Types of processed data:
- Environmental data (e.g., names, addresses).
- Contact data (e.g., e-mail, telephone numbers).
- content data (e.g., text input, photographs, videos).
- Usage data (e.g., websites visited, interest in content, access times).
- meta/communication data (e.g., device information, IP addresses).
Processing of special categories of data (Art. 9 para. 1 DSGVO):
- In principle, no special categories of data are processed unless they are supplied by the user for processing, e.g. entered in online forms.
Categories of data subjects involved in the processing:
- Customers / prospects / suppliers.
- Visitors and users of the online offer.
In the following, we will refer to the persons concerned collectively as “users”.
Purpose of processing:
- Provision of the online offer, its content and functions.
- Service and customer care.
- Response to contact requests and communicate with users.
- Security measures.
1. Applicable legal basis
In accordance with Art. 13 DSGVO we inform you about the legal basis of our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 DSGVO, the legal basis for processing in order to fulfil our services and carry out contractual measures as well as answer inquiries is Art. 6 para. 1 lit. b DSGVO, the legal basis for processing in order to fulfil our legal obligations is Art. 6 para. 1 lit. c DSGVO, and the legal basis for processing in order to safeguard our legitimate interests is Art. 6 para. 1 lit. f DSGVO. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 para. 1 lit. d DSGVO serves as the legal basis.
We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
3. Security measures
We take appropriate technical and organisational measures in accordance with Art. 32 DSGVO, taking into account the state of the art, the implementation costs and the nature, extent, circumstances and purposes of the processing as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk; these measures include in particular safeguarding the confidentiality, integrity and availability of data by controlling the physical access to the data as well as the access to, inputting, passing on, safeguarding the availability and separation of the data concerning them. In addition, we have established procedures to ensure the exercise of data subjects’ rights, the deletion of data and the response to data threats. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 DSGVO).
The security measures include in particular the encrypted transmission of data between your browser and our server.
4. Cooperation with processors and third parties
Insofar as we disclose data to other persons and companies (contract processors or third parties) within the scope of our processing, transfer them to them or otherwise grant them access to the data, this shall only take place on the basis of legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, pursuant to Art. 6 Para. 1 lit. b DSGVO is necessary for the performance of the contract), if you have consented to this, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 DSGVO.
5. Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only occur if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the data to be processed in a third country only if the special requirements of Art. 44 ff. of the German Data Protection Act are met. DSGVO. This means that the processing takes place, for example, on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the USA by the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).
6. Rights of data subjects
You have the right to request confirmation as to whether the data in question will be processed and to be informed of this data and to receive further information and a copy of the data in accordance with Art. 15 DSGVO.
Accordingly to Art. 16 DSGVO you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.
Pursuant to Art. 17 DSGVO, you have the right to demand that the relevant data be deleted immediately or, alternatively, to demand a restriction on the processing of the data pursuant to Art. 18 DSGVO.
You have the right to demand that we receive the data concerning you that you have provided to us in accordance with Art. 20 DSGVO and to demand that it be transferred to other responsible parties.
Pursuant to Art. 77 DSGVO, you also have the right to file a complaint with the competent supervisory authority.
7. Right of withdrawal
You have the right to revoke consents granted pursuant to Art. 7 para. 3 DSGVO with effect for the future.
8. Right of objection
You may object at any time to the future processing of the data concerning you in accordance with Art. 21 DSGVO. In particular, you may object to the processing of your data for the purposes of direct marketing.
9. Cookies and right to object to direct advertising
10. Deletion of data
The data processed by us will be deleted or their processing restricted in accordance with Art. 17 and 18 DSGVO. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them. If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons.
According to legal requirements, the documents are stored in particular for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting records, commercial and business letters, documents relevant for taxation, etc.).
11. Provision of contractual services
We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 Para. 1 lit b. DSGVO. The entries marked as mandatory in online forms are required for the conclusion of the contract.
Within the framework of registration, the required mandatory information will be communicated to the users. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data will be deleted with regard to the user account, subject to its retention for commercial or tax reasons pursuant to Art. 6 para. 1 lit. c DSGVO. It is the responsibility of the users to secure their data before the end of the contract in the event of termination. We are entitled to irretrievably delete all user data stored during the term of the contract.
Within the scope of registration and renewed registrations as well as use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. These data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation pursuant to Art. 6 para. 1 lit. c DSGVO.
We process usage data (e.g., the websites visited on our website, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile in order to display the user, e.g. product information based on the services they have previously used.
The deletion takes place after expiration of legal warranty and comparable obligations, the necessity of data retention is reviewed every three years; in the case of legal archiving obligations, the deletion takes place after their expiration (end of commercial (6 years) and tax (10 years) retention obligation); information in the customer account remain until its deletion.
When contacting us (via contact form or e-mail), the user’s details will be processed in order to process the contact request and its processing in accordance with Art. 6 Para. 1 lit. b) DSGVO.
The user data can be stored in our Customer Relationship Management System (“CRM System”) or comparable inquiry organization.
We will delete the requests if they are no longer necessary. We check the necessity every two years; requests from customers who have a customer account are stored permanently and refer to the customer account details for deletion. In the case of statutory archiving obligations, deletion will take place after their expiration (end of commercial law (6 years) and tax law (10 years) retention obligation).
13. Comments and contributions
If users leave comments or other contributions, their IP addresses will be used on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. of the German Data Protection Act. DSGVO for 7 days.
This is done for our safety, if someone leaves illegal contents (insults, forbidden political propaganda, etc.) in comments and contributions. In this case we can be prosecuted ourselves for the comment or contribution and are therefore interested in the identity of the author.
14. Retrieval of profile pictures from Gravatar
We use the service Gravatar, the Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, USA, within our on-line offer and in particular in the Blog.
Gravatar is a service where users can register and store profile pictures and their e-mail addresses. If users leave contributions or comments with the respective e-mail address on other online presences (especially in blogs), their profile pictures can be displayed next to the contributions or comments. For this purpose, the e-mail address provided by the users is encrypted and transmitted to Gravatar for the purpose of checking whether a profile is stored for it. This is the only purpose of the transmission of the e-mail address and it is not used for other purposes, but deleted afterwards.
Gravatar is used on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f) DSGVO, as we use Gravatar to offer authors of contributions and comments the opportunity to personalise their contributions with a profile picture.
Automattic is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active).
If users do not want a user image associated with their Gravatar e-mail address to appear in the comments, they should use an e-mail address that is not registered with Gravatar to comment. We would also like to point out that it is also possible to use an anonymous e-mail address or no e-mail address at all if users do not wish their own e-mail address to be sent to Gravatar. Users can completely prevent the transmission of data by not using our comment system.
15. Collection of access data and log files
On the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f., we collect DSGVO data on each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for a maximum of seven days for security reasons (e.g. to clarify abuse or fraud) and then deleted. Data whose further storage is necessary for evidence purposes are excluded from deletion until the respective incident has been finally clarified.
16. Online presences in social media
On the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f., we maintain the following facilities DSGVO online presences within social networks and platforms in order to communicate with customers, interested parties and users active there and to inform them about our services. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
Unless otherwise stated in our data protection declaration, we process the data of users who communicate with us within social networks and platforms, e.g. post articles on our online presence or send us messages.
18. Range analysis with Matomo (formerly PIWIK)
Within the scope of Matomo’s reach analysis, we will make use of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer in the sense of Art. 6 Para. 1 lit. f. DSGVO) processes the following data: the type and version of browser you use, the operating system you use, your country of origin, the date and time of the server enquiry, the number of visits, your length of stay on the website and the external links you click on. The user’s IP address is anonymised before it is stored.
Users can object to the anonymous collection of data by the Matomo program at any time with effect for the future by clicking on the link below. In this case, a so-called opt-out cookie is stored in your browser, which means that Matomo no longer collects any session data. However, if users delete their cookies, the opt-out cookie is also deleted and must therefore be reactivated by the users.
[wp-piwik module=”opt-out” language=”en” width=”100%” height=”120px”]
19. Integration of third-party services and content
Within our online offer, we place an emphasis on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f.). DSGVO) content or service offers from third parties in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always presupposes that the third-party providers of this content perceive the IP address of the user, since they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We make every effort to use only those contents whose respective providers only use the IP address to deliver the contents. Third party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring web pages, visit times and other information about the use of our online services, as well as may be linked to such information from other sources.
The following presentation provides an overview of third-party providers and their contents, along with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, possible objections (so-called opt-out):
19.2.1. Google Fonts