In the following you will find information on the processing of your personal data in accordance with Art. 13 of the European General Data Protection Regulation (GDPR).
1. Basic information
2. Provider/Contact person
The provider and controller responsible for the collection and processing of your personal data on this website is
The data protection officer of the controller is:
Dr. Sebastian Kraska
3. Collection, processing and use of your personal data
Within the framework of this website, there is particular focus on communication data (e.g. name, telephone number, e-mail address, postal address, IP address).
Our offer is directed exclusively at people who are 16 years of age or older.
When do we process your data?
In principle, personal data is information about a natural person that is identified or identifiable by this data (e.g. name, address, e-mail address).
Data processing on our part only takes place if there is a legal basis for this (e.g. your consent, our legitimate interests, fulfillment of legal obligations etc.).
In the following we will introduce you to the purposes for which we or one of our service providers processes your data (purpose of processing).
3.1 Data processing for the purpose of providing the website
Legal basis: overriding legitimate interest in direct marketing, as long as and to the extent that this is in compliance with data protection and competition law requirements (Art. 6 para. 1 lit. f GDPR)
3.2 Data processing for the purpose of processing customer enquiries within the framework of a contact form
Legal basis: overriding legitimate interest in the processing of customer enquiries and marketing measures to the extent that this is in accordance with data protection and competition law requirements (Art. 6 para.1 lit. f GDPR) or if you give your consent to be contacted personally by our team (Art. 6 para.1 lit. a GDPR).
3.3 Data processing for security reasons and to detect faults
Legal basis: overriding legitimate interest in the elimination of faults and to ensure data security within the scope of our legal obligation (Art. 6 Para. 1 lit. f GDPR).
3.4 Data processing for the purpose of safeguarding and defending our rights
Legal basis: Given by the legitimate interest on our part in the protection and defense of our rights (Art. 6 para. 1 lit. f GDPR).
3.5 Data processing in the context of advertising (own and third-party advertising), market research and reach measurement
Legal basis: Direct marketing takes place either because of an existing overriding legitimate interest on our part or because you have given your consent (Art. 6 para. 1 lit. a or f GDPR).
3.6 Data processing by voluntary newsletter registration
Legal basis: We are permitted to send you our newsletter, provided you have given us your prior consent (Art. 6. para. 1 lit. a GDPR). Otherwise, the recording of the registration procedure is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR). Further information can be found under item 11.
3.7 Data processing for the purposes of the application procedure
Legal basis: The processing of your personal data during the application procedure is generally necessary to establish the employment relationship (Art. 88 GDPR in conjunction with §26 BDSG-neu and Art. 6 para. 1 lit. b GDPR). It may also be permissible in order to fulfil legal obligations (Art. 6 para. 1 lit. c GDPR) or on the basis of a legitimate interest (Art. 6 para. 1 lit. f GDPR). Further information can be found under item 9.
If the processing of your data is based on your prior consent, please note that you can end this processing at any time and with effect for the future by withdrawing your consent (see 3.2, 3.5, 3.6).
4. Log data
Whenever our website is called up, our system automatically records data and information on the computer system of the calling computer and transmits this to our server. The following data is recorded and stored during the ongoing communication:
Date and time at the time of access and duration of the access
Quantity of data sent
Name of the service provider
Operating system used
IP address used
For reasons of data security, in particular to defend against attempts to attack our web server, as already described in 3.3, we will store these access logs for a period of 7 days and then delete them. Excepted from this are data whose retention is required for evidentiary purposes due to further obligations. This data will be retained by us until a corresponding incident has been clarified and may be passed on to investigating authorities in individual cases.
5. Passing on your data
Your data will only be passed on to persons who need it to fulfil our contractual or legal obligations. In this context, we would like to inform you that we may transfer your data to companies affiliated with us to the extent that this is permissible with regard to the purposes and legal basis set out in Section 3.
In addition, your data will be forwarded to recipients outside this company if this is necessary to fulfil our contractual or legal obligations.
Any other transfer of your personal data is carried out on the basis of processing contracts in accordance with Art. 28 GDPR. Here we ensure with our contractual partner that data processing is only carried out if all data protection obligations are complied with. We entrust these external service providers with tasks such as marketing services.
Please note that we may also cooperate with partners who are not data processors and who collect personal data directly from you as a costumer without any direct transmission by us. This includes, for example, the payment service provider PayPal (Europe) S.a.r.l. et Cie, S.C.A. based in the EU (“PayPal”) as well as the respective PayPal data processors. If you choose to process payments via PayPal, you will be directed to PayPal or one of its affiliates for payment purposes. Such third party providers are not our “recipients” within the meaning of Art. 13 para 1 lit. e DSGVO. You independently collect your data based on your own decision to choose this payment process. It should be noted that your contractual relationship with PayPal is independent of your contractual relationship with us.
6. Data transfer to third countries (outside the EU/EEA)
Data will only be transferred to recipients located outside the EU/EEA if they can demonstrate an adequate level of data protection.
Please note that not all third countries can demonstrate such an adequate level of data protection (e.g. the USA). If we nevertheless intend to transfer data to such third countries, we will ensure before entering into the contractual relationship that we agree on, for example, so-called EU standard contractual clauses with this recipient. Furthermore, a data transfer would otherwise still be permissible, if we have your consent to transfer your data to a less secure third country such as the USA.
7. Storage of your data
We will only store your data to the extent and for the duration permitted by law. Accordingly, we will store data in connection with the offers made available by us on this website for the period of time for which we have a legitimate interest in storing the data or for which you allow us to store the data within the scope of your previously given voluntary consent, e.g. for receiving a newsletter. If you withdraw this consent, your data will be deleted. Excluded from the deletion are such data, no matter for what purpose, which we have to store in order to fulfil legal obligations (e.g. tax and commercial law storage periods).
We make use of two different types of cookies or analysis tools. On the one hand, there are those that are necessary for the functionality of our website and those that are not. In the following we will explain the meaning and use of these cookies in more detail:
8.1 Technically necessary cookies
This refers to cookies that are necessary for the technical feasibility of the offer made available on this website. For example, they are required to identify the installation language of the respective browser in order to display the website content in the correct language for you.
These cookies will be deleted after you have finished your visit to our site.
8.2 Technically not necessary cookies
These are cookies that we use, but which are not necessary for the technical feasibility of the online offer. We use marketing cookies as well as tracking methods under the condition that you have given us your prior consent to the use of such cookies.
The use of our tracking methods enables us to gain insights into your user behavior through analysis, so that we can provide you with an individual offer derived from your personal interests.
8.3 Evaluation of usage data and use of tracking methods
Records of your user behavior and preferences are analyzed by programs of our tracking providers, who generate statistics and reports for us from the records. By setting cookies, for example, we could recognize whether and how often you as a user have clicked on a particular advertisement.
By confirming (opt-in) the cookies in our cookie banner, you give us your consent to use your data as described above. You have the opportunity to object your consent at any time.
As far as you object to the cookies in the context of the Cookie-Banner (Objection), we will place an opt-out cookie in your browser to enforce an assignment to your objection. These cookies will only be set in the browser in which you have expressed your objection. If you use a different browser, it is necessary for you to object to its use again.
For the evaluation of usage data we use a customer relationship management tool (see HubSpot), which supports us in particular with conversion tracking services. Furthermore, we use a statistics tool (see Google Analytics). These tools will be enabled only after you have given your consent.
The following marketing tools are used by us in connection with this website:
Google Analytics: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Google Analytics is used by us to gather information and analyze the general user behavior of our website visitors within the framework of the online services we provide and to report on the relevant usage statistics.
Furthermore, Google will inform you about your right to object under the following link: https://tools.google.com/dlpage/gaoptout?hl=de
HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland
We use the services of our partner HubSpot to handle part of our online marketing. This includes:
E-mail marketing (see point 11., Newsletter)
Administration customer database
Contact management (enrichment of data records in connection with the collected knowledge of the individual)
Individual analysis and reporting, e.g. on e-mail performance or web analytics regarding our customers and prospects
9. Data protection information in the application procedure
10. Social plug-ins
We use so-called social plug-ins on our website. In principle, these are deactivated when you visit our site. They are activated by clicking on the respective social plug-in. This establishes a connection with the server of the network. In this way, the network provider receives information about the fact that you have called up our web offer via your Internet browser. It is not important that you have an account with the respective network provider. Furthermore, your protocol data will be transmitted to the network provider and, in case of doubt, stored there.
The network providers’ servers may be located outside the EU/EEA. For further information on how we handle your personal data, please refer to the data protection regulations of the respective provider.
Unless you do not want your data to be transmitted to network providers, we recommend you to not use the social plug-ins.
www.facebook.com: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
www.facebook.de: Facebook Ireland Limited, Hanover Reach, 5–7 Hanover Quay, Dublin 2, Irland
www.instagram.com: Facebook Ireland Limited, 4 Grand Canal Square, Dub-lin 2, Ireland
www.linkedin.com: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
www.twitter.com: Twitter International Company, One Cumberland Place, Fe-nian Street, Dublin 2, D02 AX07, Ireland
11.1 General Information
By subscribing to our newsletter, you agree to receive it and to the procedures described. We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter referred to as “newsletters”) only with a legal permission (e.g. your consent). If the contents of the newsletter are specifically described in the context of a registration for the newsletter, these are decisive for the consent. Furthermore, our newsletters contain information about our services and our company.
Double-opt-in procedure and logging: The registration to our newsletter takes place in a so-called double-opt-in procedure, i.e. you will receive an e-mail after registration in which you are asked to confirm your registration.
Newsletter registrations are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored by the shipping service provider are also logged. Furthermore, the following of your personal data will be processed for the purpose of sending the newsletter:
You can cancel the receipt of our newsletter at any time by withdrawing your consent. You will find a link to cancel the newsletter at the end of each newsletter.
We will send the newsletters via the mailing service provider HubSpot (see further information in 8.3). The dispatch service provider is used on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR and an processing contract in accordance with Art. 28 para. 3 p. 1 GDPR.
11.2 Measurement of newsletter success
The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened, or from the server of a service provider if we use one. Within the scope of this retrieval, technical information such as information about the browser and your system as well as your IP address and the time of the retrieval are initially collected. This technical data and information on the target groups and their reading behavior based on the respective retrieval locations (which can be determined with the help of the IP address) as well as access times are used for technical improvement of the services. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked on. For technical reasons, this information can be allocated to the individual newsletter recipients, but it is neither our intention nor, if used, the intention of the service provider to observe you as a user. Rather, the evaluations serve us to recognize your reading habits and to adapt our content for you or to send different content according to your interests. Unfortunately, it is not possible to cancel the performance measurement separately; in this case, the entire newsletter subscription must be cancelled.
Our employees and the service providers mandated by us are obliged to maintain secrecy and comply with the provisions of the applicable data protection laws.
We take all necessary technical and organizational measures in accordance with Art. 32 ff. GDPR to ensure an appropriate level of data protection and to protect your data processed by us against the following risks in particular: accidental or unlawful destruction, manipulation, loss, modification or unauthorized disclosure or access. Our security measures are constantly improved in line with technological developments.
13. Right of data subjects
As a user of our website, you are entitled to the rights under Art. 15-18, 21 GDPR within the scope of the GDPR:
Right to access:
According to Art. 15 GDPR you have the right to receive access about the processing of your data, which you can assert against us. For this purpose you can contact us by e-mail at firstname.lastname@example.org.
Right to rectification:
Likewise, you can demand that we correct any incorrect data in accordance with Art. 16 GDPR. In the event that your data is not complete, you may request that your data be completed.
Right to erasure:
Furthermore, we will delete your data at your request in accordance with Art. 17 GDPR. Unless we need this data to fulfil our legal obligations.
Right to restriction:
Within the framework of the conditions set out in Art. 18 GDPR, you have the right to obtain restriction of the processing of the data concerning you.
Right to data portability:
Provided that the requirements of Art. 20 GDPR are met, you have the right to receive your relevant personal data that you have provided us with in a structured, common and machine-readable format. Insofar as this is technically possible, you may also request that this data be transferred to a third party.
Right to withdrawal:
In accordance with Art. 7 para. 3 GDPR, you can withdraw the consent you have given us to your data processing with effect for the future. This means that we may no longer continue to process data for you.
Right of objection:
If processing of your personal data pursuant to Art. 6 Par. 1 letter f GDPR is carried out to the purposes of a legitimate interest, you have the right pursuant to Art. 21 GDPR to object to the processing of your data at any time for reasons arising from your particular situation. We will ensure that processing is discontinued unless we are obliged to continue it for reasons of compelling reasons worthy of protection. Such reasons must overridden your interests, fundamental rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Right to lodge a complaint:
Finally, according to Art. 77 GDPR, you still have the right to lodge a complaint if you are of the opinion that we have not observed data protection regulations in the course of processing your data. In this case, please contact the supervisory authority responsible for your place of residence or your federal state, or the supervisory authority responsible for us. This is the Bavarian State Office for Data Protection Supervision.
Updated January 2021.