Führende Experten für IT-Services & IT-Beratung

1. Introduction

The following information is intended to provide you, as a 'data subject', with an overview of the processing of your personal data by us and your rights under data protection legislation. In principle, it is possible to use our website without entering personal data. However, if you want to use special services of our enterprise via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent.

The processing of personal data, such as your name, address, or e-mail address, shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to www.idsgmbh.com. By means of this data protection declaration, we would like to inform you about the scope and purpose of the personal data collected, used and processed by us.

As the controller, we have implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed. For this reason, you are also free to transmit personal data to us by alternative means, for example by telephone or by post.

You can also take simple and easy-to-implement measures to protect yourself against unauthorised access to your data by third parties. Therefore, we would like to give you some tips on how to handle your data securely:

Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with strong passwords.

Only you should have access to the passwords.

Make sure that you only use your passwords for one account (login, user or customer account) at a time.

Do not use one password for different websites, applications or online services.

Especially when using publicly accessible IT systems or IT systems shared with other people, make sure you log out after each login to a website, application or online service.

Passwords should consist of at least 12 characters and be chosen so that they cannot be easily guessed. Therefore, they should not contain common words from everyday life, your own name or names of relatives, but should contain upper and lower case letters, numbers and special characters.

This data protection declaration applies to the Internet offer of Inter Data Systems GmbH, which is accessible under the domain www.idsgmbh.com as well as the various subdomains ("our website").

2. Who is responsible and how can I reach you?

Person responsible for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)

D-63477 Maintal
Tel.: +49 (0) 6109-7668-0
Fax: +49 (0) 6109-7668-300
Email: info@idsgmbh.com
Internet: www.idsgmbh.com

Representatives of the responsible person: Matthias Garzmann, Olga Hermann, Sascha Sturm

3. Data Protection Officer

You can reach the data protection officer as follows:

Compliant Business Solutions GmbH

Alexander Jaber

E-mail: ds.ids@cb-sol.de

You can contact our data protection officer directly at any time with all questions and suggestions regarding data protection.

4. Definitions

The data protection declaration is based on the terms used by the European Directive and Ordinance Maker when enacting the General Data Protection Regulation (GDPR). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

We use the following terms, among others, in this data protection declaration:

4.1. Personal information

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

4.2. Subjects to data processing

Data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).

4.3. Processing

Processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4.4. Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

4.5. Profiling

Profiling is any form of automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.

4.6. Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

4.7. Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

4.8. Receiver

A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.

4.9. Third parties

Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.

4.10. Consent

Consent means any freely given and informed indication of the data subject's wishes in the form of a declaration or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

5. Legal basis of processing

Art. 6 para. 1 lit. a GDPR (in conjunction with § 25 para. 1 TTDSG) serves as the legal basis for our company for processing operations in which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 (1) lit. b GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in the case of enquiries about our products or services.

If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfilment of tax obligations, the processing is based on Art. 6 (1) lit. c GDPR.

In rare cases, the processing of personal data might become necessary in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 (1) (d) GDPR.

Finally, processing operations could be based on Art. 6(1)(f) GDPR. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if you are a customer of our company (recital 47 sentence 2 GDPR).

Our offer is basically aimed at adults. Persons under 16 years of age may not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and young people, do not collect it and do not pass it on to third parties.

6. Cookies

6.1. General information about cookies

Cookies are small files that are automatically created by your browser and stored on your IT system (laptop, tablet, smartphone or similar) when you visit our site.

Information is stored in the cookie that results in each case from the context of the specific end device used. However, this does not mean that we gain direct knowledge of your identity.

The use of cookies serves to make the use of our offer more pleasant for you. We use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognised that you have already been to our site and which entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate our offer for you for the purpose of optimisation. These cookies enable us to automatically recognise that you have already visited our website when you visit it again. The cookies set in this way are automatically deleted after a defined period of time. The respective storage period of the cookies can be found in the settings of the consent tool used.

6.2. Legal basis for the use of cookies

The data processed by the cookies, which are required for the proper functioning of the website, are thus necessary to protect our legitimate interests as well as those of third parties in accordance with Art. 6 (1) lit. f GDPR.

For all other cookies, you must have given your consent to this via our opt-in cookie banner within the meaning of Art. 6 (1) lit. a GDPR.

6.3. Hints for avoiding cookies in common browsers

You can delete cookies, allow only selected cookies or completely deactivate cookies at any time via the settings of the browser you are using. You can find more information on the support pages of the respective providers:

7. Your rights as a data subject

7.1. Right to confirmation

You have the right to request confirmation from us as to whether personal data relating to you is being processed.

7.2. Right of access Art. 15 GDPR

You have the right to receive information from us at any time and free of charge about the personal data stored about you, as well as a copy of this data in accordance with the statutory provisions.

7.3. Right to rectification Art. 16 GDPR

You have the right to request the rectification of inaccurate personal data concerning you. You also have the right to request that incomplete personal data be completed, taking into account the purposes of the processing.

7.4. Deletion Art. 17 GDPR

You have the right to demand that we delete the personal data relating to you without delay, provided that one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.

7.5. Restriction of processing Art. 18 GDPR

You have the right to demand that we restrict processing if one of the legal requirements is met.

7.6. Data portability Art. 20 GDPR

You have the right to receive the personal data concerning you, which has been provided to us by you, in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us to whom the personal data has been provided, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Article 20(1) of the GDPR, you have the right to have the personal data transferred directly from one controller to another controller where this is technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.

7.7. Objection Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out on the basis of Art. 6 (1) (e) (data processing in the public interest) or (f) (data processing on the basis of a balance of interests) of the GDPR.

This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims.

In individual cases, we process personal data in order to carry out direct advertising. You may object to the processing of personal data for the purpose of such advertising at any time. This also applies to profiling, insofar as it is connected with such direct advertising. If you object to us processing your personal data for direct marketing purposes, we will no longer process the personal data for these purposes.

In addition, you have the right to object on grounds relating to your particular situation to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the Data Protection Regulation, unless such processing is necessary for the performance of a task carried out in the public interest.

You are free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

7.8. Revocation of consent under data protection law

You have the right to revoke consent to the processing of personal data at any time with effect for the future.

7.9. Complaint to a supervisory authority

You have the right to complain about our processing of personal data to a supervisory authority responsible for data protection.

8. Transmission of data to third parties

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only pass on your personal data to third parties if:

you have given us your express consent in accordance with Art. 6 Para. 1 lit. a GDPR,
the disclosure is permissible in accordance with Art. 6 Para. 1 lit. f GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
in the event that there is a legal obligation to disclose your data pursuant to Art. 6 Para. 1 lit. c GDPR, as well as
this is legally permissible and necessary in accordance with Art. 6 Para. 1 lit. b GDPR for the processing of contractual relationships with you.

In order to protect your data and to allow us to transfer data to third countries (outside the EU/EEA) if necessary, we have concluded commissioned processing agreements based on the standard contractual clauses of the European Commission. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Article 49 (1) a) of the GDPR may serve as the legal basis for the transfer to third countries. This may not apply to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Article 45 of the GDPR.

9. Duration of the storage of personal data

The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted if it is no longer required for the fulfilment or initiation of the contract.

10. How is my data processed in detail?

In the following, we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. An automated decision in individual cases, including profiling, does not take place.

10.1. Provision of the website

Type and scope of processing

When you call up and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

IP address of the requesting computer
Date and time of access
Name and URL of the file accessed
Website from which access was made (referrer URL)
Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

10.2. Purpose and legal basis

The processing is carried out to protect our overriding legitimate interest in displaying our website and guaranteeing security and stability on the basis of Art. 6 para. lit. f GDPR. The collection of data and storage in log files is absolutely necessary for the operation of the website. There is no right to object to the processing due to the exception under Art. 21 (1) GDPR. Insofar as the further storage of log files is required by law, the processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR. There is no legal or contractual obligation to provide the data, however, calling up our website is not technically possible without providing the data.

10.3. SSL/TLS encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact enquiries that you send to us as the operator. You can recognise an encrypted connection by the fact that the address line of the browser contains a "https://" instead of a "http://" and by the lock symbol in your browser line.

We use this technology to protect your transmitted data.

10.4. Contact form

Contact / Contact form
Personal data is collected when contacting us (e.g. via contact form or e-mail). Which data is collected in the case of the use of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) lit. b GDPR. Your data will be deleted after final processing of your request; this is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and the deletion does not conflict with any statutory retention obligations.

10.5. Handling of applicant data

We collect and process the personal data of applicants for the purpose of processing the application procedure. The processing may also take place electronically. This is particularly the case if an applicant submits the relevant application documents to us electronically, for example by e-mail or via a web form on the website. If we conclude an employment or service contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude a contract with the applicant, the application documents are automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests on our part oppose deletion. Another legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

The legal basis for processing your data is Art. 88 GDPR in conjunction with. § Section 26 (1) BDSG.

10.6. Presence on social media platforms

We maintain so-called fan pages or accounts or channels on the networks mentioned below in order to provide you with information and offers also within social networks and to offer you further ways to contact us and to inform yourself about our offers. In the following, we will inform you about which data we or the respective social network process from you in connection with calling up and using our fan pages/accounts.

Data that we process from you
If you would like to contact us via Messenger or Direct Message via the respective social network, we generally process your user name via which you contact us and, if applicable, store further data provided by you insofar as this is necessary for processing/answering your request.

The legal basis is Art. 6 para. 1 sentence 1 f) GDPR (processing is necessary to protect the legitimate interests of the controller).

(Static) usage data we receive from social networks
We receive automatically provided statistics regarding our accounts via Insights functionalities. The statistics include, among other things, the total number of page views, likes, details of page activity and post interactions, reach, video views and details of the proportion of men/women among our fans/followers.

The statistics only contain aggregated data that cannot be related to individual persons. You are not identifiable to us through this.

What data the social networks process from you
In order to view the contents of our fan pages or accounts, you do not have to be a member of the respective social network and, in this respect, no user account is required for the respective social network.

Please note, however, that the social networks also collect and store data from website visitors without a user account when the respective social network is called up (e.g. technical data in order to be able to display the website to you) and use cookies and similar technologies, over which we have no control. Details of this can be found in the data protection provisions of the respective social network (see the corresponding links above).

Insofar as you wish to interact with the content on our fan pages/accounts, e.g. comment on, share or like our postings/contributions and/or contact us via messenger functions, prior registration with the respective social network and the provision of personal data is required.

We have no influence on the data processing by the social networks within the scope of their use by you. To our knowledge, your data is stored and processed in particular in connection with the provision of the services of the respective social network, as well as for the analysis of user behaviour (using cookies, pixels/web beacons and similar technologies), on the basis of which advertising based on your interests is played both within and outside the respective social network. It cannot be ruled out that your data will be stored by the social networks outside the EU/EEA and passed on to third parties.

Information on, among other things, the exact scope and purposes of the processing of your data can be found on the website.

10.7. LinkedIn page

LinkedIn is a social network of LinkedIn Inc. based in Sunnyvale, California, USA, which enables the creation of private and professional profiles of natural persons and company profiles. Users can maintain their existing contacts and make new ones within the social network. Businesses and other organisations can create profiles where photos and other company information are uploaded to present themselves as employers and recruit employees. Other LinkedIn users have access to this information and can write their own articles and share this content with others. The focus of the network is on professional exchange on specialist topics with people who share the same professional interests.

When using or visiting the network, LinkedIn automatically collects data from users or visitors during the use or visit, for example user name, job title and IP address. This is done with the help of various tracking technologies. LinkedIn provides benefits with information, offers and recommendations, among other things, on the basis of the data collected in this way.

We only collect your data via our company profile in order to make it available for communication and interaction with us. This collection usually includes your name, message content, comment content as well as the profile information provided by you "publicly".

The processing of your personal data for our above-mentioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel pursuant to Art. 6 para. 1 f GDPR. Should you, as a user, have given your consent to the data processing vis-à-vis the respective provider of the social network, the legal basis of the processing extends to Art. 6 para. 1 a, Art. 7 GDPR.

Due to the fact that the actual data processing is carried out by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorised to fully access your data. Because of this, only the provider can directly take and implement appropriate measures to fulfil your user rights (information request, deletion request, objection, etc.). The assertion of corresponding rights is therefore most effective directly against the respective provider.

We are jointly responsible with LinkedIn for the personal content of our company profile. Data subject rights can be asserted with LinkedIn Inc. as well as with us.

We do not make any decisions regarding the data collected on LinkedIn's site using tracking technologies.

Further information on LinkedIn can be found at: https://about.linkedin.com.

Further information on data protection at LinkedIn can be found at: https://www.linkedin.com/legal/privacy-policy.

Further information on storage duration/deletion as well as guidelines on the use of cookies and similar technologies in the context of registration and use at LinkedIn can be found at: https://de.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy.

10.8. XING page

XING is a social network of New Work SE based in Hamburg, Germany, which enables the creation of private as well as professional profiles of natural persons and company profiles. Users can maintain their existing contacts and make new ones within the social network. Companies and other organisations can create profiles where photos and other company information are uploaded to present themselves as employers and recruit employees. Other XING users have access to this information and can write their own articles and share this content with others. The focus of the network is on professional exchange on specialist topics with people who share the same professional interests.

When using or visiting the network, XING or through engaged third parties automatically collects data from the users or visitors during the use or visit, for example user name, job title and IP address. This is done with the help of various tracking technologies. XING provides information, offers and recommendations to users on the basis of the data collected in this way.

We only collect your data via our company profile in order to make it available for communication and interaction with us. This collection usually includes your name, message content, comment content as well as the profile information provided by you "publicly".

The processing of your personal data for our above-mentioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel pursuant to Art. 6 para. 1 f GDPR. Should you, as a user, have given your consent to the data processing vis-à-vis the respective provider of the social network, the legal basis of the processing extends to Art. 6 para. 1 a, Art. 7 GDPR.

Due to the fact that the actual data processing is carried out by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorised to fully access your data. Because of this, only the provider can directly take and implement appropriate measures to fulfil your user rights (information request, deletion request, objection, etc.). The assertion of corresponding rights is therefore most effective directly against the respective provider.

Together with XING, we are responsible for the personal content of our company profile. Data subject rights can be asserted with New Work SE as well as with us.

We do not make any decisions regarding the data collected on the XING site by means of tracking technologies.

Further information on XING can be found at: https://corporate.xing.com/de/unternehmen.

Further information on data protection at XING can be found at: https://privacy.xing.com/de/datenschutzerklaerung

10.9. CDNJS

Nature and scope of the processing
We use CDNJS to properly deliver the content on our website. CDNJS is a service of Cloudflare, Inc. which acts as a content delivery network (CDN) on our website.

A CDN helps to provide content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Cloudflare, Inc. whereby your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed solely for the above purposes and to maintain the security and functionality of CDNJS.

Purpose and legal basis
The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision as well as the optimisation of our online offer according to Art. 6 para. 1 lit. f. GDPR.

Storage period
The concrete storage period of the processed data cannot be influenced by us, but is determined by Cloudflare, Inc. Further information can be found in the data protection declaration for CDNJS: https://www.cloudflare.com/privacypolicy/.

10.10. Google DoubleClick

Nature and scope of the processing

We have integrated components of DoubleClick by Google on our website. DoubleClick is a brand of Google, under which mainly special online marketing solutions are marketed to advertising agencies and publishers. DoubleClick by Google transfers data to the DoubleClick server with each impression as well as with clicks or other activities.

Each of these data transfers triggers a cookie request to the browser of the data subject. If the browser accepts this request, DoubleClick sets a cookie in your browser.

DoubleClick uses a cookie ID, which is required to process the technical procedure. The cookie ID is required, for example, to display an advertisement in a browser. DoubleClick can also use the cookie ID to record which advertisements have already been displayed in a browser in order to avoid duplicate placements. Furthermore, the cookie ID enables DoubleClick to record conversions. Conversions are recorded, for example, when a DoubleClick ad has previously been displayed to a user and the user subsequently makes a purchase on the advertiser's website using the same internet browser.

A DoubleClick cookie does not contain any personal data, but may contain additional campaign identifiers. A campaign identifier serves to identify the campaigns with which you have already been in contact on other websites. As part of this service, Google obtains knowledge of data that Google also uses to generate commission statements. Among other things, Google can track that you have clicked on certain links on our website. In this case, your data will be passed on to the operator of DoubleClick, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information and the applicable data protection provisions of DoubleClick by Google can be found at https://policies.google.com/privacy.

10.11. Purpose and legal basis

We process your data with the help of the Double-Click cookie for the purpose of optimising and displaying advertising on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. You give your consent by setting the use of cookies (cookie banner / Consent Manager), with which you can also declare your revocation at any time with effect for the future in accordance with Art. 7 para. 3 GDPR. The cookie is used, among other things, to place and display user-relevant advertising and to create reports on advertising campaigns or to improve them. Furthermore, the cookie is used to avoid multiple displays of the same advertisement. Each time you call up one of the individual pages of our website on which a DoubleClick component has been integrated, your browser is automatically prompted by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and the settlement of commissions. There is no legal or contractual obligation to provide your data. If you do not give us your consent, it will be possible to visit our website without restriction, but not all functions may be fully available.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where no adequacy decision of the European Commission exists (e.g. in the USA), we have agreed with the recipients of the data on other suitable guarantees within the meaning of Art. 44 et seq. GDPR. These are - unless otherwise stated - standard contractual clauses of the EU Commission pursuant to Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

In addition, prior to such a third country transfer, we obtain your consent pursuant to Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be unknown risks in detail (e.g. data processing by security authorities of the third country, the exact scope of which and its consequences for you we do not know, over which we have no influence and of which you may not become aware).

Storage period
The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google DoubleClick: https://policies.google.com/privacy.

10.12. Google Fonts

Type and scope of processing
We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering. To obtain these fonts, you connect to servers of Google Ireland Limited, whereby your IP address is transmitted.

Purpose and legal basis
The use of Google Fonts is based on your consent pursuant to Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where no adequacy decision of the European Commission exists (e.g. in the USA), we have agreed with the recipients of the data on other suitable guarantees within the meaning of Art. 44 ff. GDPR. These are - unless otherwise stated - standard contractual clauses of the EU Commission pursuant to Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

In addition, prior to such a third country transfer, we obtain your consent pursuant to Art. 49 (1) sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be unknown risks in detail (e.g. data processing by security authorities of the third country, the exact scope of which and its consequences for you we do not know, over which we have no influence and of which you may not become aware).

10.13. Google Maps

Type and scope of processing
We use the map service Google Maps to create directions. Google Maps is a service provided by Google Ireland Limited, which displays a map on our website.

When you access this content on our website, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google Maps.

Purpose and legal basis
The use of Google Maps is based on your consent pursuant to Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Maps: https://policies.google.com/privacy.

10.14. HubSpot API

Type and scope of processing
We use HubSpot API from HubSpot, Inc., Cambridge, Massachusetts, US, to access further services and data from HubSpot, Inc. In doing so, a transmission of your IP address to HubSpot, Inc. takes place. Please note that there is a separate section in this privacy policy for each additional service we use from HubSpot, Inc.

Purpose and legal basis
The use of HubSpot API is based on our legitimate interests, i.e. interest in optimising our online offer according to Art. 6 para. 1 lit. f. GDPR.

Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. Further information can be found in the privacy policy for HubSpot API: https://legal.hubspot.com/privacy-policy.

10.15. HubSpot Analytics

Type and scope of processing
We use HubSpot Analytics by HubSpot, Inc., Cambridge, Massachusetts, US, as an analysis service for the statistical evaluation of our online offer. This includes, for example, the number of times our online offer is called up, sub-pages visited and the length of time visitors stay.

HubSpot Analytics uses cookies and other browser technologies to evaluate user behaviour and recognise users.

This information is used, among other things, to compile reports on website activity.

Purpose and legal basis
HubSpot Analytics is used on the basis of your consent pursuant to Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

10.16. HubSpot CDN

Type and scope of processing
We use HubSpot CDN to properly deliver the content of our website. HubSpot CDN is a service of HubSpot, Inc. which acts as a content delivery network (CDN) on our website to ensure the functionality of other services of HubSpot, Inc. For said services, you will find a separate section in this privacy policy. This section is only about the use of the CDN.

A CDN helps to provide content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of HubSpot, Inc., Cambridge, Massachusetts, US, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of HubSpot CDN.

10.17. HubSpot Cookie Banner

Type and scope of processing
We have integrated HubSpot Cookie Banner on our website. HubSpot Cookie Banner is a consent solution of HubSpot, Inc., Cambridge, Massachusetts, US, with which the consent to store cookies can be obtained and documented. HubSpot Cookie Banner uses cookies or other web technologies to recognise users and to store the consent given or revoked.

Purpose and legal basis
The service is used on the basis of obtaining the legally required consent to the use of cookies in accordance with Art. 6 para. 1 lit. c. GDPR.

10.18. HubSpot Forms

Type and scope of processing
We have integrated HubSpot Forms on our website. HubSpot Forms is a service of HubSpot, Inc. and provides marketing automation software for marketing services and products, including SEO and content creation, lead management, email marketing and web analytics.

HubSpot Forms is used to store data entered in forms, e.g. when contact is made via a contact form. The data entered may be stored in our customer relationship management system (CRM system).

In this case, your data will be passed on to the operator of HubSpot Forms, HubSpot, Inc, Cambridge, Massachusetts, US.

Purpose and legal basis
We process your data with the help of HubSpot Forms for the purpose of handling the contact request and its processing pursuant to Art. 6 Para. 1 lit. b. GDPR.

The use of HubSpot Forms and the integrated services is subject to our legitimate interest pursuant to Art. 6 para. 1 lit. f. GDPR, the optimisation of our marketing measures and the improvement of our service quality on the website.

10.19. Youtube Video

Type and scope of processing
We have integrated YouTube Video on our website. YouTube Video is a component of the video platform of YouTube, LLC, on which users can upload content, share it over the Internet and receive detailed statistics.

YouTube Video enables us to integrate content from the platform into our website.

YouTube Video uses cookies and other browser technologies to analyse user behaviour, recognise users and create user profiles. This information is used, among other things, to analyse the activity of the content listened to and to create reports. If a user is registered with YouTube, LLC, YouTube Video can associate the videos played with the profile.

When you access this content, you establish a connection to servers of YouTube, LLC, Google Ireland Limited, Gordon House, Barrow Street Dublin 4 Ireland, whereby your IP address and, if applicable, browser data such as your user agent are transmitted.

Purpose and legal basis
The service is used on the basis of your consent pursuant to Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where no adequacy decision of the European Commission exists (e.g. in the USA), we have agreed with the recipients of the data on other suitable guarantees within the meaning of Art. 44 ff. GDPR. These are - unless otherwise stated - standard contractual clauses of the EU Commission pursuant to Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

In addition, prior to such a third country transfer, we obtain your consent pursuant to Art. 49 (1) sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be unknown risks in detail (e.g. data processing by security authorities of the third country, the exact scope of which and its consequences for you we do not know, over which we have no influence and of which you may not become aware).

Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by YouTube, LLC. Further information can be found in the privacy policy for YouTube Video: https://policies.google.com/privacy.

10.20. rapidmail

Type and scope of processing
We have integrated components of the service rapidmail on our website. rapidmail is a service of rapidmail GmbH and offers marketing automation for companies.

rapidmail is used to store and transfer data entered in forms using cookies, to send marketing emails and automated messages and to create targeted campaigns.

Furthermore, rapidmail offers us the possibility to analyse whether the sent emails have been opened, how many users have received an email and whether users have unsubscribed from the newsletter after receiving an email.

In this case, your data will be passed on to the operator of rapidmail, rapidmail GmbH, Augustinerplatz 2 79098 Freiburg i.Br., Germany.

Purpose and legal basis
We process your data with the help of rapidmail for the purpose of optimising our website and for marketing purposes on the basis of your consent pursuant to Art. 6 Para. 1 lit. a GDPR.

Storage period
The concrete storage period of the processed data cannot be influenced by us, but is determined by rapidmail GmbH. Further information can be found in the data protection declaration for rapidmail: https://www.rapidmail.de/datenschutz.

Privacy Policy