Schriftmarke der Nerd Reoublic. Die Beratung für New Work und Agilität.

Data Privacy

1. Information on the Collection of Personal Data and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data includes all data that can be used to identify you personally.

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Nerd Republic GmbH, Speditionstraße 15a, 40221 Düsseldorf, Germany, Tel.: 015121245586, Email: hello@nerdrepublic.de. The controller for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the “https://” prefix and the lock symbol in your browser’s address bar.

2. Data Collection When Visiting Our Website

2.1 When using our website for informational purposes only, meaning when you do not register or otherwise transmit information to us, we collect only the data that your browser transmits to the server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

  • The specific website visited
  • Date and time of access
  • Amount of data sent in bytes
  • Source/reference from which you accessed the site
  • Browser used
  • Operating system used
  • IP address used (if applicable: in anonymized form)
  • The processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not shared or used in any other way. However, we reserve the right to review the server log files retrospectively if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the “https://” prefix and the lock symbol in your browser’s address bar.

3. Hosting & Content-Delivery-Network

3.1 Google Cloud CDN
On our website, we use a Content Delivery Network (“CDN”) provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). A Content Delivery Network is an online service that delivers large media files (such as graphics, page content, or scripts) via a network of regionally distributed and internet-connected servers. The use of Google’s Content Delivery Network helps us optimize the loading speeds of our website.
Processing is carried out in accordance with Article 6(1)(f) GDPR based on our legitimate interest in securely and efficiently delivering, as well as improving the stability and functionality of our website. For further information about Google’s privacy policies, please visit: Google Privacy Policy.
3.2 IONOS
On our website, we use a Content Delivery Network (“CDN”) provided by 1&1 IONOS Internet SE, Elgendorfer Str. 57, 56410 Montabaur (“IONOS”). A Content Delivery Network is an online service that delivers large media files (such as graphics, page content, or scripts) via a network of regionally distributed and internet-connected servers. The use of IONOS’s Content Delivery Network helps us optimize the loading speeds of our website.
Processing is carried out in accordance with Article 6(1)(f) GDPR based on our legitimate interest in securely and efficiently delivering, as well as improving the stability and functionality of our website. We have entered into a Data Processing Agreement with IONOS, which obligates IONOS to protect the data of our site visitors and not to share it with third parties. For more information, please refer to IONOS’s privacy policy at: IONOS Privacy Policy.
3.3 Learnworlds
The Academy of Nerd Republic GmbH (https://www.academy.nerdrepublic.de) is technically provided through the third-party service LearnWorlds (CY) Ltd, Gladstonos 120 Foloune Building 2nd Floor, B1 3032 Limassol, Cyprus, and operates based on the EU-GDPR. Details regarding the data processing by LearnWorlds can be found on the following page: LearnWorlds Privacy Policy.
3.4 Cloudflare
We use a Content Delivery Network from the following provider: Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. This service enables us to deliver large media files such as graphics, page content, or scripts faster via a network of regionally distributed servers. The processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Article 6(1)(f) GDPR.
We have entered into a Data Processing Agreement with the provider, ensuring the protection of our site visitors’ data and prohibiting unauthorized sharing with third parties. For data transfers to the USA, the provider has adhered to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.

4. Cookies

To make the visit to our website attractive and enable the use of certain features, we use cookies, which are small text files stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called “session cookies”), while others remain on your device for a longer period, enabling the storage of page settings (so-called “persistent cookies”). In the latter case, you can find the storage duration in the cookie settings overview of your web browser.

If any of the cookies we use also process personal data, the processing is carried out in accordance with Article 6(1)(b) GDPR, either for the performance of the contract, in accordance with Article 6(1)(a) GDPR in case of consent, or in accordance with Article 6(1)(f) GDPR to protect our legitimate interests in the optimal functionality of the website and a user-friendly and effective design of the site visit.

You can configure your browser to be notified about the setting of cookies and decide individually whether to accept them, or to exclude the acceptance of cookies for certain cases or altogether.

Please note that if you do not accept cookies, the functionality of our website may be limited.

5. Contacting Us

When contacting us (e.g., via contact form or email), personal data will be processed solely for the purpose of addressing and responding to your request, and only to the extent necessary.
 
The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Art. 6 (1) (f) GDPR. If your contact aims to initiate a contract, an additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted when it is clear that the matter has been fully resolved, and provided there are no legal retention obligations to the contrary.
 

6. Data Processing When Opening a Customer Account

In accordance with Art. 6 (1) (b) GDPR, personal data will continue to be collected and processed to the necessary extent when you provide it to us during the creation of a customer account. The data required for account creation can be found in the input fields of the corresponding form on our website.
 
You can delete your customer account at any time by sending a message to the address of the data controller provided above. After the deletion of your customer account, your data will be erased, provided all contracts associated with it have been fully processed, no legal retention periods apply, and we have no legitimate interest in retaining the data.
 

7. Use of Customer Data for Direct Advertising

When you subscribe to our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information required for the newsletter subscription is your e-mail address. Providing additional data is optional and will be used to address you personally. For the newsletter distribution, we use the so-called double opt-in procedure, which ensures that you will only receive the newsletter once you have expressly confirmed your consent to receive it by clicking on a verification link sent to the provided e-mail address.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) (a) GDPR. In this process, we store the IP address registered by your Internet Service Provider (ISP), as well as the date and time of registration, in order to be able to trace any possible misuse of your e-mail address at a later time. The data we collect during the newsletter registration is used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending an appropriate message to the responsible party mentioned at the beginning. After unsubscribing, your e-mail address will be promptly removed from our newsletter distribution list, unless you have expressly agreed to further use of your data or we reserve the right to use your data in a manner that is legally permitted and which we inform you about in this statement.


8. Data Processing for Order Fullfillment

8.1 As far as necessary for contract execution related to delivery and payment purposes, the personal data we collect will be passed on to the assigned transport company and the appointed financial institution in accordance with Article 6(1)(b) GDPR.
If we owe you updates for goods with digital elements or digital products based on a corresponding contract, we process the contact data you provided during the order (name, address, email address) in order to inform you personally, within the legally required timeframe, about upcoming updates in accordance with our legal information obligations under Article 6(1)(c) GDPR, using appropriate communication channels (e.g., postal mail or email). Your contact data will be strictly purpose-bound and processed only to the extent necessary for sending notifications about the updates we owe you.
 
To fulfill your order, we also work with the service provider(s) listed below, who assist us in carrying out the concluded contracts, either fully or partially. Certain personal data will be transmitted to these service providers as specified in the following information.
 
8.2 Use of Payment Service Providers
PayPal
When paying via PayPal, credit card via PayPal, direct debit via PayPal, or if offered, “purchase on account” or “installment payment” via PayPal, we will pass on your payment details to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”) for payment processing. This transfer is carried out in accordance with Article 6(1)(b) GDPR and only to the extent necessary for processing the payment.
For payment methods via PayPal (credit card, direct debit, or if offered, “purchase on account” or “installment payment”), PayPal reserves the right to conduct a credit check. For this purpose, your payment data may be passed on to credit agencies according to Article 6(1)(f) GDPR based on PayPal’s legitimate interest in assessing your creditworthiness. The result of the credit check regarding the statistical probability of payment default is used by PayPal to decide whether to offer the respective payment method. The credit report may include probability values (so-called score values). If score values are included in the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data is, among other things, used in the calculation of score values. Further data protection information, including the credit agencies used, can be found in PayPal’s privacy policy: PayPal Privacy Policy.
You can object to this processing of your data at any time by contacting PayPal. However, PayPal may still process your personal data if necessary for the contractually agreed payment processing.
 
Stripe
If you choose a payment method from the payment service provider Stripe, the payment processing will be carried out by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will pass on the information provided during the order process along with details about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number) in accordance with Article 6(1)(b) GDPR. Further information about Stripe’s data protection can be found at: Stripe Privacy Policy.
Stripe reserves the right to conduct a credit check based on mathematical-statistical methods to maintain its legitimate interest in determining the user’s creditworthiness. For a credit check, Stripe may transmit the necessary personal data to selected credit agencies, which Stripe discloses to users upon request. The credit report may include probability values (so-called score values). These score values are based on a scientifically recognized mathematical-statistical procedure, and address data, among other factors, is used in their calculation. The result of the credit check regarding the statistical probability of payment default is used by Stripe to decide on the eligibility for the chosen payment method.
You can object to this processing of your data at any time by contacting Stripe or the appointed credit agencies. However, Stripe may still process your personal data if necessary for the contractually agreed payment processing. 
 

9. Online-Marketing

Google AdSense
This website uses Google AdSense, a web advertising service by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google AdSense uses so-called cookies, which are text files stored on your computer that enable an analysis of your usage of the website. Additionally, Google AdSense uses “web beacons” (small invisible graphics) to collect information, allowing for tracking simple actions such as website traffic. The information generated by the cookie and/or web beacon (including your IP address) about your usage of this website is usually transmitted to a Google server and stored there. This may also involve transmission to servers of Google LLC in the USA.

Google uses the information obtained to analyze your behavior regarding AdSense advertisements. The IP address transmitted by your browser in connection with Google AdSense will not be merged with other data from Google. The data collected by Google may be shared with third parties if required by law and/or to third parties processing these data on Google’s behalf.

All the aforementioned processing, especially reading information from the device used via cookies and/or web beacons, is carried out only if you have given us your explicit consent under Article 6(1)(a) GDPR. Without your consent, the use of Google AdSense will be omitted during your visit to the site. You can withdraw your consent at any time with future effect by disabling this service in the “Cookie Consent Tool” provided on the website.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.

Google’s privacy policy can be viewed here: https://www.google.de/policies/privacy/

10. Web Analysis Services

10.1 Google Analytics 4
This website uses Google Analytics 4, a web analytics service from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which allows for the analysis of your use of our website.

By default, Google Analytics 4 sets cookies when you visit the website, which are small text files placed on your device to collect certain information. This includes your IP address, which is truncated by Google to exclude direct personal identification. The information is transmitted to Google servers and processed there, which may involve transmissions to Google LLC in the USA.

Google uses the collected information on our behalf to evaluate your use of the website, compile reports on website activity for us, and provide further services related to website and internet usage. The truncated IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. The data collected via Google Analytics is stored for two months and then deleted.

All processing described above, particularly setting cookies on the device used, takes place only if you have explicitly consented to it under Article 6(1)(a) GDPR. Without your consent, Google Analytics 4 will not be used during your visit. You can withdraw your consent at any time for future use by disabling the service via the “Cookie Consent Tool” on the website. We have entered into a data processing agreement with Google to ensure the protection of our visitors’ data and to prevent unauthorized sharing with third parties. Further legal information on Google Analytics 4 can be found at: Google Privacy Policy and Google Analytics Terms.

Demographic Features
Google Analytics 4 uses the “demographic features” function to generate statistics about the age, gender, and interests of website visitors. This is done by analyzing advertising and third-party data. This allows for identifying target groups for marketing activities. However, the collected data cannot be linked to any specific individual and is deleted after two months.

Google Signals
As an extension to Google Analytics 4, Google Signals may be used on this website to create cross-device reports. If you have enabled personalized ads and linked your devices with your Google account, Google may analyze your usage behavior across devices and create database models for cross-device conversions, subject to your consent for using Google Analytics under Article 6(1)(a) GDPR. We do not receive any personal data from Google, only statistics. If you wish to stop cross-device analysis, you can disable the “Personalized Ads” function in your Google account settings by following the instructions on this page: Personalized Ads Settings. Further information on Google Signals can be found here: Google Signals Support.

UserIDs
As an extension to Google Analytics 4, the “UserIDs” function may be used on this website. If you have consented to the use of Google Analytics 4 under Article 6(1)(a) GDPR, set up an account on this website, and log in with that account across devices, your activities, including conversions, may be analyzed across devices.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, ensuring compliance with European data protection standards based on an adequacy decision by the European Commission.

10.2 Google Tag Manager
This website uses the “Google Tag Manager,” a service from Google Ireland Limited, Gordon House, Barrow Street.
The Google Tag Manager provides a technical foundation for bundling various web applications, including tracking and analytics services, and managing them through a unified user interface with conditions. The Google Tag Manager itself does not store or read information from user devices, nor does it perform independent data analysis. However, when a page is accessed, your IP address is transmitted to Google, where it may be stored. There is also the possibility of data transmission to servers of Google LLC in the USA.

This processing will only occur if you have explicitly given us your consent in accordance with Article 6, Section 1, Letter a of the GDPR. Without this consent, the use of Google Tag Manager will not take place during your visit to the site. You can withdraw your consent at any time with future effect. To exercise your right of withdrawal, please deactivate this service in the “Cookie-Consent-Tool” provided on the website.

We have signed a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorized sharing with third parties. For data transmissions to the USA, the provider has adhered to the EU-US Data Privacy Framework, which ensures compliance with the European data protection standards based on an adequacy decision by the European Commission.

11.  Retargeting/ Remarketing und Conversion-Tracking

Google Ads Conversion Tracking

This website uses the online advertising program “Google Ads” and within Google Ads, the Conversion Tracking service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). We use Google Ads to make our attractive offers visible through advertisements (so-called Google Adwords) on external websites. We can determine how successful individual advertising campaigns are based on the campaign data. Our goal is to show you ads that are of interest to you, make our website more attractive to you, and fairly calculate the advertising costs incurred.

The conversion tracking cookie is set when a user clicks on a Google ad. Cookies are small text files that are stored on your device. These cookies generally expire after 30 days and are not used for personal identification. If the user visits specific pages on this website and the cookie is still valid, both Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Therefore, cookies cannot be tracked across websites of Google Ads customers. The information collected through the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. Customers are informed about the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive information that would allow users to be personally identified. In the context of using Google Ads, personal data may also be transmitted to the servers of Google LLC in the USA.

Details regarding the processing initiated by Google Ads Conversion Tracking and how Google handles website data can be found here: https://policies.google.com/technologies/partner-sites
All of the above-described processes, especially setting cookies to read information from the device being used, are only carried out if you have explicitly given your consent according to Art. 6 Para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future by disabling this service in the “Cookie Consent Tool” provided on the website.
You can also permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the browser plugin available at the following link:
https://www.google.com/settings/ads/plugin?hl=de

Please note that certain features of this website may not be available or may be limited if you have disabled the use of cookies.

Google’s privacy policy can be viewed here: https://www.google.de/policies/privacy/
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision from the European Commission.

12.  Website Functionalities

12.4 hCaptcha
This website uses the CAPTCHA service from the following provider: Intuition Machines, Inc., 350 Alabama St, San Francisco, CA 94110, USA.

The service checks whether an input is made by a human being or abusively by machine and automated processing, and blocks spam, DDoS attacks, and similar automated malicious access. To ensure that an action is performed by a human and not by an automated bot, the provider collects the IP address of the used device, recognition data of the browser and operating system used, as well as the date and duration of the visit, and transmits this for evaluation to the provider’s servers.

The legal basis is our legitimate interest in determining individual responsibility on the internet and preventing abuse and spam, in accordance with Art. 6 Para. 1 lit. f GDPR. We have signed a data processing agreement with the provider, ensuring the protection of the data of our website visitors and prohibiting unauthorized sharing with third parties. For data transfers to the USA, the provider relies on standard contractual clauses from the European Commission, which ensure compliance with European data protection standards.

12.2 Job Applications on Our Website
On our website, we list currently vacant positions in a separate section, to which interested parties can apply by sending an e-mail to the provided contact address.

Applicants must provide all personal data necessary for a thorough evaluation, including general information such as name, address, and contact details, as well as performance-related evidence and, if applicable, health-related information. Details regarding the application process can be found in the job advertisement.

Once the application is received by e-mail, the data will be stored and evaluated solely for the purpose of processing the application. In case of any follow-up questions, we will use either the applicant’s e-mail address or phone number. The processing is based on Art. 6 (1) (b) GDPR (or § 26 (1) BDSG), under which the application process is considered part of initiating an employment contract.

If, during the application process, special categories of personal data as defined by Art. 9 (1) GDPR (e.g., health data such as information about disability status) are requested from applicants, the processing will be carried out in accordance with Art. 9 (2) (b) GDPR, so that we can exercise rights and fulfill obligations arising from labor law and social security and protection law.

Cumulatively or alternatively, the processing of special categories of data may also be based on Art. 9 (1) (h) GDPR if it is for the purposes of health care or occupational medicine, assessing the applicant’s fitness for work, medical diagnostics, provision or treatment in the health or social sector, or for managing systems and services in the health or social sector.

If the applicant is not selected or withdraws their application prematurely, the submitted data, along with all electronic correspondence, including the application e-mail, will be deleted within 6 months after appropriate notification. This period is based on our legitimate interest in answering any follow-up questions regarding the application and, if necessary, complying with our documentation obligations under anti-discrimination regulations for applicants.

In the case of a successful application, the data provided will be processed based on Art. 6 (1) (b) GDPR (in Germany in conjunction with § 26 (1) BDSG) for the purpose of carrying out the employment relationship.

13. Tools and Miscellaneous

13.1 – DATEV
To handle accounting, we use the cloud-based accounting software service of the following provider: DATEV eG, Paumgartnerstr. 6-14, 90429 Nuremberg, Germany.

The provider processes incoming and outgoing invoices, and possibly also the bank transactions of our company, to automatically capture invoices, match them with transactions, and generate the financial accounting in a semi-automated process.

If personal data is processed in this context, the processing is carried out in accordance with Article 6(1)(f) GDPR based on our legitimate interest in efficiently organizing and documenting our business transactions.

13.2 Cookie Consent Tool
This website uses a “Cookie Consent Tool” to obtain valid user consent for cookies and cookie-based applications that require consent. The “Cookie Consent Tool” is displayed to users as an interactive interface when the page is accessed, where users can give consent for specific cookies and/or cookie-based applications by checking boxes. By using this tool, all cookies/services requiring consent will only be loaded when the user gives the corresponding consent through the checkbox. This ensures that such cookies are only set on the user’s device if consent is given.

 The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning, or logging cookie settings, this occurs in accordance with Article 6(1)(f) GDPR based on our legitimate interest in providing a legally compliant, user-specific, and user-friendly consent management system for cookies and thus ensuring a legally compliant structure for our website.

 Another legal basis for processing is Article 6(1)(c) GDPR. As data controllers, we are legally obligated to make the use of technically non-essential cookies dependent on the user’s consent.

Further information about the operator and the settings of the Cookie Consent Tool can be found directly in the corresponding user interface on our website.

14 Single-Sign-On-Login

“Single Sign-On” or “Single Sign-On login or authentication” refers to processes that allow users to log in to a service using an account from a Single Sign-On provider (e.g., a social network), including our online service. The prerequisite for Single Sign-On authentication is that the user is registered with the respective Single Sign-On provider and enters the necessary login credentials in the designated online form, or is already logged in with the provider and confirms the Single Sign-On login via a button.

Authentication takes place directly with the respective Single Sign-On provider. Through this authentication, we receive a user ID indicating that the user is logged in under this ID with the provider, and an ID that cannot be used for other purposes (so-called “User Handle”). Whether additional data is transmitted depends solely on the Single Sign-On method used, the data release choices made during authentication, and the privacy settings or other data the user has shared in their account settings with the Single Sign-On provider. Depending on the provider and user settings, the data can vary, but generally includes the email address and username. The password entered in the Single Sign-On provider’s system is neither visible nor stored by us.

Users should note that their data stored with us may automatically be matched with their account at the Single Sign-On provider, although this is not always possible or guaranteed. For instance, if a user’s email address changes, they must manually update it in their account with us.

We can use the Single Sign-On login if agreed with the user, during or before contract fulfillment, if the user has been asked to do so within the framework of consent, and we may also use it based on legitimate interests for an efficient and secure login system. Should users decide to unlink their account from the Single Sign-On provider, they must do so within their account with the provider. If users wish to delete their data with us, they must terminate their registration.

Facebook Single Sign-On:
We are jointly responsible with Facebook Ireland Ltd. for the collection or receipt of “event data” transmitted via the Facebook Single Sign-On login procedure, which takes place through our online service, but not for further processing. This data is collected for the following purposes: a) displaying content and advertising tailored to the presumed interests of users; b) delivering commercial and transactional messages (e.g., user engagement via Facebook Messenger); c) improving ad delivery and personalizing functions and content. We have signed a specific agreement with Facebook (“Controller Addendum”, https://www.facebook.com/legal/controller_addendum) that includes specific security measures Facebook must adhere to (https://www.facebook.com/legal/terms/data_security_terms), and Facebook has agreed to fulfill the rights of the data subjects (e.g., users can request information or deletion directly from Facebook).
Note: When Facebook provides us with aggregated metrics, analyses, and reports (that do not identify individual users and are anonymous to us), this processing is not part of the joint responsibility but based on a data processing agreement (“Data Processing Terms”, https://www.facebook.com/legal/terms/dataprocessing), “Data Security Terms” (https://www.facebook.com/legal/terms/data_security_terms), and in relation to processing in the USA, it is based on standard contractual clauses (“Facebook EU Data Transfer Addendum”, https://www.facebook.com/legal/EU_data_transfer_addendum). User rights (e.g., the right to access, deletion, objection, and complaints to the relevant supervisory authority) are not restricted by the agreements with Facebook.

Processed Data Types:

  • Master data (e.g., names, addresses)
  • Contact data (e.g., email, phone numbers)
  • Event data (Facebook) (“Event data” refers to data, for example, sent via the Facebook Pixel from our apps or other channels to Facebook, relating to individuals or their actions. This can include information on website visits, interactions with content, app installations, product purchases, etc. The event data is processed for audience targeting for content and advertising (Custom Audiences). Event data does not include actual content (e.g., comments), login information, or contact details (e.g., names, email addresses, phone numbers). Event data is deleted by Facebook after a maximum of two years, and the corresponding audiences are deleted with our Facebook account).
  • Data Subject: Users (e.g., website visitors, online service users).
  • Purposes of Processing: Providing contractual services and customer service, registration processes.
  • Legal Bases: Consent (Art. 6 para. 1 lit. a GDPR), Contract fulfillment and pre-contractual requests (Art. 6 para. 1 lit. b GDPR), Legitimate interests (Art. 6 para. 1 lit. f GDPR).

Service Providers Used:

  • Facebook Single Sign-On: Authentication service; Provider: https://www.facebook.com, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Opt-out: https://www.facebook.com/settings?tab=ads.
  • Google Single Sign-On: Authentication service; Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.google.de; Privacy Policy: https://policies.google.com/privacy; Opt-out: Ad Settings: https://adssettings.google.com/authenticated.

15. Rights of the Data Subject

15.1 The applicable data protection laws grant you the following rights concerning the processing of your personal data by the controller (information and intervention rights), depending on the relevant legal basis:

  • Right to access according to Art. 15 GDPR;
  • Right to rectification according to Art. 16 GDPR;
  • Right to erasure according to Art. 17 GDPR;
  • Right to restriction of processing according to Art. 18 GDPR;
  • Right to notification according to Art. 19 GDPR;
  • Right to data portability according to Art. 20 GDPR;
  • Right to withdraw consent according to Art. 7 para. 3 GDPR;
  • Right to lodge a complaint according to Art. 77 GDPR.
15.2 Right to ObjectIf we process your personal data based on our legitimate interests, you have the right to object at any time, for reasons arising from your particular situation, to this processing with effect for the future.If you exercise your right to object, we will stop processing the relevant data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your data for such purposes. You can exercise your right of objection as described above.If you exercise your right to object, we will stop processing your data for direct marketing purposes. 
 

16. Duration of Storage of Personal Data

The duration of storage of personal data depends on the respective legal basis, the purpose of processing, and, where applicable, the statutory retention periods (e.g., commercial and tax retention periods).
 
When processing personal data based on explicit consent (Art. 6 para. 1 lit. a GDPR), the data will be stored until the data subject withdraws their consent.
If statutory retention periods exist for data processed based on legal obligations (Art. 6 para. 1 lit. b GDPR), the data will be deleted after the retention periods expire unless it is still necessary for contract fulfillment or contract initiation, and/or we have a legitimate interest in continuing the storage.
When processing personal data based on legitimate interests (Art. 6 para. 1 lit. f GDPR), the data will be stored until the data subject exercises their right to object (Art. 21 para. 1 GDPR), unless we can demonstrate compelling reasons for processing that override the data subject’s interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
When processing personal data for direct marketing purposes (Art. 6 para. 1 lit. f GDPR), the data will be stored until the data subject exercises their right to object according to Art. 21 para. 2 GDPR.
 
Unless otherwise specified by other information in this statement regarding specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.
 
 

5. Contacting Us

When contacting us (e.g., via contact form or email), personal data will be processed solely for the purpose of addressing and responding to your request, and only to the extent necessary.
The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Art. 6 (1) (f) GDPR. If your contact aims to initiate a contract, an additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted when it is clear that the matter has been fully resolved, and provided there are no legal retention obligations to the contrary.
 

6. Data Processing When Opening a Customer Account

In accordance with Art. 6 (1) (b) GDPR, personal data will continue to be collected and processed to the necessary extent when you provide it to us during the creation of a customer account. The data required for account creation can be found in the input fields of the corresponding form on our website.
You can delete your customer account at any time by sending a message to the address of the data controller provided above. After the deletion of your customer account, your data will be erased, provided all contracts associated with it have been fully processed, no legal retention periods apply, and we have no legitimate interest in retaining the data.
 

7. Use of Customer Data for Direct Advertising

When you subscribe to our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information required for the newsletter subscription is your e-mail address. Providing additional data is optional and will be used to address you personally. For the newsletter distribution, we use the so-called double opt-in procedure, which ensures that you will only receive the newsletter once you have expressly confirmed your consent to receive it by clicking on a verification link sent to the provided e-mail address.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) (a) GDPR. In this process, we store the IP address registered by your Internet Service Provider (ISP), as well as the date and time of registration, in order to be able to trace any possible misuse of your e-mail address at a later time. The data we collect during the newsletter registration is used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending an appropriate message to the responsible party mentioned at the beginning. After unsubscribing, your e-mail address will be promptly removed from our newsletter distribution list, unless you have expressly agreed to further use of your data or we reserve the right to use your data in a manner that is legally permitted and which we inform you about in this statement.

8. Data Processing for Order Fulfillment

7. Use of Customer Data for Direct Advertising

8.1 As far as necessary for contract execution related to delivery and payment purposes, the personal data we collect will be passed on to the assigned transport company and the appointed financial institution in accordance with Article 6(1)(b) GDPR.
If we owe you updates for goods with digital elements or digital products based on a corresponding contract, we process the contact data you provided during the order (name, address, email address) in order to inform you personally, within the legally required timeframe, about upcoming updates in accordance with our legal information obligations under Article 6(1)(c) GDPR, using appropriate communication channels (e.g., postal mail or email). Your contact data will be strictly purpose-bound and processed only to the extent necessary for sending notifications about the updates we owe you.
To fulfill your order, we also work with the service provider(s) listed below, who assist us in carrying out the concluded contracts, either fully or partially. Certain personal data will be transmitted to these service providers as specified in the following information.
8.2 Use of Payment Service Providers
PayPal
When paying via PayPal, credit card via PayPal, direct debit via PayPal, or if offered, “purchase on account” or “installment payment” via PayPal, we will pass on your payment details to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”) for payment processing. This transfer is carried out in accordance with Article 6(1)(b) GDPR and only to the extent necessary for processing the payment.
For payment methods via PayPal (credit card, direct debit, or if offered, “purchase on account” or “installment payment”), PayPal reserves the right to conduct a credit check. For this purpose, your payment data may be passed on to credit agencies according to Article 6(1)(f) GDPR based on PayPal’s legitimate interest in assessing your creditworthiness. The result of the credit check regarding the statistical probability of payment default is used by PayPal to decide whether to offer the respective payment method. The credit report may include probability values (so-called score values). If score values are included in the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data is, among other things, used in the calculation of score values. Further data protection information, including the credit agencies used, can be found in PayPal’s privacy policy: PayPal Privacy Policy.
You can object to this processing of your data at any time by contacting PayPal. However, PayPal may still process your personal data if necessary for the contractually agreed payment processing.
Stripe
If you choose a payment method from the payment service provider Stripe, the payment processing will be carried out by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will pass on the information provided during the order process along with details about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number) in accordance with Article 6(1)(b) GDPR. Further information about Stripe’s data protection can be found at: Stripe Privacy Policy.
Stripe reserves the right to conduct a credit check based on mathematical-statistical methods to maintain its legitimate interest in determining the user’s creditworthiness. For a credit check, Stripe may transmit the necessary personal data to selected credit agencies, which Stripe discloses to users upon request. The credit report may include probability values (so-called score values). These score values are based on a scientifically recognized mathematical-statistical procedure, and address data, among other factors, is used in their calculation. The result of the credit check regarding the statistical probability of payment default is used by Stripe to decide on the eligibility for the chosen payment method.
You can object to this processing of your data at any time by contacting Stripe or the appointed credit agencies. However, Stripe may still process your personal data if necessary for the contractually agreed payment processing. 

9. Online-Marketing

Google AdSense
This website uses Google AdSense, a web advertising service by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google AdSense uses so-called cookies, which are text files stored on your computer that enable an analysis of your usage of the website. Additionally, Google AdSense uses “web beacons” (small invisible graphics) to collect information, allowing for tracking simple actions such as website traffic. The information generated by the cookie and/or web beacon (including your IP address) about your usage of this website is usually transmitted to a Google server and stored there. This may also involve transmission to servers of Google LLC in the USA.

Google uses the information obtained to analyze your behavior regarding AdSense advertisements. The IP address transmitted by your browser in connection with Google AdSense will not be merged with other data from Google. The data collected by Google may be shared with third parties if required by law and/or to third parties processing these data on Google’s behalf.

All the aforementioned processing, especially reading information from the device used via cookies and/or web beacons, is carried out only if you have given us your explicit consent under Article 6(1)(a) GDPR. Without your consent, the use of Google AdSense will be omitted during your visit to the site. You can withdraw your consent at any time with future effect by disabling this service in the “Cookie Consent Tool” provided on the website.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.

Google’s privacy policy can be viewed here: https://www.google.de/policies/privacy/

10. Web Analysis Services

10.1 Google Analytics 4
This website uses Google Analytics 4, a web analytics service from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which allows for the analysis of your use of our website.

By default, Google Analytics 4 sets cookies when you visit the website, which are small text files placed on your device to collect certain information. This includes your IP address, which is truncated by Google to exclude direct personal identification. The information is transmitted to Google servers and processed there, which may involve transmissions to Google LLC in the USA.

Google uses the collected information on our behalf to evaluate your use of the website, compile reports on website activity for us, and provide further services related to website and internet usage. The truncated IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. The data collected via Google Analytics is stored for two months and then deleted.

All processing described above, particularly setting cookies on the device used, takes place only if you have explicitly consented to it under Article 6(1)(a) GDPR. Without your consent, Google Analytics 4 will not be used during your visit. You can withdraw your consent at any time for future use by disabling the service via the “Cookie Consent Tool” on the website. We have entered into a data processing agreement with Google to ensure the protection of our visitors’ data and to prevent unauthorized sharing with third parties. Further legal information on Google Analytics 4 can be found at: Google Privacy Policy and Google Analytics Terms.

Demographic Features
Google Analytics 4 uses the “demographic features” function to generate statistics about the age, gender, and interests of website visitors. This is done by analyzing advertising and third-party data. This allows for identifying target groups for marketing activities. However, the collected data cannot be linked to any specific individual and is deleted after two months.

Google Signals
As an extension to Google Analytics 4, Google Signals may be used on this website to create cross-device reports. If you have enabled personalized ads and linked your devices with your Google account, Google may analyze your usage behavior across devices and create database models for cross-device conversions, subject to your consent for using Google Analytics under Article 6(1)(a) GDPR. We do not receive any personal data from Google, only statistics. If you wish to stop cross-device analysis, you can disable the “Personalized Ads” function in your Google account settings by following the instructions on this page: Personalized Ads Settings. Further information on Google Signals can be found here: Google Signals Support.

UserIDs
As an extension to Google Analytics 4, the “UserIDs” function may be used on this website. If you have consented to the use of Google Analytics 4 under Article 6(1)(a) GDPR, set up an account on this website, and log in with that account across devices, your activities, including conversions, may be analyzed across devices.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, ensuring compliance with European data protection standards based on an adequacy decision by the European Commission.

10.2 Google Tag Manager
This website uses the “Google Tag Manager,” a service from Google Ireland Limited, Gordon House, Barrow Street.
The Google Tag Manager provides a technical foundation for bundling various web applications, including tracking and analytics services, and managing them through a unified user interface with conditions. The Google Tag Manager itself does not store or read information from user devices, nor does it perform independent data analysis. However, when a page is accessed, your IP address is transmitted to Google, where it may be stored. There is also the possibility of data transmission to servers of Google LLC in the USA.

This processing will only occur if you have explicitly given us your consent in accordance with Article 6, Section 1, Letter a of the GDPR. Without this consent, the use of Google Tag Manager will not take place during your visit to the site. You can withdraw your consent at any time with future effect. To exercise your right of withdrawal, please deactivate this service in the “Cookie-Consent-Tool” provided on the website.

We have signed a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorized sharing with third parties. For data transmissions to the USA, the provider has adhered to the EU-US Data Privacy Framework, which ensures compliance with the European data protection standards based on an adequacy decision by the European Commission.

11.  Retargeting/ Remarketing und Conversion-Tracking

Google Ads Conversion Tracking

This website uses the online advertising program “Google Ads” and within Google Ads, the Conversion Tracking service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). We use Google Ads to make our attractive offers visible through advertisements (so-called Google Adwords) on external websites. We can determine how successful individual advertising campaigns are based on the campaign data. Our goal is to show you ads that are of interest to you, make our website more attractive to you, and fairly calculate the advertising costs incurred.

The conversion tracking cookie is set when a user clicks on a Google ad. Cookies are small text files that are stored on your device. These cookies generally expire after 30 days and are not used for personal identification. If the user visits specific pages on this website and the cookie is still valid, both Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Therefore, cookies cannot be tracked across websites of Google Ads customers. The information collected through the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. Customers are informed about the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive information that would allow users to be personally identified. In the context of using Google Ads, personal data may also be transmitted to the servers of Google LLC in the USA.

Details regarding the processing initiated by Google Ads Conversion Tracking and how Google handles website data can be found here: https://policies.google.com/technologies/partner-sites
All of the above-described processes, especially setting cookies to read information from the device being used, are only carried out if you have explicitly given your consent according to Art. 6 Para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future by disabling this service in the “Cookie Consent Tool” provided on the website.
You can also permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the browser plugin available at the following link:
https://www.google.com/settings/ads/plugin?hl=de

Please note that certain features of this website may not be available or may be limited if you have disabled the use of cookies.

Google’s privacy policy can be viewed here: https://www.google.de/policies/privacy/
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision from the European Commission.

12.  Website Functionalities

12.4 hCaptcha
This website uses the CAPTCHA service from the following provider: Intuition Machines, Inc., 350 Alabama St, San Francisco, CA 94110, USA.

The service checks whether an input is made by a human being or abusively by machine and automated processing, and blocks spam, DDoS attacks, and similar automated malicious access. To ensure that an action is performed by a human and not by an automated bot, the provider collects the IP address of the used device, recognition data of the browser and operating system used, as well as the date and duration of the visit, and transmits this for evaluation to the provider’s servers.

The legal basis is our legitimate interest in determining individual responsibility on the internet and preventing abuse and spam, in accordance with Art. 6 Para. 1 lit. f GDPR. We have signed a data processing agreement with the provider, ensuring the protection of the data of our website visitors and prohibiting unauthorized sharing with third parties. For data transfers to the USA, the provider relies on standard contractual clauses from the European Commission, which ensure compliance with European data protection standards.

12.2 Job Applications on Our Website
On our website, we list currently vacant positions in a separate section, to which interested parties can apply by sending an e-mail to the provided contact address.

Applicants must provide all personal data necessary for a thorough evaluation, including general information such as name, address, and contact details, as well as performance-related evidence and, if applicable, health-related information. Details regarding the application process can be found in the job advertisement.

Once the application is received by e-mail, the data will be stored and evaluated solely for the purpose of processing the application. In case of any follow-up questions, we will use either the applicant’s e-mail address or phone number. The processing is based on Art. 6 (1) (b) GDPR (or § 26 (1) BDSG), under which the application process is considered part of initiating an employment contract.

If, during the application process, special categories of personal data as defined by Art. 9 (1) GDPR (e.g., health data such as information about disability status) are requested from applicants, the processing will be carried out in accordance with Art. 9 (2) (b) GDPR, so that we can exercise rights and fulfill obligations arising from labor law and social security and protection law.

Cumulatively or alternatively, the processing of special categories of data may also be based on Art. 9 (1) (h) GDPR if it is for the purposes of health care or occupational medicine, assessing the applicant’s fitness for work, medical diagnostics, provision or treatment in the health or social sector, or for managing systems and services in the health or social sector.

If the applicant is not selected or withdraws their application prematurely, the submitted data, along with all electronic correspondence, including the application e-mail, will be deleted within 6 months after appropriate notification. This period is based on our legitimate interest in answering any follow-up questions regarding the application and, if necessary, complying with our documentation obligations under anti-discrimination regulations for applicants.

In the case of a successful application, the data provided will be processed based on Art. 6 (1) (b) GDPR (in Germany in conjunction with § 26 (1) BDSG) for the purpose of carrying out the employment relationship.

13. Tools and Miscellaneous

13.1 – DATEV
To handle accounting, we use the cloud-based accounting software service of the following provider: DATEV eG, Paumgartnerstr. 6-14, 90429 Nuremberg, Germany.

The provider processes incoming and outgoing invoices, and possibly also the bank transactions of our company, to automatically capture invoices, match them with transactions, and generate the financial accounting in a semi-automated process.

If personal data is processed in this context, the processing is carried out in accordance with Article 6(1)(f) GDPR based on our legitimate interest in efficiently organizing and documenting our business transactions.

13.2 Cookie Consent Tool
This website uses a “Cookie Consent Tool” to obtain valid user consent for cookies and cookie-based applications that require consent. The “Cookie Consent Tool” is displayed to users as an interactive interface when the page is accessed, where users can give consent for specific cookies and/or cookie-based applications by checking boxes. By using this tool, all cookies/services requiring consent will only be loaded when the user gives the corresponding consent through the checkbox. This ensures that such cookies are only set on the user’s device if consent is given.

 The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning, or logging cookie settings, this occurs in accordance with Article 6(1)(f) GDPR based on our legitimate interest in providing a legally compliant, user-specific, and user-friendly consent management system for cookies and thus ensuring a legally compliant structure for our website.

 Another legal basis for processing is Article 6(1)(c) GDPR. As data controllers, we are legally obligated to make the use of technically non-essential cookies dependent on the user’s consent.

Further information about the operator and the settings of the Cookie Consent Tool can be found directly in the corresponding user interface on our website.

14 Single-Sign-On-Login

“Single Sign-On” or “Single Sign-On login or authentication” refers to processes that allow users to log in to a service using an account from a Single Sign-On provider (e.g., a social network), including our online service. The prerequisite for Single Sign-On authentication is that the user is registered with the respective Single Sign-On provider and enters the necessary login credentials in the designated online form, or is already logged in with the provider and confirms the Single Sign-On login via a button.

Authentication takes place directly with the respective Single Sign-On provider. Through this authentication, we receive a user ID indicating that the user is logged in under this ID with the provider, and an ID that cannot be used for other purposes (so-called “User Handle”). Whether additional data is transmitted depends solely on the Single Sign-On method used, the data release choices made during authentication, and the privacy settings or other data the user has shared in their account settings with the Single Sign-On provider. Depending on the provider and user settings, the data can vary, but generally includes the email address and username. The password entered in the Single Sign-On provider’s system is neither visible nor stored by us.

Users should note that their data stored with us may automatically be matched with their account at the Single Sign-On provider, although this is not always possible or guaranteed. For instance, if a user’s email address changes, they must manually update it in their account with us.

We can use the Single Sign-On login if agreed with the user, during or before contract fulfillment, if the user has been asked to do so within the framework of consent, and we may also use it based on legitimate interests for an efficient and secure login system. Should users decide to unlink their account from the Single Sign-On provider, they must do so within their account with the provider. If users wish to delete their data with us, they must terminate their registration.

Facebook Single Sign-On:
We are jointly responsible with Facebook Ireland Ltd. for the collection or receipt of “event data” transmitted via the Facebook Single Sign-On login procedure, which takes place through our online service, but not for further processing. This data is collected for the following purposes: a) displaying content and advertising tailored to the presumed interests of users; b) delivering commercial and transactional messages (e.g., user engagement via Facebook Messenger); c) improving ad delivery and personalizing functions and content. We have signed a specific agreement with Facebook (“Controller Addendum”, https://www.facebook.com/legal/controller_addendum) that includes specific security measures Facebook must adhere to (https://www.facebook.com/legal/terms/data_security_terms), and Facebook has agreed to fulfill the rights of the data subjects (e.g., users can request information or deletion directly from Facebook).
Note: When Facebook provides us with aggregated metrics, analyses, and reports (that do not identify individual users and are anonymous to us), this processing is not part of the joint responsibility but based on a data processing agreement (“Data Processing Terms”, https://www.facebook.com/legal/terms/dataprocessing), “Data Security Terms” (https://www.facebook.com/legal/terms/data_security_terms), and in relation to processing in the USA, it is based on standard contractual clauses (“Facebook EU Data Transfer Addendum”, https://www.facebook.com/legal/EU_data_transfer_addendum). User rights (e.g., the right to access, deletion, objection, and complaints to the relevant supervisory authority) are not restricted by the agreements with Facebook.

Processed Data Types:

  • Master data (e.g., names, addresses)
  • Contact data (e.g., email, phone numbers)
  • Event data (Facebook) (“Event data” refers to data, for example, sent via the Facebook Pixel from our apps or other channels to Facebook, relating to individuals or their actions. This can include information on website visits, interactions with content, app installations, product purchases, etc. The event data is processed for audience targeting for content and advertising (Custom Audiences). Event data does not include actual content (e.g., comments), login information, or contact details (e.g., names, email addresses, phone numbers). Event data is deleted by Facebook after a maximum of two years, and the corresponding audiences are deleted with our Facebook account).
  • Data Subject: Users (e.g., website visitors, online service users).
  • Purposes of Processing: Providing contractual services and customer service, registration processes.
  • Legal Bases: Consent (Art. 6 para. 1 lit. a GDPR), Contract fulfillment and pre-contractual requests (Art. 6 para. 1 lit. b GDPR), Legitimate interests (Art. 6 para. 1 lit. f GDPR).

Service Providers Used:

  • Facebook Single Sign-On: Authentication service; Provider: https://www.facebook.com, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Opt-out: https://www.facebook.com/settings?tab=ads.
  • Google Single Sign-On: Authentication service; Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.google.de; Privacy Policy: https://policies.google.com/privacy; Opt-out: Ad Settings: https://adssettings.google.com/authenticated.

15. Rights of the Data Subject

15.1 The applicable data protection laws grant you the following rights concerning the processing of your personal data by the controller (information and intervention rights), depending on the relevant legal basis:

  • Right to access according to Art. 15 GDPR;
  • Right to rectification according to Art. 16 GDPR;
  • Right to erasure according to Art. 17 GDPR;
  • Right to restriction of processing according to Art. 18 GDPR;
  • Right to notification according to Art. 19 GDPR;
  • Right to data portability according to Art. 20 GDPR;
  • Right to withdraw consent according to Art. 7 para. 3 GDPR;
  • Right to lodge a complaint according to Art. 77 GDPR.

15.2 Right to ObjectIf we process your personal data based on our legitimate interests, you have the right to object at any time, for reasons arising from your particular situation, to this processing with effect for the future.If you exercise your right to object, we will stop processing the relevant data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your data for such purposes. You can exercise your right of objection as described above.If you exercise your right to object, we will stop processing your data for direct marketing purposes. 

16. Duration of Storage of Personal Data

The duration of storage of personal data depends on the respective legal basis, the purpose of processing, and, where applicable, the statutory retention periods (e.g., commercial and tax retention periods).
When processing personal data based on explicit consent (Art. 6 para. 1 lit. a GDPR), the data will be stored until the data subject withdraws their consent.
If statutory retention periods exist for data processed based on legal obligations (Art. 6 para. 1 lit. b GDPR), the data will be deleted after the retention periods expire unless it is still necessary for contract fulfillment or contract initiation, and/or we have a legitimate interest in continuing the storage.
When processing personal data based on legitimate interests (Art. 6 para. 1 lit. f GDPR), the data will be stored until the data subject exercises their right to object (Art. 21 para. 1 GDPR), unless we can demonstrate compelling reasons for processing that override the data subject’s interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
When processing personal data for direct marketing purposes (Art. 6 para. 1 lit. f GDPR), the data will be stored until the data subject exercises their right to object according to Art. 21 para. 2 GDPR.
Unless otherwise specified by other information in this statement regarding specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.