amazon Web Services, Inc. (USA) may gain access (e.g. for maintenance purposes). However, this does not prevent the commissioning, as Amazon Webservices Inc. (USA) has committed itself in accordance with the EU standard contractual clauses.
Third-party provider: A content delivery network (CDN) is also used. With a CDN, the responsible party can achieve additional performance. The content is duplicated on several data centers and thus distributed all over the world. In this way, even users who are far away from the actual web hosting provider can achieve fast loading times. The CDN "Cloudflare" of Cloudflare, Inc. (USA) is used for this purpose. The use of this third-party provider is not prevented by the fact that it is based outside the EU. This is because the provider has committed itself in accordance with the EU standard contractual clauses.
Third-party provider: The tool "Trustpilot" of Trustpilot A/S, (Denmark - EU) is used. More details about the way of processing at this third party provider is described here: https://de.legal.trustpilot.com/for-reviewers/guidelines-for-reviewers.
Third-party provider: The form tool of Typeform, SL (Spain - EU) is used, which has been contracted in accordance with Article 28 of the GDPR. More details about the way of processing at this third party provider is described here: https://www.typeform.com/product/.
Third-party provider: The payment service "Paypal" of the provider PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxembourg - EU) is used. Before the data subjects use this payment service, they must create their own account with this provider. For this purpose, they provide the provider with the data required for this purpose. If they subsequently encounter service providers, such as the data controller here, who accept a payment via this payment service, they authorize this provider to transfer money to the data controller here. In doing so, the provider freely obtains information about your purchasing behavior. The provider therefore does not act here as an instruction-dependent processor of the data controller here, but as a payment service provider of the data subjects. More details on the manner of processing by this third-party provider are described here: https://www.paypal.com/de/home. In particular, the following data will be processed by the data controller: Information,
1. that the persons concerned use this service as well as,
2. that, in what amount and at what time the persons concerned pay,
3. personal data and account information necessary to complete the transaction; and
4. personal data required by the responsible party to clarify conflicts and to check and prevent fraud. The information to 2., to 3. and to 4. the responsible person receives from the provider.
Third-party provider: The payment service "sofortüberweisungen" of the provider SOFORT GmbH (Germany - EU) is used. If, in the legal relationship between the data subject and the data controller here, a payment transaction of the data subject is pending, the data subjects will be redirected to the website of this provider, where they enter their access data required for online banking. This provider then checks whether the account covers the amount to be transferred (account coverage check) and whether any instant transfers have been successfully made from this account in the last 30 days. After a positive check, the provider transmits the transfer order they have approved to the bank in electronic form and informs the person responsible here that the transfer has been successfully set up. The provider therefore does not act here as an instruction-dependent processor, but as a Payment service provider of the data subject. More details on the manner of processing by this third-party provider are described here: https://www.klarna.com/sofort. In particular, the following data will be processed by the data controller: Information,
1. that the persons concerned use this service as well as,
2. that, in what amount and at what time the persons concerned pay.
This message includes only the data from the transfer form (name, account number, bank code, subject, transfer amount) as well as the date (with time) and the transaction identifier (e.g. order number) selected by the person responsible here. In the case of SEPA transfers and insofar as, depending on the bank, BIC and IBAN are required to set the transfer in the online banking account of the person responsible, the confirmation shall also contain BIC and IBAN. The information on 2. is given to the Responsible Provider.
Third-party provider: The payment service "Stripe" of the provider "Stripe" is used. Stripe Payments Europe, Ltd (Ireland - EU) which has been commissioned in accordance with Article 28 DSGVO. Stripe Payments Europe, Ltd. is a subsidiary of the US-based Stripe, Inc. Stripe Payments Europe, Ltd. is subject to European data protection law. More details on how this third-party provider processes your data are described here: https://stripe.com/de/payments. In particular, the following data will be processed by the data controller: Information,
1. that the persons concerned use this service as well as,
2. that, in what amount and at what time the persons concerned pay,
3. personal data and account information necessary to complete the transaction; and
4. personal data required by the responsible party to clarify conflicts and to check and prevent fraud. The information to 2., to 3. and to 4. the responsible person receives from the provider.
Third-party provider: The reseller used is Digistore24 GmbH (Germany - EU). More details about the way of processing at this third party provider is described here: https://www.digistore24.com/de/vendors.
Third-party provider: ELOPAGE GmbH (Germany - EU) is used as reseller. More details about the way of processing at this third party provider is described here: https://elopage.com/reseller.
Third-party provider: The appointment booking tool "HubSpot" of HubSpot, Inc. (USA) is used, which has been commissioned in accordance with Article 28 DSGVO. More details on the manner of processing by this third-party provider are described here: https://www.hubspot.de/products/sales/schedule-meeting. The use of this third-party provider is not prevented by the fact that it is based outside the EU. This is because the provider has committed itself in accordance with the EU standard contractual clauses.
Third-party provider: The recruiting tool "Personio - Recruiting" of Personio GmbH (Germany - EU) is used, which has been commissioned in accordance with Article 28 DSGVO. More details about the way of processing at this third party provider is described here: https://www.personio.de (there under the tab "Functions").
Third-party provider: In connection with the automation, the interface tool "Zapier" of Zapier, Inc. (USA) is used, which has been commissioned in accordance with Article 28 of the GDPR. More details about the way of processing at this third party provider is described here: https://zapier.com/how-it-works. In short, Zapier allows the local controller to connect applications so that customer and prospect data can be automatically exchanged between the various applications. The fact that the provider is located outside the European Union does not prevent processing. This is because the provider has committed itself in accordance with the EU standard contractual clauses.
Third-party provider: In connection with the analysis of user behavior, the analysis tool "Google Analytics" of Google Ireland Ltd. (Ireland - EU) is used, which has been commissioned in accordance with Article 28 DSGVO. More details on the manner of processing by this third-party provider are described here: https://support.google.com/analytics/answer/9306384?hl=de. In this regard, it should be added: The IP address is shortened beforehand by the provider within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a server of the provider in the USA and shortened there. The IP address transmitted by the browser when using this tool is not merged with other data by the provider. The tool is also used for a cross-device analysis of visitor flows, which is carried out via a user ID. The data subjects can activate the cross-device analysis in their customer account under "My data", "Personal data". disable. For informational purposes, please note that this tool is used with the extension "_anonymizeIp()". This means that IP addresses are processed in abbreviated form, which means that they cannot be linked to a specific person. Insofar as the data collected about the data subject is related to a person, this is therefore immediately excluded and the personal data is thus immediately deleted. The processing is not prevented by the fact that the data is transmitted to the USA, possibly in cooperation with Google LLC (USA). This is because the personal data is only processed if the data subjects consent to the associated data transfer to the USA (cf. Article 49(1)(a) DSGVO).
Third-party provider: In connection with the analysis of usage behavior, the central control tool "Google Tag Manager" of Google Ireland Ltd. (Ireland - EU) is used, which has been commissioned in accordance with Article 28 DSGVO. More details on the manner of processing by this third-party provider are described here: https://marketingplatform.google.com/intl/de/about/tag-manager/. In this regard, it should be added: Through this tool, the responsible person can include various codes and services on this website in an orderly and simplified manner. This tool implements the tags or triggers the embedded tags. When a tag is triggered, the provider may also process personal data. In doing so, it cannot be ruled out that the provider also transmits the data to a server in a third country. However, the processing is not prevented by the fact that the data is transmitted to the USA, possibly in cooperation with Google LLC (USA). This is because the personal data is only processed if the data subjects consent to the associated data transfer to the USA (cf. Article 49(1)(a) DSGVO).
Third-party provider: In connection with the analysis of usage behavior, the analysis tool "Mouseflow" of Mouseflow, ApS (Denmark - EU) is used, which has been commissioned in accordance with Article 28 DSGVO. More details about the way of processing at this third party provider is described here: https://mouseflow.com/de/features/.
Third-party provider: In connection with the analysis of usage behavior, the analysis tool "Mouseflow" of Mouseflow, ApS (Denmark - EU) is used, which has been commissioned in accordance with Article 28 DSGVO. More details about the way of processing at this third party provider is described here: https://mouseflow.com/de/features/.
Third-party provider: The social network "Facebook" of Meta Platforms Ireland Limited (Ireland - EU) is used. However, it cannot be ruled out that a data transfer to or an integration of the parent company, Meta Platforms Inc. (USA) takes place. Insofar as the responsible party and the provider of the social network or medium presented here are jointly responsible, the agreement can be read here: https://www.facebook.com/legal/terms/page_controller_addendum. All information on the scope of application and allocation of responsibilities can be found there. In all other cases, the provider of the social network or medium has been commissioned in accordance with Article 28 of the GDPR. More details on the manner of processing by this third-party provider are described here: https://www.facebook.com/business/gdpr. The use of this third-party provider is not precluded by the fact that a transfer of data to or involvement of the parent company based in the USA cannot be ruled out. This is because the processing of personal data via this tool only takes place if the data subjects consent to the associated data transfer to the USA (cf. Article 49 (1) lit. a DSGVO). This is done vis-à-vis the controller here, insofar as it controls the data processing). Insofar as the provider of the social network or medium presented here controls the processing (for example, if the data subjects visit the social network independently of an action on this website), there is already no transmission by the controller to the USA, so that the controller here also does not have to provide any further guarantee within the meaning of Article 44ff. DSGVO. In this case, there is at most a relationship within the meaning of Article 26 of the GDPR between the controller here and the provider of the social network.
The responsible party also maintains a company or product page with this provider, which is also linked on this website. If the data subjects click on this link (meaning the link to the company or product page), they will be taken to the profile of the responsible party.
The responsible party has integrated a plugin of the provider of a social network or medium presented here on this website. If the data subject clicks on this plugin, they are taken to the profile of the responsible party. The responsible party uses the so-called two-click solution. This means that after the click, initially no personal data is passed on to the provider of the plug-in presented here. The provider can be recognized by the design of the plug-in (e.g. by the logo). The controller allows data subjects to communicate directly with the provider of the plug-in via the button. Only if they click on the marked field and thereby activate it, the provider receives the information that the data subjects have called up this website. Only then will the data described in more detail above be transmitted. By activating the plug-in, personal data of the data subjects is thus transmitted to the provider presented here and may be stored by it in the USA or transmitted there. This data transfer takes place regardless of whether the data subjects have an account with the provider presented here and are logged in there. If they are logged in to the provider, their data collected by the data controller here will be directly assigned to the account that the data subjects maintain with the provider presented here. It is advisable to log out regularly after using a social network, but especially before activating the button, as the data subjects can thus avoid an assignment to their profile with the provider.
The responsible party uses the "Facebook pixel". This is an analytics tool that allows the responsible party to measure the effectiveness of advertising. It is usually used to understand and track actions of people on a website. The responsible party has implemented the pixel on this website by placing the pixel code in the header of the website. When data subjects then visit the website and perform an action (e.g., complete a purchase), the pixel is triggered and the action is reported. In this way, the responsible party learns when a data subject performs an action and can evaluate this. There is also the option of extended matching, which the controller also uses and whose use is also covered by consent. The pixel also makes it possible to transmit data subjects' data (e.g., first name, last name, e-mail address, etc.) to the provider and enrich it with existing tracking data. In this way, it is also possible to collect data from data subjects who do not use this social medium or to record users who are not logged into this social medium while visiting this website. As a result, the data subjects are tracked via this social medium. More details on how this third-party provider processes this data are described here: https://de-de.facebook.com/business/help/742478679120153?id=1205376682832142.
The responsible party uses "Facebook Ads". With the help of the advertising media of this tool (so-called Facebook Ads), the person responsible here can draw attention to his offers within the framework of this social network or medium presented here. He can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. In this way, he pursues the interest of displaying advertising to the data subjects that is of interest to them, of making this website more interesting for them, and of carrying out a fair calculation of advertising costs. These advertisements are delivered by the provider presented here. If the data subjects access this website via an advertisement presented to them by this provider, a cookie will be stored on the data subjects' computer by the tool. These cookies are not intended to identify the data subjects personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie. Due to the tool used, the browser of the data subject automatically establishes a direct connection with the server of the provider presented here. The responsible party has no influence on the scope and further use of the data collected through the use of this tool. However, he communicates his level of knowledge: By integrating the advertising material of this tool, the provider presented here receives the information that the data subjects have called up the corresponding part of this website or clicked on an advertisement of the responsible party. If the data subjects are registered with a service of this provider, he can assign the visit to your account. However, even if the data subjects are not registered with the provider presented here or have not logged in, there is a possibility that the provider will find out and store their IP address. The data subjects can prevent participation in this tracking procedure in various ways: Either by setting your browser software accordingly; in particular, suppressing third-party cookies will result in data subjects not receiving ads from third-party providers. Or by deactivating the cookies. More details about the way of processing at this third-party provider are described here: https://de-de.facebook.com/business/ads.
Furthermore, the responsible party uses the so-called "Facebook Custom Audience". Here he uploads the data (usually the e-mail address), of course only after consent has been given, to the so-called "Facebook Custom Audience". This allows the data controller here to display interest-based advertisements ("Ads") to the data subjects when they visit the social network or medium provided by the provider. This is done as follows: He uploads the contact data (usually the e-mail address) to the provider presented here. The provider then checks whether the data subjects are registered with him using these contact data. If not, the contact data is not entered into the Custom Audience (a type of database that the responsible party maintains with this provider). In the affirmative, they will be entered in the Custom Audience of the responsible party. If the data subjects then visit the social network provided by this provider, the data controller here will have the opportunity to show the data subjects advertising that is of interest to them. More details on the manner of processing by this third-party provider are described here: https://de-de.facebook.com/business/help/341425252616329?id=2469097953376494.
Third-party provider: The social network "Instagram" of Meta Platforms Ireland Limited (Ireland - EU) is used. However, it cannot be ruled out that a data transfer to or an integration of the parent company, Meta Platforms Inc. (USA) takes place. Insofar as the responsible party and the provider of the social network or medium presented here are jointly responsible, the agreement can be read here: https://www.facebook.com/legal/terms/page_controller_addendum. All information on the scope of application and the allocation of responsibilities can be found there. In all other cases, the provider of the social network or medium has been commissioned in accordance with Article 28 of the GDPR. More details on the manner of processing by this third-party provider are described here: https://help.instagram.com/519522125107875. The use of this third-party provider is not precluded by the fact that a transfer of data to or involvement of the parent company based in the USA cannot be ruled out. This is because the processing of personal data via this tool only takes place if the data subjects consent to the associated data transfer to the USA (cf. Article 49(1)(a) DSGVO). This is done vis-à-vis the controller here, insofar as it controls the data processing. If the provider of the social network or medium presented here controls the processing (for example, if the data subjects visit the social network independently of an action on this website), there is already no transmission by the controller to the USA, so that the controller here also does not have to provide any further guarantee within the meaning of Article 44 et seq. of the GDPR. In this case, there is at most a relationship within the meaning of Article 26 of the GDPR between the controller here and the provider of the social network.
The responsible party also maintains a company or product page with this provider, which is also linked on this website. If the data subjects click on this link (meaning the link to the company or product page), they will be taken to the profile of the responsible party.
The responsible party has integrated a plugin of the provider of a social network or medium presented here on this website. If the data subject clicks on this plugin, they are taken to the profile of the responsible party. The responsible party uses the so-called two-click solution. This means that after the click, initially no personal data is passed on to the provider of the plug-in presented here. The provider can be recognized by the design of the plug-in (e.g. by the logo). The controller allows data subjects to communicate directly with the provider of the plug-in via the button. Only if they click on the marked field and thereby activate it, the provider receives the information that the data subjects have called up this website. Only then will the data described in more detail above be transmitted. By activating the plug-in, personal data of the data subjects is thus transmitted to the provider presented here and may be stored by it in the USA or transmitted there. This data transfer takes place regardless of whether the data subjects have an account with the provider presented here and are logged in there. If they are logged in to the provider, their data collected by the data controller here will be directly assigned to the account that the data subjects maintain with the provider presented here. It is advisable to log out regularly after using a social network, but especially before activating the button, as the data subjects can thus avoid an assignment to their profile with the provider.
The responsible party uses "InstagramAds". With the help of the advertising media of this tool, the person responsible here can draw attention to his offers within the framework of this social network or medium presented here. It can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. In this way, he pursues the interest of displaying advertising to the data subjects that is of interest to them, of making this Internet site more interesting for them, and of carrying out a fair calculation of advertising costs. These advertisements are delivered by the provider presented here. If the data subjects access this website via an advertisement presented to them by this provider, a cookie will be stored on the data subjects' computer by the tool. These cookies are not intended to identify the data subjects personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie. Due to the tool used, the browser of the data subject automatically establishes a direct connection with the server of the provider presented here. The responsible party has no influence on the scope and further use of the data collected through the use of this tool. However, he communicates his level of knowledge: By integrating the advertising material of this tool, the provider presented here receives the information that the data subjects have called up the corresponding part of this website or clicked on an advertisement of the responsible party. If the data subjects are registered with a service of this provider, he can assign the visit to your account. However, even if the data subjects are not registered with the provider presented here or have not logged in, there is a possibility that the provider will find out and store their IP address. The data subjects can prevent participation in this tracking procedure in various ways: Either by adjusting your browser software accordingly; in particular, the suppression of third-party cookies will result in data subjects not receiving ads from third-party providers. Or by deactivating the cookies. More details about the way of processing at this third-party provider are described here: https://business.instagram.com/advertising/.
Third-party provider: The social network "Instagram" of Meta Platforms Ireland Limited (Ireland - EU) is used. However, it cannot be ruled out that a data transfer to or an integration of the parent company, Meta Platforms Inc. (USA) takes place. Insofar as the responsible party and the provider of the social network or medium presented here are jointly responsible, the agreement can be read here: https://www.facebook.com/legal/terms/page_controller_addendum. All information on the scope of application and the allocation of responsibilities can be found there. In all other cases, the provider of the social network or medium has been commissioned in accordance with Article 28 of the GDPR. More details on the manner of processing by this third-party provider are described here: https://help.instagram.com/519522125107875. The use of this third-party provider is not precluded by the fact that a transfer of data to or involvement of the parent company based in the USA cannot be ruled out. This is because the processing of personal data via this tool only takes place if the data subjects consent to the associated data transfer to the USA (cf. Article 49(1)(a) DSGVO). This is done vis-à-vis the controller here, insofar as it controls the data processing. If the provider of the social network or medium presented here controls the processing (for example, if the data subjects visit the social network independently of an action on this website), there is already no transmission by the controller to the USA, so that the controller here also does not have to provide any further guarantee within the meaning of Article 44 et seq. of the GDPR. In this case, there is at most a relationship within the meaning of Article 26 of the GDPR between the controller here and the provider of the social network.
The responsible party also maintains a company or product page with this provider, which is also linked on this website. If the data subjects click on this link (meaning the link to the company or product page), they will be taken to the profile of the responsible party.
The responsible party has integrated a plugin of the provider of a social network or medium presented here on this website. If the data subject clicks on this plugin, they are taken to the profile of the responsible party. The responsible party uses the so-called two-click solution. This means that after the click, initially no personal data is passed on to the provider of the plug-in presented here. The provider can be recognized by the design of the plug-in (e.g. by the logo). The controller allows data subjects to communicate directly with the provider of the plug-in via the button. Only if they click on the marked field and thereby activate it, the provider receives the information that the data subjects have called up this website. Only then will the data described in more detail above be transmitted. By activating the plug-in, personal data of the data subjects is thus transmitted to the provider presented here and may be stored by it in the USA or transmitted there. This data transfer takes place regardless of whether the data subjects have an account with the provider presented here and are logged in there. If they are logged in to the provider, their data collected by the data controller here will be directly assigned to the account that the data subjects maintain with the provider presented here. It is advisable to log out regularly after using a social network, but especially before activating the button, as the data subjects can thus avoid an assignment to their profile with the provider.
The responsible party uses "InstagramAds". With the help of the advertising media of this tool, the person responsible here can draw attention to his offers within the framework of this social network or medium presented here. It can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. In this way, he pursues the interest of displaying advertising to the data subjects that is of interest to them, of making this Internet site more interesting for them, and of carrying out a fair calculation of advertising costs. These advertisements are delivered by the provider presented here. If the data subjects access this website via an advertisement presented to them by this provider, a cookie will be stored on the data subjects' computer by the tool. These cookies are not intended to identify the data subjects personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie. Due to the tool used, the browser of the data subject automatically establishes a direct connection with the server of the provider presented here. The responsible party has no influence on the scope and further use of the data collected through the use of this tool. However, he communicates his level of knowledge: By integrating the advertising material of this tool, the provider presented here receives the information that the data subjects have called up the corresponding part of this website or clicked on an advertisement of the responsible party. If the data subjects are registered with a service of this provider, he can assign the visit to your account. However, even if the data subjects are not registered with the provider presented here or have not logged in, there is a possibility that the provider will find out and store their IP address. The data subjects can prevent participation in this tracking procedure in various ways: Either by adjusting your browser software accordingly; in particular, the suppression of third-party cookies will result in data subjects not receiving ads from third-party providers. Or by deactivating the cookies. More details about the way of processing at this third-party provider are described here: https://business.instagram.com/advertising/.
Third-party provider: The social network "LinkedIn" of LinkedIn Ireland Unlimited Company (Ireland - EU) is used. However, it cannot be ruled out that a data transfer to or an integration of the parent company, the LinkedIn Corporation (USA) takes place. More details on the manner of processing by this third-party provider are described here: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv.. The use of this third-party provider is not precluded by the fact that a data transfer to or involvement of the parent company based in the USA cannot be ruled out. This is because the processing of personal data via this tool only takes place if the data subjects consent to the associated data transfer to the USA (cf. Article 49(1)(a) DSGVO). This is done vis-à-vis the controller here, insofar as it controls the data processing. Insofar as the provider of the social network or medium presented here controls the processing (for example, if the data subjects visit the social network independently of an action on this website), there is already no transmission by the controller to the USA, so that the controller here also does not have to provide any further guarantee within the meaning of Article 44ff. DSGVO. In this case, there is at most a relationship within the meaning of Article 26 of the GDPR between the controller here and the provider of the social network.
The responsible party also maintains a company or product page with this provider, which is also linked on this website. If the data subjects click on this link (meaning the link to the company or product page), they will be taken to the profile of the responsible party.
The responsible party has integrated a plugin of the provider of a social network or medium presented here on this website. If the data subject clicks on this plugin, they are taken to the profile of the responsible party. The responsible party uses the so-called two-click solution. This means that after the click, initially no personal data is passed on to the provider of the plug-in presented here. The provider can be recognized by the design of the plug-in (e.g. by the logo). The controller allows data subjects to communicate directly with the provider of the plug-in via the button. Only if they click on the marked field and thereby activate it, the provider receives the information that the data subjects have called up this website. Only then will the data described in more detail above be transmitted. By activating the plug-in, personal data of the data subjects is thus transmitted to the provider presented here and may be stored by it in the USA or transmitted there. This data transfer takes place regardless of whether the data subjects have an account with the provider presented here and are logged in there. If they are logged in to the provider, their data collected by the data controller here will be directly assigned to the account that the data subjects maintain with the provider presented here. It is advisable to log out regularly after using a social network, but especially before activating the button, as the data subjects can thus avoid an assignment to their profile with the provider.
The responsible party uses "LinkedInAds". With the help of the advertising media of this tool, the person responsible here can draw attention to his offers within the framework of this social network or medium presented here. It can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. In this way, he pursues the interest of displaying advertising to the data subjects that is of interest to them, of making this Internet site more interesting for them, and of carrying out a fair calculation of advertising costs. These advertisements are delivered by the provider presented here. If the data subjects access this website via an advertisement presented to them by this provider, a cookie will be stored on the data subjects' computer by the tool. These cookies are not intended to identify the data subjects personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie. Due to the tool used, the browser of the data subject automatically establishes a direct connection with the server of the provider presented here. The responsible party has no influence on the scope and further use of the data collected through the use of this tool. However, he communicates his level of knowledge: By integrating the advertising material of this tool, the provider presented here receives the information that the data subjects have called up the corresponding part of this website or clicked on an advertisement of the responsible party. If the data subjects are registered with a service of this provider, he can assign the visit to your account. However, even if the data subjects are not registered with the provider presented here or have not logged in, there is a possibility that the provider will find out and store their IP address. The data subjects can prevent participation in this tracking procedure in various ways: Either by adjusting your browser software accordingly; in particular, the suppression of third-party cookies will result in data subjects not receiving ads from third-party providers. Or by deactivating the cookies. More details about the way of processing at this third-party provider are described here: https://business.linkedin.com/de-de/marketing-solutions/ads.
Third-party provider: It is used the social network "Xing" of New Work SE (Germany - EU). More details about the way of processing at this third party provider is described here: https://privacy.xing.com/de.
The responsible party also maintains a company or product page with this provider, which is also linked on this website. If the data subjects click on this link (meaning the link to the company or product page), they will be taken to the profile of the responsible party.
Third-party provider: It is used the social network "Xing" of New Work SE (Germany - EU). More details about the way of processing at this third party provider is described here: https://privacy.xing.com/de.
The responsible party also maintains a company or product page with this provider, which is also linked on this website. If the data subjects click on this link (meaning the link to the company or product page), they will be taken to the profile of the responsible party.
Third-party provider: The social network "Twitter" of the Twitter International Company (Ireland - EU) is used. However, it cannot be ruled out that a data transfer to or an integration of the parent company, Twitter, Inc. (USA) takes place. More details on the manner of processing by this third-party provider are described here: https://twitter.com/de/privacy. The use of this third-party provider is not precluded by the fact that a data transfer to or involvement of the parent company based in the USA cannot be ruled out. This is because the processing of personal data via this tool only takes place if the data subjects consent to the associated data transfer to the USA (cf. Article 49(1)(a) DSGVO). This is done vis-à-vis the controller here, insofar as it controls the data processing. Insofar as the provider of the social network or medium presented here controls the processing (for example, if the data subjects visit the social network independently of an action on this website), there is already no transmission by the controller to the USA, so that the controller here also does not have to provide any further guarantee within the meaning of Article 44ff. DSGVO. In this case, there is at most a relationship within the meaning of Article 26 of the GDPR between the controller here and the provider of the social network.
The responsible party also maintains a company or product page with this provider, which is also linked on this website. If the data subjects click on this link (meaning the link to the company or product page), they will be taken to the profile of the responsible party.
Third-party provider: It is used the social network "Xing" of New Work SE (Germany - EU). More details about the way of processing at this third party provider is described here: https://privacy.xing.com/de.
The responsible party also maintains a company or product page with this provider, which is also linked on this website. If the data subjects click on this link (meaning the link to the company or product page), they will be taken to the profile of the responsible party.
Third-party provider: The social network "Twitter" of the Twitter International Company (Ireland - EU) is used. However, it cannot be ruled out that a data transfer to or an integration of the parent company, Twitter, Inc. (USA) takes place. More details on the manner of processing by this third-party provider are described here: https://twitter.com/de/privacy. The use of this third-party provider is not precluded by the fact that a data transfer to or involvement of the parent company based in the USA cannot be ruled out. This is because the processing of personal data via this tool only takes place if the data subjects consent to the associated data transfer to the USA (cf. Article 49(1)(a) DSGVO). This is done vis-à-vis the controller here, insofar as it controls the data processing. Insofar as the provider of the social network or medium presented here controls the processing (for example, if the data subjects visit the social network independently of an action on this website), there is already no transmission by the controller to the USA, so that the controller here also does not have to provide any further guarantee within the meaning of Article 44ff. DSGVO. In this case, there is at most a relationship within the meaning of Article 26 of the GDPR between the controller here and the provider of the social network.
The responsible party also maintains a company or product page with this provider, which is also linked on this website. If the data subjects click on this link (meaning the link to the company or product page), they will be taken to the profile of the responsible party.
Third-party provider: The social network "Pinterest" of Pinterest Europe Ltd. (Ireland - EU) is used. However, it cannot be ruled out that a data transfer to or an integration of the parent company, Pinterest Inc. (USA) takes place. More details about the way of processing at this third party provider is described here: https://policy.pinterest.com/de/privacy-policy. The use of this third-party provider is not precluded by the fact that a data transfer to or involvement of the parent company based in the USA cannot be ruled out. This is because the processing of personal data via this tool only takes place if the data subjects consent to the associated data transfer to the USA (cf. Article 49(1)(a) DSGVO). This is done vis-à-vis the controller here, insofar as it controls the data processing. Insofar as the provider of the social network or medium presented here controls the processing (for example, if the data subjects visit the social network independently of an action on this website), there is already no transmission by the controller to the USA, so that the controller here also does not have to provide any further guarantee within the meaning of Article 44ff. DSGVO. In this case, there is at most a relationship within the meaning of Article 26 of the GDPR between the controller here and the provider of the social network.
The responsible party also maintains a company or product page with this provider, which is also linked on this website. If the data subjects click on this link (meaning the link to the company or product page), they will be taken to the profile of the responsible party.
Third-party provider: It is used the social network "Xing" of New Work SE (Germany - EU). More details about the way of processing at this third party provider is described here: https://privacy.xing.com/de.
The responsible party also maintains a company or product page with this provider, which is also linked on this website. If the data subjects click on this link (meaning the link to the company or product page), they will be taken to the profile of the responsible party.
Third-party provider: The social network "Twitter" of the Twitter International Company (Ireland - EU) is used. However, it cannot be ruled out that a data transfer to or an integration of the parent company, Twitter, Inc. (USA) takes place. More details on the manner of processing by this third-party provider are described here: https://twitter.com/de/privacy. The use of this third-party provider is not precluded by the fact that a data transfer to or involvement of the parent company based in the USA cannot be ruled out. This is because the processing of personal data via this tool only takes place if the data subjects consent to the associated data transfer to the USA (cf. Article 49(1)(a) DSGVO). This is done vis-à-vis the controller here, insofar as it controls the data processing. Insofar as the provider of the social network or medium presented here controls the processing (for example, if the data subjects visit the social network independently of an action on this website), there is already no transmission by the controller to the USA, so that the controller here also does not have to provide any further guarantee within the meaning of Article 44ff. DSGVO. In this case, there is at most a relationship within the meaning of Article 26 of the GDPR between the controller here and the provider of the social network.
The responsible party also maintains a company or product page with this provider, which is also linked on this website. If the data subjects click on this link (meaning the link to the company or product page), they will be taken to the profile of the responsible party.
Third-party provider: The social network "Pinterest" of Pinterest Europe Ltd. (Ireland - EU) is used. However, it cannot be ruled out that a data transfer to or an integration of the parent company, Pinterest Inc. (USA) takes place. More details about the way of processing at this third party provider is described here: https://policy.pinterest.com/de/privacy-policy. The use of this third-party provider is not precluded by the fact that a data transfer to or involvement of the parent company based in the USA cannot be ruled out. This is because the processing of personal data via this tool only takes place if the data subjects consent to the associated data transfer to the USA (cf. Article 49(1)(a) DSGVO). This is done vis-à-vis the controller here, insofar as it controls the data processing. Insofar as the provider of the social network or medium presented here controls the processing (for example, if the data subjects visit the social network independently of an action on this website), there is already no transmission by the controller to the USA, so that the controller here also does not have to provide any further guarantee within the meaning of Article 44ff. DSGVO. In this case, there is at most a relationship within the meaning of Article 26 of the GDPR between the controller here and the provider of the social network.
The responsible party also maintains a company or product page with this provider, which is also linked on this website. If the data subjects click on this link (meaning the link to the company or product page), they will be taken to the profile of the responsible party.
Third-party provider: The social network "TikTok", which is jointly offered by TikTok Technology Limited Ireland - EU) and TikTok Information Technologies UK Limited (United Kingdom of England and Northern Ireland), is used. However, it appears from the privacy policy of the providers that they also share data with other companies in their "group of companies", but without specifying which companies. Despite public statements to the contrary, it can therefore not be ruled out that the data is processed to companies in the USA and/or the People's Republic of China, there in particular to the parent company Beijing Bytedance Technology Ltd (People's Republic of China). Insofar as the responsible party and the providers of the social network or medium presented here are jointly responsible, they have agreed on joint responsibility pursuant to Article 26 of the GDPR. In all other cases, the provider of the social network or medium has been assigned responsibility pursuant to Article 28 of the GDPR. More details about the way these third-party providers process data are described here: https://www.tiktok.com/legal/privacy-policy-eea?lang=de. The use of this third-party provider is not precluded by the fact that neither a data transfer to the USA nor to the People's Republic of China can be ruled out. This is because the processing of personal data via this tool only takes place if the data subjects consent to the associated data transfer to the USA or the People's Republic of China (see Article 49(1)(a) DSGVO). This is done vis-à-vis the controller here, insofar as it controls the data processing. Insofar as the provider of the social network or medium presented here controls the processing (for example, if the data subjects visit the social network independently of an action on this website), there is already no transmission by the controller to the USA, so that the controller here also does not have to provide any further guarantee within the meaning of Article 44 et seq. of the GDPR. In this case, there is at most a relationship within the meaning of Article 26 of the GDPR between the controller here and the provider of the social network.
The responsible party also maintains a company or product page with this provider, which is also linked on this website. If the data subjects click on this link (meaning the link to the company or product page), they will be taken to the profile of the responsible party.
The responsible party has integrated a plugin of the provider of a social network or medium presented here on this website. If the data subject clicks on this plugin, they are taken to the profile of the responsible party. The responsible party uses the so-called two-click solution. This means that after the click, initially no personal data is passed on to the provider of the plug-in presented here. The provider can be recognized by the design of the plug-in (e.g. by the logo). The controller allows data subjects to communicate directly with the provider of the plug-in via the button. Only if they click on the marked field and thereby activate it, the provider receives the information that the data subjects have called up this website. Only then will the data described in more detail above be transmitted. By activating the plug-in, personal data of the data subjects is thus transmitted to the provider presented here and may be stored by it in the USA or transmitted there. This data transfer takes place regardless of whether the data subjects have an account with the provider presented here and are logged in there. If they are logged in to the provider, their data collected by the data controller here will be directly assigned to the account that the data subjects maintain with the provider presented here. It is advisable to log out regularly after using a social network, but especially before activating the button, as the data subjects can thus avoid an assignment to their profile with the provider.
The responsible person uses the "TikTok pixel". This is an analytics tool that allows the responsible party to measure the effectiveness of advertising. It is usually used to understand and track actions of people on a website. The responsible party has implemented the pixel on this website by placing the pixel code in the header of the website. When data subjects then visit the website and perform an action (e.g., complete a purchase), the pixel is triggered and the action is reported. In this way, the responsible party learns when a data subject performs an action and can evaluate this. There is also the option of extended matching, which the controller also uses and whose use is also covered by consent. The pixel also makes it possible to transmit data subjects' data (e.g., first name, last name, e-mail address, etc.) to the providers and enrich it with existing tracking data. In this way, it is also possible to collect data from data subjects who do not use this social medium or to record users who are not logged into this social medium while visiting this website. As a result, data subjects are tracked via this social medium. More details on how this third-party provider processes data are described here: https://www.tiktokforbusinesseurope.com/de/resources/install-tiktok-pixel/.
The responsible party uses "TikTok Ads". With the help of the advertising media of this tool, the person responsible here can draw attention to his offers within the framework of this social network or medium presented here. It can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. In this way, he pursues the interest of displaying advertising to the data subjects that is of interest to them, of making this Internet site more interesting for them, and of carrying out a fair calculation of advertising costs. These advertisements are delivered by the provider presented here. If the data subjects access this website via an advertisement presented to them by this provider, a cookie will be stored on the data subjects' computer by the tool. These cookies are not intended to identify the data subjects personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie. Due to the tool used, the browser of the data subject automatically establishes a direct connection with the server of the provider presented here. The responsible party has no influence on the scope and further use of the data collected through the use of this tool. However, he communicates his level of knowledge: By integrating the advertising material of this tool, the provider presented here receives the information that the data subjects have called up the corresponding part of this website or clicked on an advertisement of the responsible party. If the data subjects are registered with a service of this provider, he can assign the visit to your account. However, even if the data subjects are not registered with the provider presented here or have not logged in, there is a possibility that the provider will find out and store their IP address. The data subjects can prevent participation in this tracking procedure in various ways: Either by adjusting your browser software accordingly; in particular, the suppression of third-party cookies will result in data subjects not receiving ads from third-party providers. Or by deactivating the cookies. More details about the way of processing at this third-party provider is described here: https://ads.tiktok.com/i18n/home?.
Third-party provider: The social network "Google" and there in particular the tool "Google Ads" of Google Ireland Ltd. (Ireland - EU) is used, which was commissioned in accordance with Article 28 DSGVO. However, it cannot be ruled out that a data transfer to or an integration of the parent company, Google LLC (USA) takes place. More details about the way of processing at this third party provider is described here: https://ads.google.com. The use of this third-party provider is not precluded by the fact that a data transfer to or involvement of the parent company based in the USA cannot be ruled out. This is because the personal data is only processed if the data subjects consent to the associated data transfer to the USA (cf. Article 49(1)(a) DSGVO).
In doing so, the responsible party places advertisements (so-called ads), in particular in the search engine provided by the provider here. If the data subjects interact with the responsible party (e.g. visit this website), there is the possibility that the responsible party, after their consent, identifies the data subjects with so-called cookies as suitable recipients of the ads. If the data subjects then visit the social medium presented here, they will be recognized and the Ads mentioned above will be displayed to them. The purpose is to present the responsible party, to analyze the usage behavior in relation to the interaction with this website as well as to communicate with the data subjects via the social network or medium presented here (possibly advertising). These advertising media are delivered by Google via so-called "ad servers". For this purpose, the responsible party uses so-called ad server cookies, through which certain parameters for measuring success, such as display of the ads or clicks by the data subjects can be measured. If the data subject accesses this website via a Google ad, Google Ads will store a cookie on the data subject's computer. These cookies usually lose their validity after 30 days and are not intended to personally identify the data subjects. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values. These cookies enable Google to recognize the Internet browser of the person concerned. Provided that a user visits certain pages of this website and the cookie stored on his computer has not yet expired, Google and the responsible party can recognize that the data subject has clicked on the advertisement and has been redirected to this website. Due to the marketing tools used, the browser of the data subject automatically establishes a direct connection with Google's server.
Data subjects can prevent participation in this tracking process in various ways:
a) by setting their browser software accordingly (in particular, the suppression of third-party cookies will result in them not receiving third-party ads)
b) by disabling cookies for conversion tracking by setting their browser to block cookies from the domain "www.googleadservices.com" (cf. https://www.google.de/settings/ads), which setting will be deleted when the data subjects delete the cookies.
Third-party provider: The social network "Google" and there in particular the tool "Google Remarkting" of Google Ireland Ltd. (Ireland - EU) is used, which was commissioned according to Article 28 DSGVO. However, it cannot be ruled out that a data transfer to or an integration of the parent company, Google LLC (USA) takes place. More details about the way of processing at this third party provider is described here: https://support.google.com/google-ads/answer/2453998?hl=de. The use of this third-party provider is not precluded by the fact that a data transfer to or involvement of the parent company based in the USA cannot be ruled out. This is because the personal data is only processed if the data subjects consent to the associated data transfer to the USA (cf. Article 49(1)(a) DSGVO).
In doing so, the responsible party places advertisements (so-called ads), in particular in the search engine provided by the provider here. If the data subjects interact with the responsible party (e.g. visit this website), there is the possibility that the responsible party, after their consent, identifies the data subjects with so-called cookies as suitable recipients of the ads. If the data subjects then visit the social medium presented here, they will be recognized and the Ads mentioned above will be displayed to them. The purpose is to present the responsible party, to analyze the usage behavior in relation to the interaction with this website, as well as to provide information about the social media presented here. network or medium (possibly advertising) to communicate with the data subjects. These advertising media are delivered by Google via so-called "ad servers". For this purpose, the responsible party uses so-called ad server cookies, through which certain parameters for measuring success, such as display of the ads or clicks by the data subjects can be measured. If the data subject accesses this website via a Google ad, Google Ads will store a cookie on the data subject's computer. These cookies usually lose their validity after 30 days and are not intended to personally identify the data subjects. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values. These cookies enable Google to recognize the Internet browser of the person concerned. Provided that a user visits certain pages of this website and the cookie stored on his computer has not yet expired, Google and the responsible party can recognize that the data subject has clicked on the advertisement and has been redirected to this website. Due to the marketing tools used, the browser of the data subject automatically establishes a direct connection with Google's server.
Data subjects can prevent participation in this tracking process in various ways:
a) by setting their browser software accordingly (in particular, the suppression of third-party cookies will result in them not receiving third-party ads)
b) by disabling cookies for conversion tracking by setting their browser to block cookies from the domain "www.googleadservices.com" (cf. https://www.google.de/settings/ads), which setting will be deleted when the data subjects delete the cookies.
Third-party provider: It will use the video playback tool "YouTube". Google Ireland Ltd. (Ireland - EU), which was commissioned in accordance with Article 28 DSGVO. However, it cannot be ruled out that a data transfer to or an integration of the parent company, Google LLC (USA) takes place. The use of this third-party provider is not precluded by the fact that a data transfer to or integration of the parent company based in the USA cannot be ruled out. This is because the personal data is only processed if the data subjects consent to the associated data transfer to the USA (cf. Article 49(1)(a) DSGVO).
Specifically, plugins of the video portal YouTube are integrated on this website. Each time a page is called up that offers one or more YouTube video clips, a direct connection is established between the browser of the data subject and a YouTube server. These videos are all embedded in "enhanced data protection mode" No data about the data subjects as users is transmitted to the provider if the data subjects do not play the videos. Only when they play the videos, the data specified in more detail above are transferred. The responsible party has no influence on this data transmission. If the data subjects use a Google account and do not wish to be associated with their profile on YouTube, they must log out before activating the button. The provider stores the data of the data subjects as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of their website. Such an evaluation is carried out in particular (even for users who are not logged in) for the provision of needs-based advertising and to inform other users of the social network about the activities of the data subjects on the website of the responsible party. The data subjects have a right to object to the creation of these user profiles, whereby they must contact the provider to exercise this. Data subjects can obtain further information on the purpose and scope of the data collection and its processing by the provider in the privacy policy. There they will also receive further information on your rights and setting options for the protection of your privacy: https://www.google.de/intl/de/policies/privacy.
The responsible party maintains a company page with this provider and has linked it on this website. If the data subjects click on this link (meaning the link to the company page), they will be taken to the channel of the responsible party here.
Third-party provider: The video playback tool "Vimeo" of Vimeo, LLC (USA) is used, which was commissioned in accordance with Article 28 DSGVO. The use of this third-party provider is not precluded by the fact that data transfer to the USA cannot be ruled out. This is because the personal data is only processed if the data subjects consent to the associated data transfer to the USA (cf. Article 49(1)(a) DSGVO).
Specifically, plugins of the video portal Vimeo are integrated on this website. Each time a page is called up that offers one or more video clips, a direct connection is established between the browser of the data subject and a YouTube server. These videos are all embedded in "extended data protection mode" No data about the data subjects as users is transmitted to the provider if the data subjects do not play the videos. Only when they play the videos, the data specified in more detail above are transferred. The responsible party has no influence on this data transmission. The data subjects have a right to object to the creation of these user profiles, whereby they must contact the provider to exercise this. Data subjects can obtain further information on the purpose and scope of the data collection and its processing by the provider in the privacy policy. There they will also receive further information on your rights and setting options for the protection of your privacy: https://vimeo.com/privacy
The responsible party maintains a company page with this provider and has linked it on this website. If the data subjects click on this link (meaning the link to the company page), they will be taken to the channel of the responsible party here.
Third-party provider: In connection with the automation, the interface tool "Zapier" of Zapier, Inc. (USA) is used, which has been commissioned in accordance with Article 28 of the GDPR. More details about the way of processing at this third party provider is described here: https://zapier.com/how-it-works. In short, Zapier allows the local controller to connect applications so that customer and prospect data can be automatically exchanged between the various applications. The fact that the provider is located outside the European Union does not prevent processing. This is because the personal data is only processed if the data subjects consent to the associated data transfer to the USA (cf. Article 49(1)(a) DSGVO).
Third-party provider: The map service "Google Maps" of Google Ireland Ltd. (Ireland - EU) is used, which was commissioned in accordance with Article 28 DSGVO. However, it cannot be ruled out that a data transfer to or an integration of the parent company, Google LLC (USA) takes place. More details about the way of processing at this third party provider is described here: https://support.google.com/maps/answer/7576020?hl=de#null. The specific data that is transferred also depends on whether the data subjects use this website as logged-in users of a Google account. Details on data transmission and use can be found here: https://policies.google.com/privacy?hl=de. The use of this third-party provider is not precluded by the fact that a data transfer to or involvement of the parent company based in the USA cannot be ruled out. This is because the personal data is only processed if the data subjects consent to the associated data transfer to the USA (cf. Article 49(1)(a) DSGVO).
Third-party provider: The tool "Google reCaptcha" of Google Ireland Ltd. (Ireland - EU) is used, which was commissioned according to Article 28 DSGVO. However, it cannot be ruled out that a data transfer to or an integration of the parent company, Google LLC (USA) takes place. More details about the way of processing at this third party provider is here described. The use of this third-party provider is not precluded by the fact that a data transfer to or involvement of the parent company based in the USA cannot be ruled out. This is because the personal data is only processed if the data subjects consent to the associated data transfer to the USA (cf. Article 49(1)(a) DSGVO).
Third-party provider: The Wordpress cookie consent plugin Borlabs Cookie by the developer Benjamin A. Bornschein (Germany - EU) is used. More details about the way of processing at this third party provider is here described.
