Duty to inform accord­ing to Art. 13 EU-DSGVO

01. data pro­tec­tion at a glance

Gen­er­al notes

The fol­low­ing notices pro­vide a sim­ple overview of what hap­pens to your per­son­al data when you vis­it this web­site. Per­son­al data is any data that can be used to iden­ti­fy you per­son­al­ly. For detailed infor­ma­tion on the sub­ject of data pro­tec­tion, please refer to our pri­va­cy pol­i­cy list­ed below this text.

Data col­lec­tion on this website

Who is respon­si­ble for the data col­lec­tion on this website?

The data pro­cess­ing on this web­site is car­ried out by the web­site oper­a­tor. You can find his con­tact details in the imprint of this website.

How do we col­lect your data?

On the one hand, your data is col­lect­ed by you pro­vid­ing it to us. This can be, for exam­ple, data that you enter in a con­tact form.

Oth­er data is col­lect­ed auto­mat­i­cal­ly or after your con­sent when you vis­it the web­site by our IT sys­tems. This is main­ly tech­ni­cal data (e.g. inter­net brows­er, oper­at­ing sys­tem or time of page view). The col­lec­tion of this data takes place auto­mat­i­cal­ly as soon as you enter this website.

What do we use your data for?

Some of the data is col­lect­ed to ensure error-free pro­vi­sion of the web­site. Oth­er data may be used to ana­lyze your user behavior.

What rights do you have regard­ing your data?

You have the right at any time to receive infor­ma­tion free of charge about the ori­gin, recip­i­ent and pur­pose of your stored per­son­al data. You also have a right to request the cor­rec­tion or dele­tion of this data. If you have giv­en your con­sent to data pro­cess­ing, you can revoke this con­sent at any time for the future. You also have the right to request the restric­tion of the pro­cess­ing of your per­son­al data under cer­tain cir­cum­stances. Fur­ther­more, you have the right to lodge a com­plaint with the com­pe­tent super­vi­so­ry authority.

For this pur­pose, as well as for fur­ther ques­tions on the sub­ject of data pro­tec­tion, you can con­tact us at any time at the address giv­en in the imprint.

Third-par­ty ana­lyt­ics and tools

When vis­it­ing this web­site, your surf­ing behav­ior can be sta­tis­ti­cal­ly eval­u­at­ed. This is done main­ly with so-called analy­sis programs.

For detailed infor­ma­tion about these ana­lyt­ics pro­grams, please see the fol­low­ing pri­va­cy statement 

02. host­ing and con­tent deliv­ery net­works (CDN)

Exter­nal hosting

This web­site is host­ed by an exter­nal ser­vice provider (hoster). The per­son­al data col­lect­ed on this web­site is stored on the hoster’s servers. This may include IP address­es, con­tact requests, meta and com­mu­ni­ca­tion data, con­tract data, con­tact data, names, web­site access­es and oth­er data gen­er­at­ed via a website.

The hoster is used for the pur­pose of ful­fill­ing con­tracts with our poten­tial and exist­ing cus­tomers (Art. 6 para. 1 lit. b DSGVO) and in the inter­est of a secure, fast and effi­cient pro­vi­sion of our online offer by a pro­fes­sion­al provider (Art. 6 para. 1 lit. f DSGVO).

Our hoster will only process your data to the extent nec­es­sary to ful­fill its ser­vice oblig­a­tions and will fol­low our instruc­tions regard­ing this data.

We use the fol­low­ing hoster:

netcup GmbH
Daim­ler­strasse 25
D‑76185 Karl­sruhe

Con­clu­sion of a con­tract for order processing

To ensure data pro­tec­tion-com­pli­ant pro­cess­ing, we have con­clud­ed an order pro­cess­ing con­tract with our hoster.

03 Gen­er­al notes and manda­to­ry information

Pri­va­cy

The oper­a­tors of these pages take the pro­tec­tion of your per­son­al data very seri­ous­ly. We treat your per­son­al data con­fi­den­tial­ly and in accor­dance with the statu­to­ry data pro­tec­tion reg­u­la­tions and this pri­va­cy policy.

When you use this web­site, var­i­ous per­son­al data are col­lect­ed. Per­son­al data is data with which you can be per­son­al­ly iden­ti­fied. This pri­va­cy pol­i­cy explains what data we col­lect and what we use it for. It also explains how and for what pur­pose this is done.

We point out that data trans­mis­sion over the Inter­net (eg com­mu­ni­ca­tion by e‑mail) secu­ri­ty gaps. A com­plete pro­tec­tion of the data against access by third par­ties is not possible.

Note on the respon­si­ble body

The respon­si­ble par­ty for data pro­cess­ing on this web­site is:

Stu­dent Body of Heil­bronn Uni­ver­si­ty KöR
Max Planck St. 39
74081 Heil­bronn
Ger­many

Phone: +49 7131 3851–0
Email: ser­vice-hnasta.hs-heilbronn.de

The con­troller is the nat­ur­al or legal per­son who alone or joint­ly with oth­ers deter­mines the pur­pos­es and means of the pro­cess­ing of per­son­al data (e.g. names, e‑mail address­es, etc.).

How to reach our data pro­tec­tion team

You can reach our data pro­tec­tion team via the fol­low­ing e‑mail address.

service[at]dsgvoschutzteam.com

Stor­age duration

Unless a more spe­cif­ic stor­age peri­od has been spec­i­fied with­in this pri­va­cy pol­i­cy, your per­son­al data will remain with us until the pur­pose for data pro­cess­ing no longer applies. If you assert a legit­i­mate request for dele­tion or revoke your con­sent to data pro­cess­ing, your data will be delet­ed unless we have oth­er legal­ly per­mis­si­ble rea­sons for stor­ing your per­son­al data (e.g. reten­tion peri­ods under tax or com­mer­cial law); in the lat­ter case, the data will be delet­ed once these rea­sons no longer apply. 

Revo­ca­tion of your con­sent to data processing

Many data pro­cess­ing oper­a­tions are only pos­si­ble with your express con­sent. You can revoke con­sent you have already giv­en at any time. The legal­i­ty of the data pro­cess­ing car­ried out until the revo­ca­tion remains unaf­fect­ed by the revocation.

Right to object to data col­lec­tion in spe­cial cas­es and to direct mar­ket­ing (Art. 21 DSGVO)

IF THE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 ABS. 1 LIT. E OR F DSGVO, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION UNDER ARTICLE 21 (1) DSGVO).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ARTICLE 21 (2) DSGVO).

Right of appeal to the com­pe­tent super­vi­so­ry authority

In the event of breach­es of the GDPR, data sub­jects shall have a right of appeal to a super­vi­so­ry author­i­ty, in par­tic­u­lar in the Mem­ber State of their habit­u­al res­i­dence, their place of work or the place of the alleged breach. The right of appeal is with­out prej­u­dice to oth­er admin­is­tra­tive or judi­cial remedies.

Right to data portability

You have the right to have data that we process auto­mat­i­cal­ly on the basis of your con­sent or in ful­fill­ment of a con­tract hand­ed over to you or to a third par­ty in a com­mon, machine-read­able for­mat. If you request the direct trans­fer of the data to anoth­er con­troller, this will only be done inso­far as it is tech­ni­cal­ly feasible.

Infor­ma­tion, dele­tion and correction

With­in the frame­work of the applic­a­ble legal pro­vi­sions, you have the right at any time to free infor­ma­tion about your stored per­son­al data, its ori­gin and recip­i­ent and the pur­pose of data pro­cess­ing and, if nec­es­sary, a right to cor­rec­tion or dele­tion of this data. For this pur­pose, as well as for fur­ther ques­tions on the sub­ject of per­son­al data, you can con­tact us at any time at the address giv­en in the imprint.

Right to restric­tion of processing

You have the right to request the restric­tion of the pro­cess­ing of your per­son­al data. To do this, you can con­tact us at any time at the address giv­en in the imprint. The right to restric­tion of pro­cess­ing exists in the fol­low­ing cases:

  • If you dis­pute the accu­ra­cy of your per­son­al data stored by us, we usu­al­ly need time to ver­i­fy this. For the dura­tion of the review, you have the right to request the restric­tion of the pro­cess­ing of your per­son­al data.
  • If the pro­cess­ing of your per­son­al data happened/is hap­pen­ing unlaw­ful­ly, you may request the restric­tion of data pro­cess­ing instead of erasure.
  • If we no longer need your per­son­al data, but you need it to exer­cise, defend or enforce legal claims, you have the right to request restric­tion of the pro­cess­ing of your per­son­al data instead of deletion.
  • If you have lodged an objec­tion pur­suant to Art. 21 (1) DSGVO, a bal­anc­ing of your and our inter­ests must be car­ried out. As long as it has not yet been deter­mined whose inter­ests pre­vail, you have the right to request the restric­tion of the pro­cess­ing of your per­son­al data.

If you have restrict­ed the pro­cess­ing of your per­son­al data, this data may — apart from being stored — only be processed with your con­sent or for the asser­tion, exer­cise or defense of legal claims or for the pro­tec­tion of the rights of anoth­er nat­ur­al or legal per­son or for rea­sons of an impor­tant pub­lic inter­est of the Euro­pean Union or a Mem­ber State.

SSL or TLS encryp­tion on the website

This site uses SSL or TLS encryp­tion for secu­ri­ty rea­sons and to pro­tect the trans­mis­sion of con­fi­den­tial con­tent, such as orders or requests that you send to us as the site oper­a­tor. You can rec­og­nize an encrypt­ed con­nec­tion by the fact that the address line of the brows­er changes from “http://” to “https://” and by the lock sym­bol in your brows­er line.

If SSL or TLS encryp­tion is acti­vat­ed, the data you trans­mit to us can­not be read by third parties.

Encrypt­ed pay­ment trans­ac­tions on the website

If, after the con­clu­sion of a con­tract with costs, there is an oblig­a­tion to pro­vide us with your pay­ment data (e.g. account num­ber in the case of direct deb­it autho­riza­tion), this data is required for pay­ment processing.

Pay­ment trans­ac­tions via the com­mon means of pay­ment (Visa/MasterCard, direct deb­it) are made exclu­sive­ly via an encrypt­ed SSL or TLS con­nec­tion. You can rec­og­nize an encrypt­ed con­nec­tion by the fact that the address line of the brows­er changes from “http://” to “https://” and by the lock sym­bol in your brows­er line.

With encrypt­ed com­mu­ni­ca­tion, your pay­ment data that you trans­mit to us can­not be read by third parties.

04. data col­lec­tion on this website

Cook­ies

Our Inter­net pages use so-called “cook­ies”. Cook­ies are small text files and do not cause any dam­age to your ter­mi­nal device. They are stored either tem­porar­i­ly for the dura­tion of a ses­sion (ses­sion cook­ies) or per­ma­nent­ly (per­ma­nent cook­ies) on your end device. Ses­sion cook­ies are auto­mat­i­cal­ly delet­ed at the end of your vis­it. Per­ma­nent cook­ies remain stored on your end device until you delete them your­self or until they are auto­mat­i­cal­ly delet­ed by your web browser.

In some cas­es, cook­ies from third-par­ty com­pa­nies may also be stored on your ter­mi­nal device when you enter our site (third-par­ty cook­ies). These enable us or you to use cer­tain ser­vices of the third-par­ty com­pa­ny (e.g. cook­ies for pro­cess­ing pay­ment services).

Cook­ies have var­i­ous func­tions. Many cook­ies are tech­ni­cal­ly nec­es­sary, as cer­tain web­site func­tions would not work with­out them (e.g. the shop­ping cart func­tion or the dis­play of videos). Oth­er cook­ies are used to eval­u­ate user behav­ior or dis­play advertising.

Cook­ies that are required to car­ry out the elec­tron­ic com­mu­ni­ca­tion process (nec­es­sary cook­ies) or to pro­vide cer­tain func­tions that you have request­ed (func­tion­al cook­ies, e.g. for the shop­ping cart func­tion) or to opti­mize the web­site (e.g. cook­ies to mea­sure the web audi­ence) are stored on the basis of Art. 6 (1) lit. f DSGVO, unless anoth­er legal basis is spec­i­fied. The web­site oper­a­tor has a legit­i­mate inter­est in stor­ing cook­ies for the tech­ni­cal­ly error-free and opti­mized pro­vi­sion of its ser­vices. If con­sent to store cook­ies has been request­ed, the cook­ies in ques­tion are stored exclu­sive­ly on the basis of this con­sent (Art. 6 para. 1 lit. a DSGVO); con­sent can be revoked at any time.

You can set your brows­er so that you are informed about the set­ting of cook­ies and only allow cook­ies in indi­vid­ual cas­es, exclude the accep­tance of cook­ies for cer­tain cas­es or in gen­er­al and acti­vate the auto­mat­ic dele­tion of cook­ies when clos­ing the brows­er. When deac­ti­vat­ing cook­ies, the func­tion­al­i­ty of this web­site may be limited.

If cook­ies are used by third-par­ty com­pa­nies or for analy­sis pur­pos­es, we will inform you about this sep­a­rate­ly with­in the frame­work of this data pro­tec­tion dec­la­ra­tion and, if nec­es­sary, request your consent.

Serv­er log files

The provider of the pages auto­mat­i­cal­ly col­lects and stores infor­ma­tion in so-called serv­er log files, which your brows­er auto­mat­i­cal­ly trans­mits to us. These are:

  • Brows­er type and version
  • Oper­at­ing sys­tem used
  • Refer­rer URL
  • Host name of the access­ing computer
  • Time of the serv­er request
  • IP address

This data is not merged with oth­er data sources.

The col­lec­tion of this data is based on Art. 6 para. 1 lit. f DSGVO. The web­site oper­a­tor has a legit­i­mate inter­est in the tech­ni­cal­ly error-free pre­sen­ta­tion and opti­miza­tion of its web­site — for this pur­pose, the serv­er log files must be collected. 

Con­tact form

If you send us inquiries via the con­tact form, your data from the inquiry form includ­ing the con­tact data you pro­vid­ed there will be stored by us for the pur­pose of pro­cess­ing the inquiry and in case of fol­low-up ques­tions. We do not pass on this data with­out your consent.

The pro­cess­ing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is relat­ed to the per­for­mance of a con­tract or is nec­es­sary for the imple­men­ta­tion of pre-con­trac­tu­al mea­sures. In all oth­er cas­es, the pro­cess­ing is based on our legit­i­mate inter­est in the effec­tive pro­cess­ing of requests addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your con­sent (Art. 6 para. 1 lit. a DSGVO) if this was requested.

The data you enter in the con­tact form will remain with us until you request us to delete it, revoke your con­sent to store it, or the pur­pose for stor­ing the data no longer applies (e.g. after we have com­plet­ed pro­cess­ing your request). Manda­to­ry legal pro­vi­sions — in par­tic­u­lar reten­tion peri­ods — remain unaffected. 

Request by e‑mail, phone or fax

If you con­tact us by e‑mail, tele­phone or fax, your inquiry includ­ing all result­ing per­son­al data (name, inquiry) will be stored and processed by us for the pur­pose of pro­cess­ing your request. We will not pass on this data with­out your consent.

The pro­cess­ing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is relat­ed to the per­for­mance of a con­tract or is nec­es­sary for the imple­men­ta­tion of pre-con­trac­tu­al mea­sures. In all oth­er cas­es, the pro­cess­ing is based on our legit­i­mate inter­est in the effec­tive pro­cess­ing of requests addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your con­sent (Art. 6 para. 1 lit. a DSGVO) if this was requested.

The data you send to us via con­tact requests will remain with us until you request us to delete it, revoke your con­sent to store it, or the pur­pose for stor­ing the data no longer applies (e.g. after your request has been processed). Manda­to­ry legal pro­vi­sions — in par­tic­u­lar legal reten­tion peri­ods — remain unaffected. 

Reg­is­tra­tion via website

You can reg­is­ter on this web­site to use addi­tion­al func­tions on the site. We use the data entered for this pur­pose only for the pur­pose of using the respec­tive offer or ser­vice for which you have reg­is­tered. The manda­to­ry infor­ma­tion request­ed dur­ing reg­is­tra­tion must be pro­vid­ed in full. Oth­er­wise we will reject the registration.

For impor­tant changes, for exam­ple in the scope of the offer or in the case of tech­ni­cal­ly nec­es­sary changes, we use the e‑mail address pro­vid­ed dur­ing reg­is­tra­tion to inform you in this way.

The data entered dur­ing reg­is­tra­tion is processed for the pur­pose of imple­ment­ing the user rela­tion­ship estab­lished by the reg­is­tra­tion and, if nec­es­sary, for ini­ti­at­ing fur­ther con­tracts (Art. 6 para. 1 lit. b DSGVO).

The data col­lect­ed dur­ing reg­is­tra­tion will be stored by us as long as you are reg­is­tered on this web­site and will then be delet­ed. Legal reten­tion peri­ods remain unaffected. 

Com­ment function

For the com­ment func­tion on this page, in addi­tion to your com­ment, infor­ma­tion on the time of the cre­ation of the com­ment and, if you do not post anony­mous­ly, the user­name you have cho­sen will be stored.

Stor­age of the IP address when using the com­ment function

Our com­ment func­tion stores the IP address­es of users who post com­ments. Since we do not check com­ments on this web­site before they are acti­vat­ed, we need this data to be able to take action against the author in the event of legal vio­la­tions such as insults or propaganda. 

Stor­age of the e‑mail address for the com­ment function

For the com­ment func­tion on this page, your e‑mail address is stored.

Com­ments stor­age period

The com­ments and the asso­ci­at­ed data are stored and remain on this web­site until the com­ment­ed con­tent has been com­plete­ly delet­ed or the com­ments have to be delet­ed for legal rea­sons (e.g. offen­sive comments). 

Legal basis for comments

The stor­age of com­ments is based on your con­sent (Art. 6 para. 1 lit. a DSGVO). You can revoke your con­sent at any time. For this pur­pose, an infor­mal com­mu­ni­ca­tion by e‑mail to us is suf­fi­cient. The legal­i­ty of the data pro­cess­ing oper­a­tions already car­ried out remains unaf­fect­ed by the revocation. 

05. social media

Pres­ence in social net­works (social media)

Pro­cess­ing purposes

We are rep­re­sent­ed on social media plat­forms in order to get in touch with the users of these plat­forms and to increase our reach (lev­el of aware­ness). Com­mu­ni­ca­tion with users takes place by using the func­tions avail­able on the plat­forms. In order to mea­sure the suc­cess of our activ­i­ties, we use eval­u­a­tions offered by the respec­tive man­u­fac­tur­er or track­ing func­tions (e.g. for inter­est/be­hav­ior-relat­ed pro­fil­ing), cook­ies and remar­ket­ing func­tions. We main­tain groups to pro­mote the exchange of opin­ions or to acquire new customers.

Notes on data pro­cess­ing by social networks

The oper­a­tors of social net­works are usu­al­ly not based with­in the Euro­pean Union. As a result, per­son­al data is also processed out­side the Euro­pean Union (e.g., USA). As a result, there is an increased risk that users’ data will not be processed in accor­dance with the data pro­tec­tion require­ments demand­ed by the Euro­pean Union or that users’ rights can­not be exer­cised or can be exer­cised with greater difficulty.

Social net­works process exten­sive user data to cre­ate per­son­al usage pro­files. These usage pro­files are used in par­tic­u­lar for adver­tis­ing pur­pos­es or mar­ket research data. This may take the form of adver­tise­ments dis­played to users with­in or out­side the social net­works that cor­re­spond to the user’s inter­ests. In addi­tion, data about the devices, browsers, res­o­lu­tion used when using the plat­forms, for exam­ple, are usu­al­ly assigned to the usage pro­file. For these pur­pos­es, among oth­er things, cook­ies are stored on the users’ computers.

For a detailed pre­sen­ta­tion of the respec­tive forms of pro­cess­ing and the options to object (opt-out), we refer to the pri­va­cy state­ments and infor­ma­tion pro­vid­ed by the oper­a­tors of the respec­tive networks.

You can best assert your data sub­ject rights (e.g. infor­ma­tion or dele­tion) with the respec­tive provider. Only the oper­a­tors of the social plat­forms have access to your data and can also ful­fill your requests regard­ing data sub­ject rights.

Types of data processed

  • Per­son­al iden­ti­fi­ca­tion data (e.g. names, address­es, e‑mail address, tele­phone number)
  • Elec­tron­ic iden­ti­fi­ca­tion data (e.g., web pages vis­it­ed, inter­est in con­tent, access times, device infor­ma­tion, IP addresses).

Legal basis 

  • Legit­i­mate inter­ests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Social media profiles

Face­book

Face­book Ire­land Ltd, 4 Grand Canal Square, Grand Canal Har­bour, Dublin 2, Ire­land; par­ent com­pa­ny: Meta, 1 Hack­er Way, Men­lo Park, CA 94025, USA; web­site: https://www.facebook.com

Pri­va­cy Pol­i­cy: https://www.facebook.com/about/privacy

Opt-out: Set­tings for adver­tise­ments: https://www.facebook.com/settings?tab=ads

Addi­tion­al notes on data pro­tec­tion: Agree­ment on joint pro­cess­ing of per­son­al data on Face­book pages: https://www.facebook.com/legal/terms/page_controller_addendum

Pri­va­cy notices for Face­book pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.

Insta­gram

Insta­gram Inc, 1601 Wil­low Road, Men­lo Park, CA, 94025, USA; web­site: https://www.instagram.com

Pri­va­cy Pol­i­cy: https://instagram.com/about/legal/privacy.

LinkedIn

LinkedIn Ire­land Unlim­it­ed Com­pa­ny, Wilton Place, Dublin 2, Ire­land; web­site: https://www.linkedin.com

Pri­va­cy Pol­i­cy: https://www.linkedin.com/legal/privacy-policy

Pos­si­bil­i­ty of objec­tion (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

06. analy­sis tools

Mato­mo (for­mer­ly Piwik)

This web­site uses the open source web ana­lyt­ics ser­vice Mato­mo. Mato­mo uses tech­nolo­gies that enable cross-page recog­ni­tion of the user to ana­lyze user behav­ior (e.g. cook­ies or device fin­ger­print­ing). The infor­ma­tion col­lect­ed by Mato­mo about the use of this web­site is stored on our server. 

With the help of Mato­mo, we are able to col­lect and ana­lyze data about the use of our web­site by web­site vis­i­tors. This allows us to find out, among oth­er things, when which page views were made and from which region they come. We also col­lect var­i­ous log files (e.g. IP address, refer­rer, browsers and oper­at­ing sys­tems used) and can mea­sure whether our web­site vis­i­tors per­form cer­tain actions (e.g. clicks, pur­chas­es, etc.).

The use of this analy­sis tool is based on Art. 6 para. 1 lit. f DSGVO. The web­site oper­a­tor has a legit­i­mate inter­est in the anonymized analy­sis of user behav­ior in order to opti­mize both its web­site and its adver­tis­ing. If a cor­re­spond­ing con­sent was request­ed (e.g. con­sent to store cook­ies), the pro­cess­ing is based exclu­sive­ly on Art. 6 para. 1 lit. a DSGVO; the con­sent can be revoked at any time. 

Host­ing on own servers

We host Mato­mo exclu­sive­ly on our own servers, so all ana­lyt­ics data remains with us and is not shared.

07. newslet­ter and mail advertising

Newslet­ter

If you would like to receive the newslet­ter offered on the web­site, we require an e‑mail address from you as well as infor­ma­tion that allows us to ver­i­fy that you are the own­er of the spec­i­fied e‑mail address and agree to receive the newslet­ter. Fur­ther data is not col­lect­ed or only on a vol­un­tary basis. We use this data exclu­sive­ly for send­ing the request­ed infor­ma­tion and do not pass it on to third parties.

The pro­cess­ing of the data entered in the newslet­ter reg­is­tra­tion form is based exclu­sive­ly on your con­sent (Art. 6 para. 1 lit. a DSGVO). You can revoke your con­sent to the stor­age of the data, the e‑mail address and their use for send­ing the newslet­ter at any time, for exam­ple via the “unsub­scribe” link in the newslet­ter. The legal­i­ty of the data pro­cess­ing oper­a­tions already car­ried out remains unaf­fect­ed by the revocation.

The data you pro­vide for the pur­pose of receiv­ing the newslet­ter will be stored by us or the newslet­ter ser­vice provider until you unsub­scribe from the newslet­ter and will be delet­ed from the newslet­ter dis­tri­b­u­tion list after you unsub­scribe from the newslet­ter or after the pur­pose has ceased to exist. We reserve the right to delete or block e‑mail address­es from our newslet­ter dis­tri­b­u­tion list at our own dis­cre­tion with­in the scope of our legit­i­mate inter­est pur­suant to Art. 6 (1) lit. f DSGVO.

After you have unsub­scribed from the newslet­ter dis­tri­b­u­tion list, your e‑mail address will be stored by us or the newslet­ter ser­vice provider in a black­list, if nec­es­sary, in order to pre­vent future mail­ings. The data from the black­list will only be used for this pur­pose and will not be merged with oth­er data. This serves both your inter­est and our inter­est in com­ply­ing with legal require­ments when send­ing newslet­ters (legit­i­mate inter­est with­in the mean­ing of Art. 6 (1) lit. f DSGVO). The stor­age in the black­list is not lim­it­ed in time. You can object to the stor­age if your inter­ests out­weigh our legit­i­mate interest.

MailChimp

This web­site uses the ser­vices of MailChimp for send­ing newslet­ters. The provider is Rock­et Sci­ence Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

MailChimp is a ser­vice with which, among oth­er things, the send­ing of newslet­ters can be orga­nized and ana­lyzed. If you enter data for the pur­pose of receiv­ing newslet­ters (e.g. e‑mail address), this data is stored on MailChimp’s servers in the USA.

With the help of MailChimp, we can ana­lyze our newslet­ter cam­paigns. When you open an email sent with MailChimp, a file con­tained in the email (so-called web bea­con) con­nects to MailChimp’s servers in the USA. This makes it pos­si­ble to deter­mine whether a newslet­ter mes­sage has been opened and which links, if any, have been clicked. In addi­tion, tech­ni­cal infor­ma­tion is record­ed (e.g. time of retrieval, IP address, brows­er type and oper­at­ing sys­tem). This infor­ma­tion can­not be assigned to the respec­tive newslet­ter recip­i­ent. It is used exclu­sive­ly for the sta­tis­ti­cal analy­sis of newslet­ter cam­paigns. The results of these analy­ses can be used to bet­ter adapt future newslet­ters to the inter­ests of the recipients.

If you do not want any analy­sis by MailChimp, you must unsub­scribe from the newslet­ter. For this pur­pose, we pro­vide a cor­re­spond­ing link in every newslet­ter mes­sage. Fur­ther­more, you can also unsub­scribe from the newslet­ter direct­ly on the website.

The data pro­cess­ing is based on your con­sent (Art. 6 para. 1 lit. a DSGVO). You can revoke this con­sent at any time by unsub­scrib­ing from the newslet­ter. The legal­i­ty of the data pro­cess­ing oper­a­tions already car­ried out remains unaf­fect­ed by the revocation.

The data you pro­vide for the pur­pose of receiv­ing the newslet­ter will be stored by us or the newslet­ter ser­vice provider until you unsub­scribe from the newslet­ter and will be delet­ed from the newslet­ter dis­tri­b­u­tion list after you unsub­scribe from the newslet­ter. Data that has been stored by us for oth­er pur­pos­es remains unaf­fect­ed by this.

Data trans­fer to the USA is based on the stan­dard con­trac­tu­al claus­es of the EU Com­mis­sion. Details can be found here: https://mailchimp.com/eu-us-data-transfer-statement/ and https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses.

After you have unsub­scribed from the newslet­ter dis­tri­b­u­tion list, your e‑mail address will be stored by us or the newslet­ter ser­vice provider in a black­list, if nec­es­sary, in order to pre­vent future mail­ings. The data from the black­list will only be used for this pur­pose and will not be merged with oth­er data. This serves both your inter­est and our inter­est in com­ply­ing with legal require­ments when send­ing newslet­ters (legit­i­mate inter­est with­in the mean­ing of Art. 6 (1) lit. f DSGVO). The stor­age in the black­list is not lim­it­ed in time. You can object to the stor­age if your inter­ests out­weigh our legit­i­mate interest.

For more details, please refer to MailChimp’s pri­va­cy pol­i­cy at: https://mailchimp.com/legal/terms/.

08. plu­g­in and tools

Font Awe­some (local hosting)

This site uses Font Awe­some for con­sis­tent font ren­der­ing. Font Awe­some is installed local­ly. A con­nec­tion to servers of Fonti­cons, Inc. does not take place.

For more infor­ma­tion about Font Awe­some and the Font Awe­some pri­va­cy pol­i­cy, please vis­it: https://fontawesome.com/privacy.

Open­StreetMap

We use the map ser­vice of Open­StreetMap (OSM). The provider is the Open-Street-Map Foun­da­tion (OSMF), 132 Maney Hill Road, Sut­ton Cold­field, West Mid­lands, B72 1JU, Unit­ed Kingdom.

When you vis­it a web­site on which Open­StreetMap is embed­ded, your IP address and oth­er infor­ma­tion about your behav­ior on this web­site are for­ward­ed to OSMF, among oth­er things. Open­StreetMap may store cook­ies in your brows­er or use sim­i­lar recog­ni­tion tech­nolo­gies for this purpose.

Fur­ther­more, your loca­tion may be record­ed if you have allowed this in your device set­tings — e.g. on your cell phone. The provider of this site has no influ­ence on this data trans­mis­sion. For details, please refer to the Open­StreetMap pri­va­cy pol­i­cy at the fol­low­ing link: https://wiki.osmfoundation.org/wiki/Privacy_Policy.

The use of Open­StreetMap is in the inter­est of an appeal­ing pre­sen­ta­tion of our online offers and an easy loca­tion of the places indi­cat­ed by us on the web­site. This rep­re­sents a legit­i­mate inter­est with­in the mean­ing of Art. 6 Para. 1 lit. f DSGVO. If a cor­re­spond­ing con­sent has been request­ed (e.g. con­sent to the stor­age of cook­ies), the pro­cess­ing is car­ried out exclu­sive­ly on the basis of Art. 6 (1) lit. a DSGVO; the con­sent can be revoked at any time.

Google reCaptcha

We use “Google reCAPTCHA” (here­inafter “reCAPTCHA”) on this web­site. The provider is Google Ire­land Lim­it­ed (“Google”), Gor­don House, Bar­row Street, Dublin 4, Ireland.

The pur­pose of reCAPTCHA is to check whether the data input on this web­site (e.g. in a con­tact form) is made by a human or by an auto­mat­ed pro­gram. For this pur­pose, reCAPTCHA ana­lyzes the behav­ior of the web­site vis­i­tor based on var­i­ous char­ac­ter­is­tics. This analy­sis begins auto­mat­i­cal­ly as soon as the web­site vis­i­tor enters the web­site. For the analy­sis, reCAPTCHA eval­u­ates var­i­ous infor­ma­tion (e.g. IP address, time spent by the web­site vis­i­tor on the web­site or mouse move­ments made by the user). The data col­lect­ed dur­ing the analy­sis is for­ward­ed to Google.

The reCAPTCHA analy­ses run com­plete­ly in the back­ground. Web­site vis­i­tors are not noti­fied that an analy­sis is tak­ing place.

The stor­age and analy­sis of the data is based on Art. 6 para. 1 lit. f DSGVO. The web­site oper­a­tor has a legit­i­mate inter­est in pro­tect­ing its web offers from abu­sive auto­mat­ed spy­ing and from SPAM. If a cor­re­spond­ing con­sent was request­ed, the pro­cess­ing is based exclu­sive­ly on Art. 6 para. 1 lit. a DSGVO; the con­sent can be revoked at any time.

For more infor­ma­tion about Google reCAPTCHA, please see the Google Pri­va­cy Pol­i­cy and the Google Terms of Ser­vice at the fol­low­ing links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

Book­when

We use the book­ing tool Book­when. Provider is Book­when Lim­it­ed, reg­is­tered in Eng­land and Wales, No 08914060 Reg­is­tered office: Bel­syre Court, 57 Wood­stock Road, Oxford, Eng­land, OX2 6HJ.

We use Book­when for the par­tic­i­pant man­age­ment of events. The form for reg­is­ter­ing the respec­tive event is embed­ded on our web­site as an iFrame. 

Book­when process­es the per­son­al data only for the pur­pose of pro­vid­ing the Ser­vices and in accor­dance with the legal instruc­tions by us.

The per­son­al data trans­ferred con­cern the fol­low­ing cat­e­gories of data subjects:

  • End Users — indi­vid­u­als who inter­act with the Cus­tomer through the Book­when Book­ing Platform.

The per­son­al data sub­mit­ted con­cern the fol­low­ing cat­e­gories of data (please spec­i­fy): User­name, Pass­word, Email Address, IP Address, Data Analy­sis and all Per­son­al Data col­lect­ed and defined by us.

The data is trans­ferred by us to Book­when for Book­when to pro­vide a book­ing plat­form to facil­i­tate the book­ing of events, activ­i­ties, cours­es, etc. between us and the end user.

In order to pro­vide the ser­vice, Book­when uses some sub­con­trac­tors. Book­when ensures that they com­ply with the same data pro­tec­tion stan­dards as itself. Per­son­al data is nev­er sold to third parties.

The basis for data pro­cess­ing is Art. 6 para. 1 lit. b DSGVO, which per­mits the pro­cess­ing of data for the ful­fill­ment of a con­tract or pre-con­trac­tu­al measures.

For more infor­ma­tion about Book­when and Bookwhen’s pri­va­cy pol­i­cy, please vis­it: https://bookwhen.com/privacy and https://support.bookwhen.com/en/articles/1922652-gdpr-how-bookwhen-is-compliant-and-how-we-re-helping-you

Con­clu­sion of a con­tract for order processing

To ensure data pro­tec­tion-com­pli­ant pro­cess­ing, we have con­clud­ed an order pro­cess­ing con­tract with Bookwhen.

09. eCom­merce and pay­ment providers

Pro­cess­ing of cus­tomer and con­tract data

We col­lect, process and use per­son­al data only to the extent that they are nec­es­sary for the estab­lish­ment, con­tent or mod­i­fi­ca­tion of the legal rela­tion­ship (inven­to­ry data). This is done on the basis of Art. 6 para. 1 lit. b DSGVO, which per­mits the pro­cess­ing of data for the ful­fill­ment of a con­tract or pre-con­trac­tu­al mea­sures. We col­lect, process and use per­son­al data about the use of this web­site (usage data) only to the extent nec­es­sary to enable the user to use the ser­vice or to bill the user.

The col­lect­ed cus­tomer data will be delet­ed after com­ple­tion of the order or ter­mi­na­tion of the busi­ness rela­tion­ship. Statu­to­ry reten­tion peri­ods remain unaffected.

Data trans­mis­sion at the con­clu­sion of a con­tract for online stores, mer­chants and ship­ment of goods

We trans­mit per­son­al data to third par­ties only if this is nec­es­sary in the con­text of the con­tract, such as to the com­pa­nies entrust­ed with the deliv­ery of the goods or the cred­it insti­tu­tion entrust­ed with the pay­ment pro­cess­ing. A fur­ther trans­mis­sion of the data does not take place or only if you have express­ly agreed to the trans­mis­sion. Your data will not be passed on to third par­ties with­out your express con­sent, for exam­ple for adver­tis­ing purposes.

The basis for data pro­cess­ing is Art. 6 para. 1 lit. b DSGVO, which per­mits the pro­cess­ing of data for the ful­fill­ment of a con­tract or pre-con­trac­tu­al measures.

Order pro­cess­ing via dropshipping

When you order goods from us, it is pos­si­ble that your order will be shipped direct­ly to you by our deal­ers (drop­ship­ping). For this pur­pose, we pass on your name, the deliv­ery address and — inso­far as this is nec­es­sary for the deliv­ery — your tele­phone num­ber to the ship­ping com­pa­ny. The for­ward­ing takes place exclu­sive­ly for the pur­pose of the deliv­ery of the goods.

The legal basis for data pro­cess­ing is Art. 6 para. 1 lit. b DSGVO (con­tract per­for­mance) and our legit­i­mate inter­est in the fastest and most effec­tive pur­chase pro­cess­ing with­in the mean­ing of Art. 6 para. 1 lit. f DSGVO.

We use the fol­low­ing mer­chant as part of the drop­ship­ping process:

Hero Adver­tis­ing Ltd.
Oder­str. 63
14513 Tel­tow
Ger­many

Pay­ment services

We inte­grate pay­ment ser­vices from third-par­ty com­pa­nies on our web­site. When you make a pur­chase from us, your pay­ment data (e.g. name, pay­ment amount, account details, cred­it card num­ber) is processed by the pay­ment ser­vice provider for the pur­pose of pro­cess­ing the pay­ment. For these trans­ac­tions, the respec­tive con­tract and data pro­tec­tion pro­vi­sions of the respec­tive providers apply. The pay­ment ser­vice providers are used on the basis of Art. 6 para. 1 lit. b DSGVO (con­tract pro­cess­ing) and in the inter­est of a smooth, con­ve­nient and secure pay­ment process (Art. 6 para. 1 lit. f DSGVO). Inso­far as your con­sent is request­ed for cer­tain actions, Art. 6 para. 1 lit. a DSGVO is the legal basis for data pro­cess­ing; con­sents can be revoked at any time for the future.

We use the fol­low­ing pay­ment ser­vices / pay­ment ser­vice providers with­in the scope of this website:

Stripe

The provider for cus­tomers with­in the EU is Stripe Pay­ments Europe, Ltd.,1 Grand Canal Street Low­er, Grand Canal Dock, Dublin, Ire­land (here­inafter “Stripe”).

Data trans­fer to the USA is based on the stan­dard con­trac­tu­al claus­es of the EU Com­mis­sion. Details can be found here: https://stripe.com/de/privacy and https://stripe.com/de/guides/general-data-protection-regulation.

You can read details about this in Stripe’s pri­va­cy pol­i­cy at the fol­low­ing link: https://stripe.com/de/privacy.

10. audio and video conferencing

Data pro­cess­ing audio and video con­fer­enc­ing tools

Among oth­er tools, we use online con­fer­enc­ing tools to com­mu­ni­cate with our cus­tomers. The tools we use in detail are list­ed below. If you com­mu­ni­cate with us via video or audio con­fer­ence via the Inter­net, your per­son­al data will be col­lect­ed and processed by us and the provider of the respec­tive con­fer­ence tool.

The con­fer­ence tools there­by col­lect all data that you provide/enter to use the tools (e‑mail address and/or your tele­phone num­ber). Fur­ther­more, the con­fer­ence tools process the dura­tion of the con­fer­ence, start and end (time) of par­tic­i­pa­tion in the con­fer­ence, num­ber of par­tic­i­pants and oth­er “con­text infor­ma­tion” relat­ed to the com­mu­ni­ca­tion process (meta­da­ta).

Fur­ther­more, the provider of the tool process­es all tech­ni­cal data required to han­dle online com­mu­ni­ca­tion. This includes in par­tic­u­lar IP address­es, MAC address­es, device IDs, device type, oper­at­ing sys­tem type and ver­sion, client ver­sion, cam­era type, micro­phone or speak­er, and the type of connection.

If con­tent is exchanged, uploaded or oth­er­wise made avail­able with­in the tool, this is also stored on the servers of the tool providers. Such con­tent includes, in par­tic­u­lar, cloud record­ings, chat/instant mes­sages, voice­mails, uploaded pho­tos and videos, files, white­boards and oth­er infor­ma­tion shared dur­ing the use of the service.

Please note that we do not have full influ­ence on the data pro­cess­ing oper­a­tions of the tools used. Our options are large­ly deter­mined by the cor­po­rate pol­i­cy of the respec­tive provider. For fur­ther infor­ma­tion on data pro­cess­ing by the con­fer­ence tools, please refer to the data pro­tec­tion state­ments of the respec­tive tools used, which we have list­ed below this text. 

Pur­pose and legal basis

The con­fer­ence tools are used to com­mu­ni­cate with prospec­tive or exist­ing con­trac­tu­al part­ners or to offer cer­tain ser­vices to our cus­tomers (Art. 6 para. 1 p. 1 lit. b DSGVO). Fur­ther­more, the use of the tools serves the gen­er­al sim­pli­fi­ca­tion and accel­er­a­tion of com­mu­ni­ca­tion with us or our com­pa­ny (legit­i­mate inter­est with­in the mean­ing of Art. 6 para. 1 lit. f DSGVO). Inso­far as con­sent has been request­ed, the tools in ques­tion are used on the basis of this con­sent; con­sent can be revoked at any time with effect for the future.

Stor­age duration

The data col­lect­ed direct­ly by us via the video and con­fer­ence tools is delet­ed from our sys­tems as soon as you request us to delete it, revoke your con­sent to store it, or the pur­pose for stor­ing the data no longer applies. Stored cook­ies remain on your ter­mi­nal device until you delete them. Manda­to­ry legal reten­tion peri­ods remain unaffected.

We have no influ­ence on the stor­age peri­od of your data, which is stored by the oper­a­tors of the con­fer­ence tools for their own pur­pos­es. For details, please con­tact the oper­a­tors of the con­fer­ence tools directly.

Con­fer­ence tools used

Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Cor­po­ra­tion, One Microsoft Way, Red­mond, WA 98052–6399, USA. For details on data pro­cess­ing, please refer to the Microsoft Teams pri­va­cy pol­i­cy: https://privacy.microsoft.com/de-de/privacystatement.

Con­clu­sion of a con­tract for order processing

We have con­clud­ed an order pro­cess­ing agree­ment with the Microsoft Teams provider and ful­ly imple­ment the strict require­ments of the Ger­man data pro­tec­tion author­i­ties when using Microsoft Teams.