Contact details of the data protection officer: firstname.lastname@example.org
This privacy statement uses the terms of the General Data Protection Regulation (GDPR).
III. Processing operations//categories of personal data
We collect and process the following personal data about you: contact and address information, if you provide us with your contact information, online identifiers (e.g. your IP address, browser type and version, the operating system used, the referrer URL, the file name, the access status, the amount of data transferred, the date and time of the server request), payment information, image and video material if you have provided us with the same.
We may publish personal data on social networks to perform our contracted services with you.
We process your data for one or more of the following purposes:
The processing of your data is based on the following legal grounds: your consent according to Art. 6 para. 1 lit. a) GDPR, for the performance of a contract with you according to Art. 6 para. 1 lit. b) GDPR, for the fulfilment of legal obligations according to Art. 6 para. 1 lit. c) GDPR or for a legitimate interest according to Art. 6 para. 1 lit. f) GDPR.
The legal basis for processing your data in accordance with the stated processing purposes is:
VII. Data sources
We obtain the data from you (including via the devices you use). If we do not collect the personal data directly from you, we will also tell you the source of the personal data and, if applicable, whether it is from publicly available sources.
VIII. Recipients or categories of recipients of the personal data
When processing your data, we work together with service providers who have access to your data. Possible recipients of your personal data are: (i) software companies that enable us to provide our services, help us to improve them and/or serve us for marketing purposes (for example, to send newsletters, emails, manage customer contacts or applications); (ii) public bodies and administrations, insofar as we are legally obliged to do so; (iii) payment service providers; (iv) hosting providers; (v) social media platforms; (vi) service companies, such as tax advisors or lawyers.
For the purposes of fulfilling the contract, we may also transfer your personal data to anyone to whom we assign rights arising from the contractual relationship with you.
Some of the recipients of your personal data are:
ALL-INKL.COM – New Media Münnich
We use ALL-INKL.COM – Neue Medien Münnich to host our website. Personal data may be passed on in the process. We use the aforementioned services in order to be able to offer a website.
We use Cloudinary to reload content on our website. Personal data may be passed on in the process. We use the aforementioned services for a complete and informative presentation of our website.
We integrate services from Fontawesome on our website in order to embed fonts. Personal data may be passed on in the process. We use the aforementioned services for a complete and informative presentation of our website.
Google Ireland Limited
We integrate Google services on our website in order to (i) analyse the use of our website (Google Analytics) and (ii) to integrate fonts (Google Fonts). Personal data may be passed on to Google in the process. We use these services to (i) analyse the use of our website (Google Analytics) and (ii) for a complete and appealing presentation of our website (Google Fonts).
We use MailChimp to create and send the newsletter. When you become a subscriber to our newsletter via our website, you confirm by email that you are a member of a MailChimp email list. Personal data is passed on to MailChimp in this process. We use the aforementioned services to advertise our company and to obtain key figures about the success of this advertising.
We include services from Metomic on our website in order to integrate a cookie banner. This may involve the transfer of personal data to Metomic. We use these services to comply with our legal obligations.
We use Personio to advertise vacancies and to contact potential new employees. If they apply or contact us as part of a job application, their data may be shared with Personio.
We use services of Pipedrive to contact (potential) customers by providing their contact details. Personal data may be passed on to Pipedrive in the process. We use the aforementioned services to initiate and maintain future and current business relationships.
Data is transferred to third countries outside the European Union. Information we collect from you could be processed in the United States or other third countries. Some third countries, for example the United States, have not currently received an adequacy decision from the European Union under Article 45 of the GDPR, which means that your data may not receive the same level of protection there as under the GDPR.
We store your personal data only as long as it is necessary to achieve the purpose of processing. We store your data if you have consented to the processing at most until you revoke your consent, if we need the data to perform a contract at most as long as the contractual relationship with you exists, if we use the data on the basis of a legitimate interest at most as long as your interest in deletion or anonymisation does not prevail.
In addition, data may be stored if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. In these cases, the data is deleted when a storage or retention period prescribed by the aforementioned standards expires.
As a data subject, you may have the right under applicable data protection law to:
– Information, in accordance with Art. 15 of the GDPR,
– Rectification, in accordance with Art. 16 of the GDPR,
– Data erasure (“right to be forgotten”), in accordance with Art. 17 of the GDPR,
– Limitation of processing, pursuant to Art. 18 GDPR,
– Data portability, in accordance with Art. 20 GDPR and/or
– Objection to the processing, pursuant to Article 21 of the GDPR.
Information on the right to object pursuant to Art. 21 (4) GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
Revocation of consents
You also have the right to withdraw consent to the processing of personal data at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
XII. Right of appeal to a supervisory authority
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR or other data protection provisions.
XIII. Requirement or obligation to provide data
Unless expressly stated at the time of collection, the provision of data is not required or obligatory. Such an obligation may result from legal requirements or contractual regulations. Failure to provide required personal data generally results in a contract not being able to be concluded and/or in us not being able to provide a requested service. Our employees will clarify on a case-by-case basis whether the provision of personal data is required by law or contract or necessary for the conclusion of a contract, whether there is an obligation to provide the personal data and what the consequences of not providing the personal data would be.
XIV. Automated decisions
We do not use automated decision-making mechanisms, including profiling, that have legal effect on the data subject or similarly significantly affect the data subject.
We have taken extensive technical and organisational measures to protect your data against possible dangers, such as unauthorised access, unauthorised disclosure, modification or dissemination, as well as against loss, destruction or misuse. In order to protect your personal data from unauthorised access by third parties during transmission, we secure data transmissions using SSL encryption where necessary. This is a standardised encryption procedure for online services, especially for the web.
Technically necessary cookies and technologies are those without which our website is not functional and usable. This category only contains cookies and technologies that ensure basic functions and security features of the website. Technically necessary cookies and technologies can be set without the user’s consent.
Non-essential cookies are all cookies and technologies that are not particularly necessary for the functioning of the website and are used specifically to collect personal data from the user via analytics, ads and other embedded content. Non-essential cookies and technologies (for example, cookies for marketing, advertising or customer analysis purposes) require the consent of the website user.
Please refer to our cookie banner to see which cookies and technologies we use and for what purpose.
By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for the website, it may no longer be possible to use all the functions of the website to their full extent.
Status: 1 March 2021