As of August 1, 2019
Our management and employees are expected to strictly observe all regulatory, legal and corporate requirements for handling and protecting Personal Information. We have also established internal safety standards, accountability protocols and procedures, and preventive measures to protect against unauthorized access, disclosure, alteration or destruction of Personal Information.
2. Proper Acquisition
We acquire Personal Information only by proper and lawful means and not through deception or any other wrongful means. When Personal Information is provided to us by third parties, we take appropriate steps to verify that such information is reliable and obtained in a proper manner.
3. Processing of Personal Data/Purpose of Processing
When browsing our website for informational purposes
The provider of the Websites automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data on prevailing legitimate interest of the controller. Our legitimate interest is to ensure unimpeded and trouble-free access to our Websites.
For further information on the processing by cookies and tools of third party providers see Section 4 below.
The hosting of the Websites and our services offered is carried out by an external service provider on our behalf. Your data will be stored on protected servers within the EU. Access is only possible to a few specially authorised persons who are involved with the technical, commercial or editorial support of the servers.
When registering for a user account
When registering for a user account we collect your username, e-mail, gender, first name, surname, birthdate, zip code, city and country and password.
When you register via your social media account (Facebook, Google+, Yahoo or OpenID) the concerned social media provider will automatically provide to us your personal account data such as your name, social media account ID, email, workplace, gender or further account-related data or profile pictures. Please note that not all of the provided data is stored to our data bases (e.g. no information regarding workplace or profile pictures). However, in such case you are using a third party service which is independent of us and whose data processing procedures we are unable to influence. Please find further information on data protection at the websites of the relevant third party service providers.
The processing of your personal data is necessary to fulfil our contractual obligation towards you (Art. 6 (1) (b) GDPR). The processing is further covered by our legitimate interest in offering the services and enhancing user experience and convenience with our services (Art. 6 (1) (f) GDPR).
Your data will be stored, until you delete your account.
When using our contact form
When you use our contact form we collect your e-mail address as well as the content you provide.
We will only process your personal data in order to process your request and provide you with the respective feedback.
The personal data is processed I order to protect our legitimate interest to offer you the service and enhance customer satisfaction (Art. 6 (1) (f) GDPR).
We will delete your personal data once your request has been answered finally.
When subscribing to our newsletter service
If you have given your consent, we will send you a newsletter/information at irregular intervals to inform you about news on our Services as well as on the Services of our affiliated companies.
For this we need your e-mail address. You can unsubscribe from the newsletter at any time by clicking on the corresponding link at the end of the e-mail. You can also revoke this consent at any time with effect for the future by e-mail to [email protected] .
The legal basis for sending the newsletter is Art. 6 (1) (a) GDPR.
If you withdraw your consent or rightfully object to the processing, we will delete your personal data immediately.
For the purpose of demand-oriented design and continuous optimization of our Website, we use Google Analytics, a web analysis service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). In this context, pseudonymized user profiles are created and cookies (see above) are used. The information generated by the cookie about your use of this Website such as
- browser type/version,
- operating system used,
- referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of the server request,
- We measure the reach of our website with Matomo, an open source tool that we operate on our own server. A cookie may be set on the user's end device, via which the activities can be tracked and, for example, recurring visits can be recognized. The user's IP address is automatically shortened, so it is no longer possible to draw conclusions about individual persons. Among other things, the approximate geographic location, end device, screen resolution, browser and pages visited including the length of stay are evaluated. Insofar as we obtain the user's consent, the processing of data takes place on the legal basis of Article 6 Paragraph 1 Subparagraph 1 Letter a) GDPR. Otherwise, it is based on Article 6 Paragraph 1 Subparagraph 1 Letter f) GDPR. Our legitimate interest lies in optimizing our website, improving our offers and online marketing.
- This website uses Google Tag Manager. Google Tag Manager is a solution operated by Google that allows marketed website tags to be managed using an interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not register personal data. The tool causes other tags to be activated which may, for their part, register data under certain circumstances. Google Tag Manager does not access this information. If recording has been deactivated on domain or cookie level, this setting will remain in place for all tracking tags implemented with Google Tag Manager.
5. Cross-Border Data Transfers
6. Transfer of Personal Information to Third Parties
Except as permitted by applicable data protection laws, we will not, without your prior consent, provide or disclose your Personal Information to third parties except in the following circumstances:
- To comply with any applicable law, regulation, or governmental request;
- To protect against immediate harm to personal safety or property, and procuring prior consent from the individual concerned is difficult;
- For public health reasons, protection of children’s privacy and other public interest concerns, and procuring prior consent from the individual concerned is difficult;
- To provide necessary cooperation to relevant national and local governmental authorities, and procuring prior consent from the individual concerned hampers or jeopardizes such cooperation efforts;
- For outsourcing to third party service providers in connection with the performance of certain services on our behalf, such as direct mailing and phone calls, through contractual and written agreements requiring adherence by such third parties to confidentiality and privacy terms;
- For outsourcing to processors of payment transactions and provider of related services in connection with your payment transactions, through contractual and written agreements requiring adherence by such third parties to confidentiality and privacy terms.
7. Third Party Service Provider
We have implemented measures, including SSL or TLS encryption, designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.
9. No requirement to provide personal data
The provision of your personal data will generally be voluntarily and there is no statutory nor contractual obligation to provide your personal data. We generally do not contractually require provision of your personal data; but note that in any event non-provision of personal data might exclude you from using some of our services or parts thereof.
10. Data Retention
We strive to keep our processing activities with respect to your personal data as limited as possible. In the absence of specific retention periods set out in this Policy, your personal data will be retained only for as long as we need it to fulfil the purpose for which we have collected it and, if applicable, as long as required by statutory retention requirements. In case we maintain a user account, your data will be stored for the duration such account remains active. In case of consent, your personal data will be at the latest deleted without undue delay after withdrawal of such consent.
11. Your Rights
You have the right, at any time
- without giving reasons according to Art. 15 GDPR to request information about your data stored with us. With the exception of any connection fees charged by your provider, you will not incur any costs as a result of the enquiry;
- to have the data corrected in accordance with Art. 16 GDPR;
- to have the data deleted in accordance with Art. 17 GDPR;
- to have the data blocked in accordance with Art. 18 GDPR;
- to object to the processing for sending the newsletter according to Art. 21 (2) GDPR;
- to object to other forms of processing of your personal data in accordance with Art. 21 (1) GDPR;
- to revoke any consent to the collection and use of data given to us in accordance with Art. 7 (3) GDPR;
- to receive your personal data in a machine-readable format and to transmit them to another person responsible in accordance with Art. 20 GDPR;
- lodge an appeal with a supervisory authority in accordance with Art. 77 GDPR, without prejudice to any other administrative or judicial remedy.