Privacy policy

1. data protec­tion at a glance

General infor­ma­tion

The follo­wing infor­ma­tion provides a simple overview of what happens to your personal data when you visit this website. Personal data is all data with which you can be perso­nally identi­fied. Detailed infor­ma­tion on the subject of data protec­tion can be found in our privacy policy listed below this text.

Data collec­tion on this website

Who is respon­sible for data collec­tion on this website?

Data proces­sing on this website is carried out by the website operator. You can find their contact details in the section “Infor­ma­tion on the controller” in this privacy policy.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter in a contact form.
Other data is collected automa­ti­cally or with your consent by our IT systems when you visit the website. This is prima­rily technical data (e.g. internet browser, opera­ting system or time of the page view). This data is collected automa­ti­cally as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure that the website is provided without errors. Other data can be used to analyze your user behavior.

What rights do you have with regard to your data?

You have the right to receive infor­ma­tion about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correc­tion or deletion of this data. If you have given your consent to data proces­sing, you can revoke this consent at any time for the future. You also have the right to request the restric­tion of the proces­sing of your personal data under certain circum­s­tances. You also have the right to lodge a complaint with the compe­tent super­vi­sory autho­rity.

You can contact us at any time if you have further questions on the subject of data protec­tion.

2. hosting

We host the content of our website with the follo­wing provider:

Mittwald

The provider is Mittwald CM Service GmbH & Co KG, Königs­berger Straße 4-6, 32339 Espel­kamp (herein­after referred to as Mittwald).

Details can be found in Mittwald’s privacy policy: https://www.mittwald.de/datenschutz.

The use of Mittwald is based on Art. 6 para. 1 lit. f GDPR. We have a legiti­mate interest in ensuring that our website is displayed as reliably as possible. If a corre­spon­ding consent has been requested, the proces­sing is carried out exclu­si­vely on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to infor­ma­tion in the user’s end device (e.g. device finger­prin­ting) within the meaning of the TTDSG. Consent can be revoked at any time.

Order proces­sing

We have concluded a data proces­sing agree­ment (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protec­tion law, which ensures that the data controller processes the personal data of our website visitors only in accordance with our instruc­tions and in compli­ance with the GDPR.

3. General notes and manda­tory infor­ma­tion

Data protec­tion

The opera­tors of these pages take the protec­tion of your personal data very seriously. We treat your personal data confi­den­ti­ally and in accordance with the statu­tory data protec­tion regula­tions and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to identify you perso­nally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data trans­mis­sion over the Internet (e.g. when commu­ni­ca­ting by e-mail) can have security gaps. Complete protec­tion of data against access by third parties is not possible.

Note on the respon­sible body

The controller in charge of data proces­sing on this website is:


m2hycon GmbH
Deich­straße 19
20459 Hamburg


E-mail: ed.no1771275236cyh2m1771275236@ofni1771275236


The controller is the natural or legal person who alone or jointly with others deter­mines the purposes and means of the proces­sing of personal data (e.g. names, e-mail addresses, etc.).

Storage duration

Unless a more specific storage period has been speci­fied in this privacy policy, your personal data will remain with us until the purpose for data proces­sing no longer applies. If you assert a justi­fied request for deletion or revoke your consent to data proces­sing, your data will be deleted unless we have other legally permis­sible reasons for storing your personal data (e.g. reten­tion periods under tax or commer­cial law); in the latter case, deletion will take place after these reasons no longer apply.

General infor­ma­tion on the legal basis for data proces­sing on this website

If you have consented to data proces­sing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR and Art. 9 para. 2 lit. a GDPR, insofar as special catego­ries of data pursuant to Art. 9 para. 1 GDPR are processed. In the event of express consent to the transfer of personal data to third count­ries, data proces­sing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to infor­ma­tion in your end device (e.g. via device finger­prin­ting), the data proces­sing is also carried out on the basis of § 25 para. 1 TTDSG. Consent can be revoked at any time. If your data is required to fulfill the contract or to carry out pre-contrac­tual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Further­more, we process your data if this is neces­sary to fulfill a legal obliga­tion on the basis of Art. 6 para. 1 lit. c GDPR. Data proces­sing may also be based on our legiti­mate interest in accordance with Art. 6 para. 1 lit. f GDPR must take place. Infor­ma­tion on the relevant legal bases in each indivi­dual case is provided in the follo­wing paragraphs of this privacy policy.

Note on data transfer to the USA and other third count­ries

Among other things, we use tools from compa­nies based in the USA or other third count­ries that are not secure under data protec­tion law. If these tools are active, your personal data may be trans­ferred to these third count­ries and processed there. We would like to point out that no level of data protec­tion compa­rable to that in the EU can be guaran­teed in these count­ries. For example, US compa­nies are obliged to hand over personal data to security autho­ri­ties without you as the data subject being able to take legal action against this. It can there­fore not be ruled out that US autho­ri­ties (e.g. secret services) may process, evaluate and perma­nently store your data on US servers for surveil­lance purposes. We have no influence on these proces­sing activi­ties.

Revoca­tion of your consent to data proces­sing

Many data proces­sing opera­tions are only possible with your express consent. You can revoke any consent you have already given at any time. The legality of the data proces­sing carried out until the revoca­tion remains unaffected by the revoca­tion.

Right to object to the collec­tion of data in special cases and to direct marke­ting (Art. 21 GDPR)

IF THE DATA PROCES­SING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCES­SING OF YOUR PERSONAL DATA AT ANY TIME ON GROUNDS RELATING TO YOUR PARTI­CULAR SITUA­TION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVI­SIONS. THE RESPEC­TIVE LEGAL BASIS ON WHICH PROCES­SING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED UNLESS WE CAN DEMONS­TRATE COMPEL­LING LEGITI­MATE GROUNDS FOR THE PROCES­SING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR FOR THE ESTAB­LISH­MENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJEC­TION UNDER ARTICLE 21(1) GDPR).


IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKE­TING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCES­SING OF PERSONAL DATA CONCER­NING YOU FOR THE PURPOSE OF SUCH MARKE­TING, WHICH INCLUDES PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKE­TING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSE­QUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKE­TING (OBJEC­TION PURSUANT TO ART. 21 PARA. 2 GDPR).

Right to lodge a complaint with the compe­tent super­vi­sory autho­rity

In the event of viola­tions of the GDPR, data subjects have the right to lodge a complaint with a super­vi­sory autho­rity, in parti­cular in the Member State of their habitual residence, place of work or place of the alleged viola­tion. The right of appeal exists without preju­dice to other adminis­tra­tive or judicial remedies.

Right to data porta­bi­lity

You have the right to have data that we process automa­ti­cally on the basis of your consent or in fulfill­ment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is techni­cally feasible.

Infor­ma­tion, deletion and correc­tion

Within the frame­work of the appli­cable legal provi­sions, you have the right at any time to free infor­ma­tion about your stored personal data, its origin and recipient and the purpose of the data proces­sing and, if neces­sary, a right to correc­tion or deletion of this data. You can contact us at any time if you have further questions on the subject of personal data.

Right to restric­tion of proces­sing

You have the right to request the restric­tion of the proces­sing of your personal data. You can contact us at any time for this purpose. The right to restric­tion of proces­sing exists in the follo­wing cases:

• If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the review, you have the right to request that the proces­sing of your personal data be restricted.
• If the proces­sing of your personal data was/is carried out unlawfully, you can request the restric­tion of data proces­sing instead of erasure.
• If we no longer need your personal data, but you need it for the exercise, defense or asser­tion of legal claims, you have the right to request the restric­tion of the proces­sing of your personal data instead of deletion.
• If you file an objec­tion pursuant to Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it has not yet been deter­mined whose interests prevail, you have the right to demand the restric­tion of the proces­sing of your personal data.

If you have restricted the proces­sing of your personal data, this data – apart from its storage – may only be processed with your consent or for the estab­lish­ment, exercise or defense of legal claims or for the protec­tion of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

SSL or TLS encryp­tion

This site uses SSL or TLS encryp­tion for security reasons and to protect the trans­mis­sion of confi­den­tial content, such as orders or inqui­ries that you send to us as the site operator. You can recognize an encrypted connec­tion by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryp­tion is activated, the data you transmit to us cannot be read by third parties.

4. data collec­tion on this website

Cookies

Our Internet pages use so-called “cookies”. Cookies are small data packets and do not cause any damage to your end device. They are either stored tempo­r­a­rily for the duration of a session (session cookies) or perma­nently (perma­nent cookies) on your end device. Session cookies are automa­ti­cally deleted at the end of your visit.

Perma­nent cookies remain stored on your end device until you delete them yourself or they are automa­ti­cally deleted by your web browser.


In some cases, cookies from third-party compa­nies may also be stored on your device when you visit our website (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for proces­sing payment services).

Cookies have various functions. Many cookies are techni­cally neces­sary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display adver­ti­sing.


Cookies that are required to carry out the electronic commu­ni­ca­tion process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (neces­sary cookies) are stored on the basis of Art. 6 para. 1 lit. a GDPR. 1 lit. f GDPR, unless another legal basis is speci­fied. The website operator has a legiti­mate interest in the storage of neces­sary cookies for the techni­cally error-free and optimized provi­sion of its services. If consent to the storage of cookies and compa­rable recogni­tion techno­lo­gies has been requested, the proces­sing is carried out exclu­si­vely on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); consent can be revoked at any time.


You can set your browser so that you are informed about the setting of cookies and only allow cookies in indivi­dual cases, exclude the accep­tance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deacti­vated, the function­a­lity of this website may be restricted.

If cookies are used by third-party compa­nies or for analysis purposes, we will inform you about this separa­tely in this privacy policy and, if neces­sary, request your consent.

Server log files

The provider of the pages automa­ti­cally collects and stores infor­ma­tion in so-called server log files, which your browser automa­ti­cally trans­mits to us. These are:

• Browser type and browser version
• Opera­ting system used
• Referrer URL
• Host name of the acces­sing computer
• Time of the server request
• IP address

This data is not merged with other data sources.

This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legiti­mate interest in the techni­cally error-free presen­ta­tion and optimiza­tion of its website – for this purpose, the server log files must be recorded.

Request by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, we will store and process your request, inclu­ding all personal data (name, request), for the purpose of proces­sing your request. We do not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, provided that your request is related to the perfor­mance of a contract or is neces­sary for the imple­men­ta­tion of pre-contrac­tual measures. In all other cases, the proces­sing is based on our legiti­mate interest in the effec­tive proces­sing of the requests addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Manda­tory statu­tory provi­sions – in parti­cular statu­tory reten­tion periods – remain unaffected.

5. plugins and tools

Use of an AI-supported chatbot (in-house develo­p­ment based on OpenAI)

1. scope of the proces­sing of personal data

We use a self-developed AI-supported chatbot based on OpenAI techno­logy. The chatbot is operated by m2hycon GmbH – Deich­straße 19, 20459 Hamburg, Germany and integrated into our website.

When using the chatbot, the follo­wing personal data in parti­cular may be processed:

• Chat histo­ries (freely entered content such as questions, comments, company name, interests or other infor­ma­tion volun­t­a­rily provided by the user)
• Name and e-mail address, if these are provided by the user for contact purposes
• IP address, time of use, granted or revoked consent and export infor­ma­tion for verifi­ca­tion and documen­ta­tion purposes
• Internal user ID (non-personal, cannot be traced back to a natural person)
• Demogra­phic data (e.g. language, country, referrer), if consent has been given
• Device and browser infor­ma­tion (e.g. device type, opera­ting system, browser, screen resolu­tion)

Proces­sing is carried out exclu­si­vely for the purposes described below.

2. purpose of data proces­sing

Personal data is processed for the follo­wing purposes:

• Answe­ring user inqui­ries via the chatbot and, if neces­sary, forwar­ding open questions to employees if the user volun­t­a­rily provides an email address
• Ensuring the technical function­a­lity of the chatbot, inclu­ding resto­ring ongoing chats in the event of page reloads
• Analysis of frequently asked questions and interests for statis­tical evalua­tion and impro­ve­ment of the chatbot
• Quality assurance and further develo­p­ment of the system, in parti­cular by evalua­ting anony­mized chat histo­ries
• Lead genera­tion and marke­ting, provided the user has expressly consented to this
• Proof and documen­ta­tion of consent, fraud preven­tion and fulfill­ment of legal obliga­tions to provide evidence
• Impro­ving system stabi­lity, security and user experi­ence

3. legal basis for the proces­sing of of personal data

The proces­sing of personal data is based on the follo­wing legal bases in accordance with Art. 6 para. 1 GDPR:

• Art. 6 para. 1 lit. b GDPR (contract or pre-contrac­tual measures)

– for answe­ring specific user queries via the chatbot

• Art. 6 para. 1 lit. f GDPR (legiti­mate interest)

-for:

• • the technical opera­tion and ensuring the function­a­lity of the chatbot
  • the assign­ment of chat histo­ries to sessions by means of an internal user ID
  • Forwar­ding open requests to employees for proces­sing
  • impro­ving stabi­lity, security and user-friend­li­ness

Our legiti­mate interest lies in the efficient provi­sion of a functional, secure and user-friendly chat service.

• Art. 6 para. 1 lit. a GDPR (consent)

• for:

• • the analysis of chat histo­ries for system and model impro­ve­ment
  • the statis­tical analysis of interests and frequently asked questions
  • Marke­ting and lead genera­tion purposes
  • the proces­sing of demogra­phic data

Proces­sing for these purposes only takes place if the user has expressly consented before­hand.

4. duration of storage

Personal data is only stored for as long as is neces­sary for the respec­tive purposes:

• Chat histo­ries:
  • up to 6 months, provided consent for analysis has been given
  • unlimited after anony­miza­tion, as there is no longer any personal reference
• Name and e-mail address:
  • up to 3 months to respond to inqui­ries
  • up to 6 months with consent for marke­ting purposes
• IP address, time, consent infor­ma­tion:
  • up to 3 years to fulfill legal verifi­ca­tion and documen­ta­tion obliga­tions
• Internal user ID:
  • 24 hours for session alloca­tion
  • up to 6 months in connec­tion with stored chat histo­ries
• Device and browser infor­ma­tion:
  • up to 6 months

As soon as the respec­tive purpose no longer applies or consent is revoked, the data will be deleted or anony­mized, provided there are no legal reten­tion obliga­tions to the contrary.

5. exercise your rights

You have the right to revoke your decla­ra­tion of consent under data protec­tion law at any time.

The withdrawal of consent shall not affect the lawful­ness of proces­sing based on consent before its withdrawal.

If the proces­sing is based on a legiti­mate interest, you can also prevent the collec­tion and proces­sing of your personal data by clicking on the follo­wing link:

• prevent the storage of third-party cookies in your browser,
• activate the “Do Not Track” function of a supporting browser,
• deacti­vate the execu­tion of script code in your browser or
• install a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com).

Further infor­ma­tion on your rights and the proces­sing of personal data can be found in our general privacy policy.

Font Awesome (local hosting)

This site uses Font Awesome for the uniform display of fonts. Font Awesome is installed locally. A connec­tion to servers of Fonti­cons, Inc. does not take place.

Further infor­ma­tion about Font Awesome can be found in the Font Awesome privacy policy at:
https://fontawesome.com/privacy.

Google Maps

This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is neces­sary to save your IP address. This infor­ma­tion is usually trans­ferred to a Google server in the USA and stored there. The provider of this site has no influence on this data trans­mis­sion. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform display of fonts. When you access Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

The use of Google Maps is in the interest of an appealing presen­ta­tion of our online offers and to make it easy to find the places we have indicated on the website. This consti­tutes a legiti­mate interest within the meaning of Art. 6 para. 1 lit. f GDPR repre­sent. If a corre­spon­ding consent has been requested, the proces­sing is carried out exclu­si­vely on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to infor­ma­tion in the user’s end device (e.g. device finger­prin­ting) within the meaning of the TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contrac­tual clauses of the EU Commis­sion. Details can be found here:
https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

You can find more infor­ma­tion on the handling of user data in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Wordfence

We have integrated Wordfence on this website. The provider is Defiant Inc, Defiant, Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA (herein­after “Wordfence”).

Wordfence is used to protect our website from unwanted access or malicious cyber­at­tacks. For this purpose, our website estab­lishes a perma­nent connec­tion to Wordfence’s servers so that Wordfence can compare its databases with the accesses made on our website and block them if neces­sary.

The use of Wordfence is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legiti­mate interest in protec­ting its website as effec­tively as possible against cyber­at­tacks. If a corre­spon­ding consent has been requested, the proces­sing is carried out exclu­si­vely on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to infor­ma­tion in the user’s end device (e.g. device finger­prin­ting) within the meaning of the TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contrac­tual clauses of the EU Commis­sion. You can find details here: https://www.wordfence.com/help/general-data-protection-regulation/.

Google Analy­tics

Our website uses Google Analy­tics, a web analy­tics service provided by Google Inc. (“Google”). For this web analysis service, Google Analy­tics uses so-called “cookies”, i.e. text files that are stored on your computer, which in turn enable an analysis of your use of the website.

The infor­ma­tion generated by the cookie about the use of our website is trans­mitted to a Google server in the USA and subse­quently stored there. If IP anony­miza­tion is activated on our website, your IP address will only be shortened by Google before­hand within the member states of the EU or in other contrac­ting states of the Agree­ment on the European Economic Area. In a few excep­tional cases, the full IP address may be trans­mitted to a Google server in the USA and then shortened there.

Google can then use this infor­ma­tion, which is stored, to evaluate your use of the website in order to compile a report on website activity. Based on this report, Google can then also provide the website provider with further services associated with the use of the website and the Internet.

The IP address trans­mitted by your browser via Google Analy­tics will not be merged with other Google data. If this analysis based on your visit to our website is not in your interest, you can prevent the storage or instal­la­tion of cookies by setting your browser software accor­dingly. At the same time, we would like to inform you that in this case you will not be able to use all the functions of our website to their full extent.

By using this website, you consent to the proces­sing of data about you by Google in the manner and for the purposes set out above.

Google Analy­tics 4

If you have given your consent, Google Analy­tics 4, a web analysis service of Google LLC, is used on this website. The controller for users in the EU/EEA and Switz­er­land is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).


Type and purpose of proces­sing
Google Analy­tics uses cookies that enable an analysis of your use of our website. The infor­ma­tion collected by cookies about your use of this website is generally trans­mitted to a Google server in the USA and stored there.

We use the User ID function. With the help of the user ID, we can assign a unique, perma­nent ID to one or more sessions (and the activi­ties within these sessions) and analyze user behavior across devices.
We use Google Signals. This allows Google Analy­tics to collect additional infor­ma­tion about users who have activated perso­na­lized ads (interests and demogra­phic data) and ads can be delivered to these users in cross-device remar­ke­ting campaigns.

In Google Analy­tics 4, the anony­miza­tion of IP addresses is activated by default. Due to IP anony­miza­tion, your IP address will be shortened by Google within member states of the European Union or in other contrac­ting states of the Agree­ment on the European Economic Area. Only in excep­tional cases will the full IP address be trans­mitted to a Google server in the USA and shortened there. Accor­ding to Google, the IP address trans­mitted by your browser as part of Google Analy­tics is not merged with other Google data.
During your website visit, your user behavior is recorded in the form of “events”. Events can be:

• Page views
• First visit to the website
• Start of the session
• Websites visited
• Your “click path”, inter­ac­tion with the website
• Scrolls (whenever a user scrolls to the end of the page (90%))
• Clicks on external links
• internal search queries
• Inter­ac­tion with videos
• File downloads
• Viewed / clicked ads
• Language setting

Also recorded:

• Your appro­xi­mate location (region)
• Date and time of the visit
• Your IP address (in abbre­viated form)
• technical infor­ma­tion about your browser and the end devices you use (e.g. language setting, screen resolu­tion)
• Your Internet provider
• the referrer URL (via which website/advertising medium you came to this website)

Purposes of the proces­sing

On behalf of the operator of this website, Google will use this infor­ma­tion to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analy­tics are used to analyze the perfor­mance of our website and the success of our marke­ting campaigns.

Recipi­ents of the data are/may be

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
• Google LLC, 1600 Amphi­theatre Parkway Mountain View, CA 94043, USA
• Alphabet Inc., 1600 Amphi­theatre Parkway Mountain View, CA 94043, USA

Third country transfer

The European Commis­sion adopted its adequacy decision for the USA on July 10, 2023. Google LLC is certi­fied under the EU-US Privacy Frame­work. Since Google servers are distri­buted world­wide and a transfer to third count­ries (for example to Singa­pore) cannot be comple­tely ruled out, we have also concluded the EU standard contrac­tual clauses with the provider.

Storage duration

The data sent by us and linked to cookies is automa­ti­cally deleted after 2 [OR: 14 months]. The maximum lifespan of Google Analy­tics cookies is 2 years. Data that has reached the end of its reten­tion period is automa­ti­cally deleted once a month.

Legal basis

The legal basis for this data proces­sing is your consent in accordance with. Art.6 Para.1 S.1 lit.a GDPR and § 25 para. 1 S.1 TTDSG.

Revoca­tion

You can revoke your consent at any time with effect for the future by acces­sing the cookie settings and changing your selec­tion there. The legality of the proces­sing carried out on the basis of the consent until the revoca­tion remains unaffected by this.
You can also prevent the storage of cookies from the outset by setting your browser software accor­dingly. However, if you confi­gure your browser to reject all cookies, this may limit the function­a­lity of this and other websites. You can also prevent Google from collec­ting the data generated by the cookie and relating to your use of the website (inclu­ding your IP address) and from proces­sing this data by Google by
a. Not giving your consent to the setting of cookies or
b. Downloa­ding and instal­ling the browser add-on to deacti­vate Google Analy­tics HERE.

You can find more infor­ma­tion on the terms of use of Google Analy­tics and on data protec­tion at Google at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.” Source:https://www.dr-datenschutz.de/

Mailchimp

We use Mailchimp from The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA (Mailchimp) to send our newsletter. This enables us to contact subscri­bers directly. In addition, we analyze your usage behavior in order to optimize our offer.

We pass on the follo­wing personal data to Mailchimp for this purpose:

E-mail address
[first name]
[last name]
[telephone number]
[Our e-mail mailings contain a link that you can use to update your personal data].

Mailchimp is the recipient of your personal data and acts as a processor for us as far as the distri­bu­tion of our newsletter is concerned. The proces­sing of the data speci­fied in this section is not required by law or contract. Without your consent and the trans­mis­sion of your personal data, we cannot send you a newsletter.

In addition, Mailchimp collects the follo­wing personal data using cookies and other tracking methods: Infor­ma­tion about your end device (IP address, device infor­ma­tion, opera­ting system, browser ID, infor­ma­tion about the appli­ca­tion you use to read your emails and other infor­ma­tion about hardware and internet connec­tion.

In addition, usage data such as date and time, when you opened the email / campaign and browser activi­ties (e.g. which emails / websites were opened) are collected. Mailchimp requires this data to ensure the security and relia­bi­lity of the systems, compli­ance with the terms of use and the preven­tion of misuse. This corre­sponds to the legiti­mate interest of Mailchimp (pursuant to Art. 6 para. 1 lit. f GDPR) and serves the execu­tion of the contract (pursuant to Art. 6 para. 1 lit. b GDPR). Mailchimp also analyzes perfor­mance data, such as email delivery statis­tics and other commu­ni­ca­tion data. This infor­ma­tion is used to create usage and perfor­mance statis­tics of the services.
Mailchimp also collects infor­ma­tion about you from other sources. In an unspe­ci­fied period and scope, personal data is collected via social media and other third-party data provi­ders. We have no influence on this process.

Further infor­ma­tion on objec­tion and removal options vis-à-vis Mailchimp can be found at: https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts
The legal basis for this proces­sing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. 1 lit. a GDPR. You can revoke your consent to the proces­sing of your personal data at any time. There is a corre­spon­ding link in all mailings. The revoca­tion can also be made via the contact options provided. The decla­ra­tion of revoca­tion does not affect the legality of the proces­sing carried out to date.

Your data will be processed as long as we have your consent to do so. Apart from this, they will be deleted after termi­na­tion of the contract between us and Mailchimp, unless legal requi­re­ments make further storage neces­sary.

Mailchimp has imple­mented compli­ance measures for inter­na­tional data trans­fers. These apply to all global activi­ties in which Mailchimp processes personal data of natural persons in the EU. These measures are based on the EU standard contrac­tual clauses (SCCs). Further infor­ma­tion can be found at: https://mailchimp.com/legal/data-processing-addendum/.

Order proces­sing

We have concluded a data proces­sing agree­ment (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protec­tion law, which ensures that the data controller processes the personal data of our website visitors only in accordance with our instruc­tions and in compli­ance with the GDPR.



Source: https://www.e-recht24.de