Privacy Policy Website

Privacy Policy

 

  1. Preface and selected terms

On the one hand, this data protection declaration informs visitors and users of our website about the online data processing operations in which personal data is processed. On the other hand, you will receive information about our processing operations that do not primarily take place online.

  1. “Personal data” are all individual details that allow conclusions to be drawn about a natural person (for definition see Art. 4 (1) GDPR). This includes, for example, names, e-mail addresses, telephone numbers, but also data such as IP addresses or customer numbers.
  2. The ” processing of personal data” includes all processes, for example the collection, storage, transmission, archiving or deletion of personal data (definition Art. 4 (2) GDPR).
  3. The ” data subject” within the meaning of data protection law is any natural person from whom personal data is processed.
  4. Further definitions of terms can be found in the General Data Protection Regulation , which you will find mainly in Art. 4 of the GDPR (Definitions).

 

  1. Responsibilities

Name and address of the responsible party

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

United Soft Media Verlag GmbH
Thomas-Wimmer-Ring 11
D-80539 Munich
Phone: +49 / 89 / 290 88 175
Fax: +49 / 89 / 290 88 160
E-Mail: info@usm.de
Name and address of the data protection officer

The data protection officer of the person responsible is:

DSB External data protection officer Stuttgart
Fabian Henkel
Kantstrasse 14
71277 Rutesheim
Telephone: +49 7152564773
E-Mail: info@externer-datenschutzbeauftragter-stuttgart.de
Web: https://www.externer-datenschutzbeauftragter-stuttgart.de

 

 

  1. Brief overview of data processing

The following content gives you a brief overview of the processing of personal data; you can find more information in the passages presented in detail.

Security on our website (SSL Secure Socket Layer)
Our website is provided with an SSL certificate, with the help of which data transmission processes are encrypted. This happens, for example, when you send us a message using the form. As a precaution, however, we would like to point out that one hundred percent security in electronic data processing is not possible and that there is always a residual risk.

Data that you transmit to us
On the one hand, we process the data that you enter yourself on this page, for example in a form. In this case, the purpose of processing results from the type of form and, on the other hand, from this data protection declaration. Even if you send us a message by email, for example, or contact us in any other way, we will process your data in accordance with the purpose for which you were contacted.

Automatic server log files
On the other hand, our server automatically records all accesses and thus also IP addresses (log files), this serves to defend against attacks, analyze access numbers and ensure smooth operation.

Use of cookies
Cookies help us to provide various services. Cookies are small text files that can be saved and read in your browser. We use our own cookies as well as third-party cookies; you can find more information on this in this data protection declaration.

 

Other data recipients

  1. a) Data processors
    In accordance with the requirements of Art. 28 GDPR, we use contract
    processors, for example in the area of ​​IT services, web hosting, email hosting or printing services. They process personal data for us in accordance with instructions.
  2. b) Use of third-party services
    If it is necessary (for example for the execution of a contract), we pass on your data to banks, other payment service providers, shipping service providers, our tax advisor or lawyer, for example.
  3. c) Legal obligations
    In addition, we are obliged in certain cases to report to the competent authorities on the basis of the Money Laundering Act. In addition, we are subject to other legal obligations, such as commercial laws or tax law, in this context we have to pass on certain data to tax authorities, for example.
  4. d) Investigation of criminal offenses
    Insofar as it is necessary to investigate a criminal offense, we pass on data to the law enforcement authorities.

 

General information on deletion periods for personal data
We process the data as long as this is necessary for the respective purpose. If necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and processing of a contract; in addition, we are obliged to comply with statutory retention requirements. If the data processing is based on your consent, we will delete your data after your revocation.

Transfer of personal data to a third country
We try to have all service providers and services provided by providers within the European Union as far as possible. A transfer to a third country is possible if you have given us your consent and / or we have concluded an order processing contract in accordance with Art. 28 GDPR and the use of suitable guarantees. In individual cases we can use plugins or tools that are hosted in third countries, but we use them based on our legitimate interests. In these cases, we may point out the circumstance in this privacy policy.

Obligation to provide personal data
The provision of personal data is regularly required for the initiation, conclusion, processing and reversal of a contract. In the event that you do not provide the required personal data, we will not be able to conclude and fulfill a contract with you.

 

  1. Legal basis for the processing of personal data

The legal bases for the processing of personal data are exceptional circumstances that allow the processing of personal data. The essential legal bases are shown in particular in Art. 6 GDPR.

The legal bases according to which we process personal data are described in the individual processing operations in this data protection declaration.

  • Given consent is one of those legal bases. This requires that the person gives its consent for one more data processing activities in an informed manner and on a voluntary basis. Consent on the basis of Article 6 (1) (a) GDPR can generally be revoked at any time without giving reasons.
  • The processing of personal data for the initiation or implementation of contracts is also a legal basis and is defined in Art. 6 Paragraph 1 lit. b GDPR.
  • The exception of data processing due to a legal obligation can be found in Art. 6 Paragraph 1 lit. c GDPR, for example we are obliged to comply with certain retention periods under commercial law and tax law.
  • The processing of personal data on our legitimate interests allows processing after carefully weighing financial or legal interests against the interests of the data subject that are worthy of protection. This legal basis is stated in Article 6 (1) (f) GDPR.

 

 

  1. Your rights under the General Data Protection Regulation

Every natural person has certain rights, these are defined in Articles 15 to 21 and 77 of the GDPR. In principle, you have the following rights, which you can claim from us.

  1. Right to revoke a given consent according to Art. 7 GDPR
    You can revoke a given consent to us at any time without giving reasons with effect for the future.
  2. Right to information (cf. Art. 15 GDPR)
    You have the right to request information about the data processed by you and the purposes of the processing at any time.
  3. Right to correction (cf. Art. 16 GDPR)
    If you discover that we are processing incorrect or incomplete personal data, you have the right to correction.
  4. Right to deletion (cf. Art. 17 GDPR)
    You have the right at any time to request the deletion of your personal data that we are processing about you. If complete deletion is not possible, for example because we have to meet statutory retention requirements or we can assert legitimate interests for other reasons, we will restrict your data until these reasons no longer apply.
  5. Right to restriction of processing / blocking (cf. Art. 18 GDPR)
    You have the right to request that the processing of your personal data be restricted. You can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases:
  • If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the test, you have the right to request that the processing of your personal data be restricted.
  • If the processing of your personal data happened / happens unlawfully, you can request the restriction of the data processing instead of the deletion.
  • If we no longer need your personal data, but you need them to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of being deleted.
  • If you have lodged an objection in accordance with Art. 21 Paragraph 1 GDPR, your interests and ours must be weighed up. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.
  • If you have restricted the processing of your personal data, this data – apart from its storage – may only be allowed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest processed by the European Union or a member state.
  1. Right to data portability (cf. Art. 20 GDPR)
    You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done if it is technically feasible.
  2. Right to object to certain processing operations and direct mail (cf. Art. 21 GDPR)
    If the data processing takes place on the basis of Art. 6 Para. 1 lit. e or f GDPR, you have the right at any time for reasons that arise from your particular Situation arise to object to the processing of your personal data; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your personal data concerned, unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims ( Objection according to Art. 21 Para. 1 GDPR).If your personal data are processed in order to operate direct mail, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object, your personal data will then no longer be used for direct marketing purposes (objection according to Art. 21 Paragraph 2 GDPR).
  3. Right to file a complaint at the data protection authorities (cf. Art. 77 DGVO)
    In the event of violations of the GDPR, the data subject has the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

 

 

  1. Automatic server log files

Our web server automatically logs all access e and thus IP addresses of visitors. This serves to defend against attacks, analyze access numbers and ensure smooth operation. We have a legitimate interest in this (Art. 6 lit. f GDPR).

In addition to the IP address, the server log usually records additional metadata about the session; you can find this data below .

  • Date and time of the call
  • Information about the browser type and the browser version used
  • Information on the operating system used
  • Device (client)
  • Referring URL (from which page you landed with us)
  • Clicked hyperlinks

We only process this data for the purposes mentioned above. We delete server log files after six months at the latest.

 

  1. Use of cookies

<script id=”CookieDeclaration” src=https://consent.cookiebot.com/5c679fa0-96d8-4946-b501-30803b511a1c/cd.js type=”text/javascript” async></script>

 

Use of the Cookiebot Consent Management System

Our website uses Cookiebot’s cookie consent technology to obtain your consent to the storage of certain cookies on your device and to document them in compliance with data protection regulations. The provider of this technology is Cybot A / S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter “Cookiebot”).

When you enter our website, a connection is established to the Cookiebot servers in order to obtain your consent and other declarations regarding the use of cookies. Cookiebot then saves a cookie in your browser in order to be able to assign the consent given to you or the revocation thereof. The data collected in this way will be stored until you ask us to delete it, delete the Cookiebot cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention requirements remain unaffected.

Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6 (1) (c) GDPR. In addition, we have a legitimate interest in using a user-friendly and secure service for cookie consent, the legal basis is Art. 6 (1) (f) GDPR.

Data processing agreement
We have concluded an order processing contract with Cookiebot. This is a contract prescribed by data protection law, which ensures that Cookiebot processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

 

  1. Processing of personal data in the context of establishing contact and communication

 

Communication by email
If you send us an email, we will process your data according to the content and purpose of the message. As a rule, processing takes place on the basis of pre-contractual measures or in the context of the implementation of a contractual relationship on the basis of Art. 6 (1) (b) GDPR and Art. 6 (1) (f) GDPR. It is in a legitimate interest to process your request quickly and efficiently.

Please note that we store all incoming e-mails according to generally accepted accounting principles for a period of ten years, beginning with the first day of the following year, in which the message was received. If you ask us to delete the data, we will from now on restrict your data for processing and only save it for the purpose of complying with retention periods in our legitimate interest.

Communication by phone or fax
Even if you contact us by phone or fax, we process your data either to initiate and implement contractual relationships (if the content is product or service-related) and / or in our legitimate interest, analogous to contacting us by e-mail. Mail.

We do not record the content of the conversation, but we may make notes to process your request. This will be saved until the purpose of data processing has been achieved and we no longer have any legitimate interests in processing. If necessary, the content of the conversation is stored anonymously for statistical purposes. You can of course request deletion at any time.

 

  1. Purchase of products

IOS & Android apps
IOS & Android apps can be purchased via the Apple App Stores and the Google Play Store. We ourselves are not involved in the transaction when buying in the stores.

 

PC & MAC software
The PC and MAC software are sold through KOSMOS & You GmbH or other third parties, not directly through us.

 

 

  1. Analysis tools, tracking and advertising

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses so-called “cookies”. These are text files that are saved on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. The storage of Google Analytics cookies and the use of this analysis tool are based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR; the consent can be revoked at any time.

IP anonymization
We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. The full IP address will only be sent to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plug-in
You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: tools.google.com/dlpage/gaoptout .

Data processing agreement
We have concluded an order processing contract
with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Storage period
Data stored by Google at user and event level that are linked to cookies, user IDs (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) are saved after 14 months anonymized or deleted. You can find details on this under the following link: https://support.google.com/analytics/answer/76610096?hl=de

 

Google Ads and Google Conversion Tracking

This website uses Google Ads. Google Ads is an online advertising program from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use so-called conversion tracking as part of Google Ads. If you click on an ad placed by Google, a conversion tracking cookie is set. Cookies are small text files that the Internet browser stores on the user’s computer. These cookies lose their validity after 30 days and are not used to personally identify users. If the user visits certain pages on this website and the cookie has not yet expired, we and Google can see that the user clicked on the ad and was redirected to this page.

Each Google Ads customer receives a different cookie. The cookies cannot be tracked through the websites of Google Ads customers. The information obtained using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted for conversion tracking. The customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. If you do not want to participate in tracking, you can object to this use by easily deactivating the Google conversion tracking cookie in your internet browser under user settings. You will then not be included in the conversion tracking statistics.

The storage of “conversion cookies” and the use of this tracking tool are based on Art. 6(1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR; the consent can be revoked at any time.

You can find more information about Google Ads and Google Conversion Tracking in Google’s privacy policy: https://policies.google.com/privacy?hl=de .

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close the browser. If cookies are deactivated, the functionality of this website may be restricted.

 

Google DoubleClick

This website uses functions from Google DoubleClick. The provider is Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, (hereinafter “DoubleClick”).

DoubleClick is used to show you interest-based advertisements across the entire Google advertising network. With the help of DoubleClick, the advertisements can be tailored to the interests of the respective viewer. For example, our advertising can be displayed in Google search results or in advertising banners linked to DoubleClick.

In order to be able to show the users interest-based advertising, DoubleClick must be able to recognize the respective viewer. For this purpose, a cookie is stored in the user’s browser, behind which the websites visited by the user, clicks and various other information are stored. This information is summarized in a pseudonymous user profile in order to display interest-based advertising to the user concerned.

Google DoubleClick is used in the interest of targeted advertising. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. If a corresponding consent has been requested (e.g. consent to the storage of cookies), processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR; the consent can be revoked at any time.

You can set your browser so that it no longer stores cookies. However, this may restrict the website functions that can be accessed. It should also be noted that DoubleClick may also use other technologies to create user profiles. Switching off cookies therefore does not guarantee that user profiles will no longer be created.

For more information on how to object to the advertisements shown by Google, please refer to the following links: https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated .

 

11 . Plugins and Content Delivery Networks

YouTube

This website integrates videos from the YouTube website. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. When you visit one of our websites on which YouTube is integrated, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. Furthermore, YouTube can save various cookies on your device. With the help of these cookies, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve user-friendliness and prevent attempted fraud. The cookies remain on your device until you delete them.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR; the consent can be revoked at any time.

Further information on handling user data can be found in YouTube’s data protection declaration at: https://policies.google.com/privacy?hl=de .

 

Google Tag Manager

This website uses the Google Tag Manager. Google Tag Manager is a solution that enables marketers to manage website tags from one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in effect for all tracking tags that are implemented with Google Tag Manager. The use of Google Tag Manager is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the use of a functional and useful tool.

 

Google Web Fonts

This page uses so-called web fonts, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that this website has been accessed via your IP address. The use of Google WebFonts is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the uniform representation of the typeface on his website. If a corresponding consent has been requested (e.g. consent to the storage of cookies), processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR; the consent can be revoked at any time.

If your browser does not support web fonts, a standard font will be used by your computer.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s data protection declaration: https://policies.google.com/privacy?hl=de .

 

  1. Our social media appearances

Data processing through social networks

We maintain publicly accessible profiles on social networks. The individual social networks we use can be found below.

Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presence triggers numerous data protection-related processing operations. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data can also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is recorded, for example, using cookies that are stored on your device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-related advertising can be displayed on all devices on which you are or were logged in.

Please also note that we cannot retrace all processing processes on the social media portals. Depending on the provider, further processing operations can therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and data protection provisions of the respective social media portals.

Legal basis

Our social media appearances are intended to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases that must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) (fa GDPR).

Responsible and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we and the operator of the social media platform are responsible for the data processing operations triggered during this visit. In principle, you can exercise your rights (information, correction, deletion, restriction of processing, data portability and complaint) against us as well as claim against the operator of the respective social media portal (e.g. against Facebook).

Please note that, despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely based on the company policy of the respective provider.

Storage period

The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for their storage no longer applies, you ask us to delete them, revoke your consent to storage or the purpose for data storage no longer applies. Saved cookies remain on your device until you delete them. Mandatory legal provisions – especially retention periods – remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

 

Social networks in detail

Facebook

We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. According to Facebook, the data collected will also be transferred to the USA and other third countries.

We have concluded an agreement on joint processing (Controller Addendum) with Facebook. This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

Details can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

Twitter

We use the short message service Twitter. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

You can adjust your Twitter data protection settings yourself in your user account. To do this, click on the following link and log in: https://twitter.com/personalization.

Details can be found in Twitter’s data protection declaration: https://twitter.com/de/privacy.

Instagram

We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Details on how they handle your personal data can be found in Instagram’s privacy policy: https://help.instagram.com/519522125107875.

 

  1. Additional information for business contacts

Type of data that we process from our business contacts and purposes of the processing of personal data

We process personal data of our customers that we receive directly as part of our business relationship. If we have received data from you, we generally only process it for the purposes for which we received or collected it.

As a rule, we process the following categories of data from you:

  • Name first Name
  • Gender / title
  • company
  • Company address
  • Telecommunication data
  • E-mail address
  • professional function and / or position
  • Company bank details / other payment details
  • Data on the history of the business relationship

Customer and supplier history
As part of the business initiation phase and
during the business relationship, in particular through personal, telephone or written contacts, initiated by you or one of our employees, additional personal data is generated, e.g. B. Information about the contact channel, date, occasion and result; (Electronic) copies of the correspondence and any information about participation in direct marketing measures.

Customer loyalty measures Within the scope of the legal permissions, we reserve the right to carry out customer loyalty measures in accordance with Art. 6 (1) (f) GDPR and Section 7 Paragraph 3 UWG. You have the right to object at any time, please address this to the above-mentioned responsible body.

Changes in purpose
Data processing for other purposes can only be considered if the necessary legal requirements in accordance with Art. 6 (4) GDPR are available. In this case, we will of course observe any information obligations pursuant to Art. 13 (3) GDPR and Art. 14 (4) GDPR.

 

Legal basis according to which we process personal data

On the basis of your consent (Art. 6 (1) (a) GDPR)
We process personal data for one or more specific purposes if you have given us your consent. If personal data is processed on the basis of your consent, you have the right to revoke your consent to us at any time with effect for the future.

Data processing for the fulfillment of contracts (Art. 6 (1) (b) GDPR)
We process personal data for the fulfillment of contracts. The fulfillment of contracts includes, for example, the conclusion, processing and reversal of a contract. In addition, we process personal data that are required to carry out pre-contractual measures, for example to initiate a contract, and which are made upon your request.

Data processing based on a legal obligation (Art. 6 (1) (c) GDPR)
Like every company, we have to meet retention requirements and other documentation requirements; this can also affect documents with personal information. Insofar as we process data for these purposes, the processing takes place based on a legal obligation.

Data processing based on a balancing of interests (Art. 6 (1) (f) GDPR)
If we process data based on a balancing of interests, you as the data subject have the right to process personal data, taking into account the requirements of Art. 21 GDPR contradict. As far as the specific purpose allows, we process your data pseudonymized or anonymized.

Further legal bases result from the commercial and tax law requirements.

 

Other recipients of your data

Disclosure to processors within the scope of Art. 28 GDPR Processors employed
by us (Art. 28 GDPR), in particular in the area of ​​IT services and, for example, printing services, who process your data for us in accordance with our instructions. If we commission service providers to fulfill our tasks, we always observe the data protection regulations; in particular, data is only passed on after contract processing has been concluded.

For the implementation of a contractual relationship
If it is necessary for the implementation of the contract with you, we will pass on your data to banks, for example.

Disclosure due to a legal obligation
If there is a legal or official obligation, we pass on your data to public bodies or institutions (authorities, for example in the context of criminal prosecution).

Other bodies, insofar as you have
given us your consent. If you have given us explicit consent, we will also pass on your data to other bodies. However, this is done within the limits if you have proven your consent.

 

 

General information on deletion periods for personal data

Principle of earmarking and observance of the statutory retention periods
We process the data as long as this is necessary for the respective purpose. If necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and processing of a contract.

In addition, like every company, we are obliged to comply with the statutory retention periods, for example the periods under commercial and tax law. Insofar as there are statutory retention requirements, the relevant personal data will be stored for the duration of the retention requirement. The storage period is also based on the statutory limitation periods, which, for example, according to §§ 195 ff. Of the German Civil Code (BGB) can usually be three years, but in certain cases also up to thirty years. After the retention period has expired, a check is carried out to determine whether there is any further requirement for processing. If it is no longer necessary, the data will be deleted.  

Specific example
If you enter into a legal transaction with us (Art. 6 (1) (b) GDPR), we will store your data for ten years until the commercial and tax law requirements have expired. After this period, we check whether we can delete the data and, if necessary, delete them.

E-mails and business letters
We archive all of our e-mail traffic for ten years. If you write us an e-mail, your data and the entire e-mail content will be stored for 10 years. Most e-mails count as business letters, and e-mails can also contain information relevant to tax law. In our opinion, the effort to check every single email is not in proportion to the benefit and the legitimate interests of the sender. Of course, you can ask us to delete it at any time and we will carry out a case-by-case check and we will inform you of the result. This can lead to deletion or restriction of processing, depending on the content of the correspondence.

Revocation of your consent
If we process your data on the basis of your consent (Art. 6 (1) (a) GDPR), we will delete it after your revocation. Unless there is a legitimate interest against a complete deletion. For example, we keep the declaration of consent for up to three years after receipt of your revocation in the legitimate interest (Art. 6 (1) (a) GDPR). We only keep the consent with the restriction of processing in order to be able to defend ourselves in the event of a dispute.

Legal or contractual obligation to provide personal data
The provision of personal data is regularly required for the initiation, conclusion, processing and reversal of a contract. In the event that you do not provide the required personal data, we will not be able to conclude and fulfill a contract with you.

Transmission to a third party country
We generally process your personal data in data centers in the Federal Republic of Germany, the European Union or secure third countries such as Switzerland.

A transfer to a third country with an inadequate level of data protection is only possible if you have given us your consent or if we have concluded an order processing contract in accordance with Art. 28 GDPR, taking into account suitable guarantees or other suitable guarantees.