The Company

The Company

The Company

Technology & Product

Technology & Product

Technology & Product

Contact

Contact

Contact

Privacy Policy

Status: 15. March 2024

Status: 15. March 2024

Status: 15. March 2024

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter referred to as "data") that we process for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and particularly on our websites, in mobile applications, as well as within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering"). The terms used are not gender-specific.

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter referred to as "data") that we process for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and particularly on our websites, in mobile applications, as well as within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering"). The terms used are not gender-specific.

Person responsible

Deco Design Fürus GmbH

Manuel Schweizer

Adolf Dembach Straße 5

47829 Krefeld

Email Address: welcome@neave.world

Deco Design Fürus GmbH

Manuel Schweizer

Adolf Dembach Street 5

47829 Krefeld

Email Address: welcome@neave.world

Deco Design Fürus GmbH

Manuel Schweizer

Adolf Dembach Street 5

47829 Krefeld

Email Address: welcome@neave.world

Overview of the processes

The following overview summarises the types of processed data and the purposes of their processing and refers to the affected persons.


Types of processed data

• Inventory data.

• Payment data.

• Contact data.

• Content data.

• Contract data.

• Usage data.

• Meta, communication and procedural data.


Categories of affected persons

• Customers.

• Prospective clients.

• Communication partners.

• Users.

• Business and contractual partners.


Purposes of processing

• Provision of contractual services and fulfilment of contractual obligations.

• Contact requests and communication.

• Security measures.

• Direct marketing.

• Office and organisational procedures.

• Administration and response to inquiries.

• Feedback.

• Marketing.

• Providing our online services and user-friendliness.

• Information technology infrastructure.

The following overview summarises the types of processed data and the purposes of their processing and refers to the affected persons.


Types of processed data

• Inventory data.

• Payment data.

• Contact data.

• Content data.

• Contract data.

• Usage data.

• Meta, communication and procedural data.


Categories of affected persons

• Customers.

• Prospective clients.

• Communication partners.

• Users.

• Business and contractual partners.


Purposes of processing

• Provision of contractual services and fulfilment of contractual obligations.

• Contact requests and communication.

• Security measures.

• Direct marketing.

• Office and organisational procedures.

• Administration and response to inquiries.

• Feedback.

• Marketing.

• Providing our online services and user-friendliness.

• Information technology infrastructure.

Relevant legal foundations

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. If there are any specific legal bases that are relevant in individual cases, we will inform you of these in the privacy policy.

  • Consent (Article 6(1)(a) GDPR) - The data subject has given their consent to the processing of their personal data for a specific purpose or purposes.

  • Contract fulfilment and pre-contractual inquiries (Article 6(1)(b) GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract.

  • Legal obligation (Article 6(1)(c) GDPR) - The processing is necessary for compliance with a legal obligation to which the controller is subject.

  • Legitimate interests (Article 6(1)(f) GDPR) - The processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data.

National Data Protection Regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This particularly includes the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) for the protection against the misuse of personal data during data processing. The BDSG includes specific regulations regarding the right to access, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transfer as well as automated decision-making in individual cases including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Note on the applicability of the GDPR and Swiss DPA: These data protection notices serve to provide information in accordance with the Swiss Federal Act on Data Protection (Swiss DPA) as well as the General Data Protection Regulation (GDPR). For this reason, please note that due to the broader geographical application and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms used in the Swiss DPA “processing” of “personal data”, “overriding interest” and “particularly sensitive personal data”, the terms “processing” of “personal data”, “legitimate interest” and “special categories of data” defined in the GDPR are used. However, the legal significance of the terms will continue to be determined within the scope of the applicability of the Swiss DPA in accordance with the Swiss DPA.

Safety measures

We make suitable technical and organisational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.


These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access related to the data, input, transfer, ensuring availability, and separation. Furthermore, we have established processes that enable the exercise of data subject rights, the deletion of data, and responses to data breaches. Additionally, we take the protection of personal data into account already during the development or selection of hardware, software, and processes in accordance with the principle of data protection, through technology design and by ensuring data protection-friendly defaults.

We make suitable technical and organisational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.


These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access related to the data, input, transfer, ensuring availability, and separation. Furthermore, we have established processes that enable the exercise of data subject rights, the deletion of data, and responses to data breaches. Additionally, we take the protection of personal data into account already during the development or selection of hardware, software, and processes in accordance with the principle of data protection, through technology design and by ensuring data protection-friendly defaults.

International data transfers

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)), or the processing takes place in the context of using third-party services or the disclosure or transfer of data to other persons, agencies, or companies, this will only occur in accordance with legal requirements. If the level of data protection in the third country has been recognised by an adequacy decision (Article 45 GDPR), this serves as the basis for the data transfer. Additionally, data transfers only occur when the level of data protection is secured in another way, particularly through standard contractual clauses (Article 46(2)(c) GDPR), explicit consent, or in the case of contractual or legally required transfer (Article 49(1) GDPR). Furthermore, we will inform you of the bases of third country transfers with respect to the individual providers from the third country, with the adequacy decisions serving as the primary basis. Information on third country transfers and existing adequacy decisions can be found in the informational offerings of the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.


EU-US Trans-Atlantic Data Privacy Framework: As part of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognised the level of data protection for certain companies from the USA as safe under the adequacy decision of 10.07.2023. You can find the list of certified companies and further information about the DPF on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English). We will inform you within the framework of the privacy notices about which of our service providers are certified under the Data Privacy Framework.

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)), or the processing takes place in the context of using third-party services or the disclosure or transfer of data to other persons, agencies, or companies, this will only occur in accordance with legal requirements. If the level of data protection in the third country has been recognised by an adequacy decision (Article 45 GDPR), this serves as the basis for the data transfer. Additionally, data transfers only occur when the level of data protection is secured in another way, particularly through standard contractual clauses (Article 46(2)(c) GDPR), explicit consent, or in the case of contractual or legally required transfer (Article 49(1) GDPR). Furthermore, we will inform you of the bases of third country transfers with respect to the individual providers from the third country, with the adequacy decisions serving as the primary basis. Information on third country transfers and existing adequacy decisions can be found in the informational offerings of the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.


EU-US Trans-Atlantic Data Privacy Framework: As part of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognised the level of data protection for certain companies from the USA as safe under the adequacy decision of 10.07.2023. You can find the list of certified companies and further information about the DPF on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English). We will inform you within the framework of the privacy notices about which of our service providers are certified under the Data Privacy Framework.

Rights of the data subjects

Rights of the affected individuals under the GDPR: As individuals, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:


  • Right to object: You have the right to object at any time to the processing of your personal data that relate to you, on grounds relating to your particular situation, where such processing is based on Article 6(1)(e) or (f) GDPR; this right also applies to profiling based on these provisions. Where your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purposes of such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

  • Right of withdrawal of consent: You have the right to withdraw your consent at any time.

  • Right to access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and to access that data, as well as further information and a copy of the data in accordance with the legal requirements.

  • Right to rectification: You have the right to request the completion of personal data concerning you or the rectification of incorrect personal data concerning you in accordance with the legal requirements.

  • Right to erasure and restriction of processing: You have the right to request that personal data concerning you be erased immediately, or alternatively, to request a restriction of the processing of personal data in accordance with the legal requirements.

  • Right to data portability: You have the right to receive personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format, or to request the transmission of the data to another controller in accordance with the legal requirements.

  • Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement, if you believe that the processing of personal data concerning you infringes the GDPR.

Rights of the affected individuals under the GDPR: As individuals, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:


  • Right to object: You have the right to object at any time to the processing of your personal data that relate to you, on grounds relating to your particular situation, where such processing is based on Article 6(1)(e) or (f) GDPR; this right also applies to profiling based on these provisions. Where your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purposes of such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

  • Right of withdrawal of consent: You have the right to withdraw your consent at any time.

  • Right to access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and to access that data, as well as further information and a copy of the data in accordance with the legal requirements.

  • Right to rectification: You have the right to request the completion of personal data concerning you or the rectification of incorrect personal data concerning you in accordance with the legal requirements.

  • Right to erasure and restriction of processing: You have the right to request that personal data concerning you be erased immediately, or alternatively, to request a restriction of the processing of personal data in accordance with the legal requirements.

  • Right to data portability: You have the right to receive personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format, or to request the transmission of the data to another controller in accordance with the legal requirements.

  • Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement, if you believe that the processing of personal data concerning you infringes the GDPR.

Business Services

We process data of our contractual and business partners, e.g. customers and prospects (collectively referred to as "contract partners") within the framework of contractual and comparable legal relationships as well as related measures and in the context of communication with the contract partners (or pre-contractually), e.g., to answer inquiries.


We process this data to fulfil our contractual obligations. This includes in particular the obligations to provide the agreed services, any updating obligations and remedies for warranty and other service disruptions. Furthermore, we process the data to safeguard our rights and for the purposes of the administrative tasks associated with these obligations as well as corporate organisation. Additionally, we process the data based on our legitimate interests in proper and economically efficient management as well as on security measures to protect our contract partners and our business operations from misuse, threats to their data, secrets, information and rights (e.g. for engaging telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or financial authorities). Within the framework of applicable law, we only disclose the data of contract partners to third parties to the extent necessary for the aforementioned purposes or to fulfil legal obligations. Contract partners will be informed about other forms of processing, e.g. for marketing purposes, within the framework of this privacy policy.


We inform the contract partners of what data is required for the aforementioned purposes prior to or during the data collection, e.g. in online forms, by special markings (e.g. colours) or symbols (e.g. asterisks, etc.), or personally.


We delete the data after the expiry of statutory warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g. as long as it must be retained for legal archival reasons. The statutory retention period for tax-relevant documents as well as for commercial books, inventories, opening balances, annual financial statements, the working instructions necessary for the understanding of these documents and other organisational documents and booking documents is ten years, and six years for received commercial and business letters and reproductions of sent commercial and business letters. The period begins with the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance, the annual financial statement or the management report was prepared, the commercial or business letter was received or sent, or the booking document was created, as well as when the recording was made or the other documents were created.


To the extent that we use third-party providers or platforms to provide our services, the terms and conditions and privacy policies of the respective third-party providers or platforms apply in the relationship between users and providers.


  • Types of data processed: Inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contact data (e.g. email, phone numbers); contractual data (e.g. subject of the contract, duration, customer category); usage data (e.g. visited websites, interest in content, access times). Meta, communication, and procedural data (e.g. IP addresses, timestamps, identification numbers, consent status).

  • Affected persons: Customers; prospects. Business and contract partners.

  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; security measures; contact requests and communication; office and organisational procedures. Administration and response to inquiries.

  • Legal bases: Fulfilment of contracts and pre-contractual inquiries (Art. 6(1)(b) GDPR); legal obligation (Art. 6(1)(c) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).


Further notes on processing processes, procedures and services:


  • Online shop, order forms, e-commerce and delivery: We process our customers' data to enable them to select, purchase, or order the chosen products, goods as well as related services, as well as their payment and delivery or execution. If necessary for the execution of an order, we employ service providers, especially postal, freight, and shipping companies, to carry out the delivery or execution on our customers' behalf. For processing payment transactions, we use the services of banks and payment service providers. The required information is identified as such in the context of the ordering or comparable acquisition process and includes the necessary details for delivery or provision and billing as well as contact information to be able to hold any necessary discussions; Legal bases: Fulfilment of contracts and pre-contractual inquiries (Art. 6(1)(b) GDPR).

We process data of our contractual and business partners, e.g. customers and prospects (collectively referred to as "contract partners") within the framework of contractual and comparable legal relationships as well as related measures and in the context of communication with the contract partners (or pre-contractually), e.g., to answer inquiries.


We process this data to fulfil our contractual obligations. This includes in particular the obligations to provide the agreed services, any updating obligations and remedies for warranty and other service disruptions. Furthermore, we process the data to safeguard our rights and for the purposes of the administrative tasks associated with these obligations as well as corporate organisation. Additionally, we process the data based on our legitimate interests in proper and economically efficient management as well as on security measures to protect our contract partners and our business operations from misuse, threats to their data, secrets, information and rights (e.g. for engaging telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or financial authorities). Within the framework of applicable law, we only disclose the data of contract partners to third parties to the extent necessary for the aforementioned purposes or to fulfil legal obligations. Contract partners will be informed about other forms of processing, e.g. for marketing purposes, within the framework of this privacy policy.


We inform the contract partners of what data is required for the aforementioned purposes prior to or during the data collection, e.g. in online forms, by special markings (e.g. colours) or symbols (e.g. asterisks, etc.), or personally.


We delete the data after the expiry of statutory warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g. as long as it must be retained for legal archival reasons. The statutory retention period for tax-relevant documents as well as for commercial books, inventories, opening balances, annual financial statements, the working instructions necessary for the understanding of these documents and other organisational documents and booking documents is ten years, and six years for received commercial and business letters and reproductions of sent commercial and business letters. The period begins with the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance, the annual financial statement or the management report was prepared, the commercial or business letter was received or sent, or the booking document was created, as well as when the recording was made or the other documents were created.


To the extent that we use third-party providers or platforms to provide our services, the terms and conditions and privacy policies of the respective third-party providers or platforms apply in the relationship between users and providers.


  • Types of data processed: Inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contact data (e.g. email, phone numbers); contractual data (e.g. subject of the contract, duration, customer category); usage data (e.g. visited websites, interest in content, access times). Meta, communication, and procedural data (e.g. IP addresses, timestamps, identification numbers, consent status).

  • Affected persons: Customers; prospects. Business and contract partners.

  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; security measures; contact requests and communication; office and organisational procedures. Administration and response to inquiries.

  • Legal bases: Fulfilment of contracts and pre-contractual inquiries (Art. 6(1)(b) GDPR); legal obligation (Art. 6(1)(c) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).


Further notes on processing processes, procedures and services:


  • Online shop, order forms, e-commerce and delivery: We process our customers' data to enable them to select, purchase, or order the chosen products, goods as well as related services, as well as their payment and delivery or execution. If necessary for the execution of an order, we employ service providers, especially postal, freight, and shipping companies, to carry out the delivery or execution on our customers' behalf. For processing payment transactions, we use the services of banks and payment service providers. The required information is identified as such in the context of the ordering or comparable acquisition process and includes the necessary details for delivery or provision and billing as well as contact information to be able to hold any necessary discussions; Legal bases: Fulfilment of contracts and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Provision of the online services and web hosting

We process user data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary in order to transmit the content and functions of our online services to the user's browser or device.


  • Processed data types: Usage data (e.g. visited websites, interest in content, access times); Metadata, communication, and procedural data (e.g. IP addresses, timestamps, identification numbers, consent status). Content data (e.g. entries in online forms).

  • Data subjects: Users (e.g. website visitors, users of online services).

  • Purposes of processing: Provision of our online offering and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).). Security measures.

  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 letter f) GDPR).

 

Further information on processing processes, procedures, and services:


  • Provision of online offerings on rented storage space: To provide our online offering, we use storage space, computing capacity, and software that we rent or obtain from a corresponding server provider (also referred to as "web host"); Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 letter f) GDPR).

  • Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files". The server log files may include the address and name of the retrieved websites and files, the date and time of the retrieval, transmitted data volumes, a message about successful retrieval, browser type along with version, the user's operating system, referrer URL (the previously visited page), and generally IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. to prevent overloading of the servers (especially in case of abusive attacks, so-called DDoS attacks) and to ensure the load of the servers and their stability; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 letter f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymised. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident has been conclusively clarified.

  • Email dispatch and hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of the recipients as well as senders and other information regarding email dispatch (e.g. the involved providers) and the content of the respective emails are processed. The aforementioned data may also be processed for the purposes of detecting spam. Please note that emails are generally not encrypted when sent over the internet. Emails are usually encrypted in transit, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We cannot therefore accept any responsibility for the transmission path of emails between the sender and reception on our server; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 letter f) GDPR).

We process user data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary in order to transmit the content and functions of our online services to the user's browser or device.


  • Processed data types: Usage data (e.g. visited websites, interest in content, access times); Metadata, communication, and procedural data (e.g. IP addresses, timestamps, identification numbers, consent status). Content data (e.g. entries in online forms).

  • Data subjects: Users (e.g. website visitors, users of online services).

  • Purposes of processing: Provision of our online offering and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).). Security measures.

  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 letter f) GDPR).

 

Further information on processing processes, procedures, and services:


  • Provision of online offerings on rented storage space: To provide our online offering, we use storage space, computing capacity, and software that we rent or obtain from a corresponding server provider (also referred to as "web host"); Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 letter f) GDPR).

  • Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files". The server log files may include the address and name of the retrieved websites and files, the date and time of the retrieval, transmitted data volumes, a message about successful retrieval, browser type along with version, the user's operating system, referrer URL (the previously visited page), and generally IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. to prevent overloading of the servers (especially in case of abusive attacks, so-called DDoS attacks) and to ensure the load of the servers and their stability; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 letter f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymised. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident has been conclusively clarified.

  • Email dispatch and hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of the recipients as well as senders and other information regarding email dispatch (e.g. the involved providers) and the content of the respective emails are processed. The aforementioned data may also be processed for the purposes of detecting spam. Please note that emails are generally not encrypted when sent over the internet. Emails are usually encrypted in transit, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We cannot therefore accept any responsibility for the transmission path of emails between the sender and reception on our server; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 letter f) GDPR).

Newsletter and electronic notifications

We send newsletters, emails, and other electronic notifications (hereinafter referred to as "Newsletters") only with the consent of the recipients or a legal permit. If the contents of the newsletter are specifically described during the registration process, they are decisive for the users' consent. Furthermore, our newsletters contain information about our services and us.


To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name, for the purpose of personal addressing in the newsletter, or further information if these are necessary for the purposes of the newsletter.


Double Opt-In Procedure: The registration for our newsletter generally takes place in a so-called double opt-in procedure. That is, after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register using someone else's email address. Registrations for the newsletter are logged to demonstrate compliance with legal requirements regarding the registration process. This includes the storage of the time of registration and confirmation, as well as the IP address. Changes to your data stored by the mailing service provider are also logged.


Deletion and Restriction of Processing: We may store the unsubscribed email addresses for up to three years on the basis of our legitimate interests before we delete them, in order to demonstrate a previously given consent. The processing of this data is limited to the purpose of potential defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocking list (so-called "blocklist").

The logging of the registration process is based on our legitimate interests for the purpose of demonstrating that it is carried out properly. If we engage a service provider for sending emails, this is done on the basis of our legitimate interests in an efficient and secure mailing system.


Contents:


Information about us, our services, promotions, and offers.

  • Types of Data Processed: Inventory data (e.g., names, addresses); contact data (e.g., email, phone numbers); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status). Usage data (e.g., visited websites, interest in content, access times).

  • Affected Persons: Communication partners.

  • Purposes of Processing: Direct marketing (e.g., via email or postal mail).

  • Legal Bases: Consent (Art. 6 para. 1 sentence 1 letter a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 letter f) GDPR).

  • Right to Object (Opt-Out): You can unsubscribe from our newsletter at any time, that is, revoke your consents or object to further receipt. You can find a link to unsubscribe from the newsletter either at the end of each newsletter or you can use one of the contact options provided above, preferably email, for this purpose.


Further Information on Processing Processes, Procedures, and Services:


  • Measurement of Open and Click Rates: The newsletters contain a so-called "web beacon", that is, a pixel-sized file that is retrieved from our server when the newsletter is opened, or if we use a mailing service provider, from their server. During this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, are collected.

    These information is used for the technical improvement of our newsletters based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or the access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. This information is assigned to individual newsletter recipients and stored in their profiles until deletion. The evaluations help us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.


  • HubSpot: Email sending and automation services; Service Provider: HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA; Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 letter f) GDPR); Website: https://www.hubspot.de; Privacy Policy: https://legal.hubspot.com/de/privacy-policy; Data Processing Agreement: https://legal.hubspot.com/dpa. Basis for Third Country Transfers: Data Privacy Framework (DPF).



USE OF GOOGLE ANALYTICS

We use Google Analytics, a web analytics service of Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google).

1. Scope of Processing Personal Data

Google Analytics examines among other things the origin of the visitors, their dwell time on individual pages, and the use of search engines, thus enabling better success control of advertising campaigns. Google sets a cookie on your computer. This can result in personal data being stored and analyzed, particularly the user's activity (especially which pages have been visited and which elements have been clicked), device and browser information (especially the IP address and operating system), data on the ads displayed (especially which ads were shown and whether the user clicked on them), and also data from advertising partners (especially pseudonymized user IDs).

The information generated by the cookie about your use of this online presence is transmitted to a Google server in the USA and stored there. In the event of activation of IP anonymization on this online presence, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and there shortened.

On behalf of the operator of this online presence, Google will use this information to evaluate your use of the online presence, to compile reports on the activities of the online presence, and to provide further services related to the use of the online presence and internet usage to the operator of the online presence. The IP address transmitted by your browser within the framework of Google Analytics will not be merged with other data from Google. You can prevent the storage of cookies by adjusting your browser software accordingly; however, we would like to point out that you may not be able to use all functions of our online presence to their full extent in this case. Further information on the processing of data by Google can be found here:

https://policies.google.com/privacy?gl=GB&hl=en

2. Purpose of Data Processing

The purpose of processing personal data is in the targeted addressing of a target group that has already shown initial interest by visiting the page.

3. Legal Basis for Processing Personal Data

The legal basis for the processing of personal data of users is generally the consent of the user according to Art. 6 para. 1 sentence 1 letter a GDPR.

4. Duration of Storage

Your personal information will be stored as long as necessary to fulfill the purposes described in this privacy policy or as required by law. Advertising data in server logs are anonymized by Google, stating that it deletes parts of the IP address and cookie information after 9 or 18 months.

5. Right of Withdrawal and Erasure

You have the right to withdraw your data protection consent declaration at any time. The lawfulness of processing based on the consent until the withdrawal is not affected by the withdrawal of consent.

You can prevent the collection and processing of your personal data by Google by blocking the storage of third-party cookies on your computer, using the "Do Not Track" feature of a supporting browser, disabling the execution of script code in your browser, or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

You can also prevent the collection of data generated by the cookie and related to your use of the online presence (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link:

https://tools.google.com/dlpage/gaoptout?hl=en

With the following link, you can deactivate the use of your personal data by Google:

https://adssettings.google.de

Further information on objection and erasure options against Google can be found at:

https://policies.google.com/privacy?gl=GB&hl=en (edited)

We send newsletters, emails, and other electronic notifications (hereinafter referred to as "Newsletters") only with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically described as part of a registration, they are decisive for the consent of the users. Otherwise, our newsletters contain information about our services and us.


To sign up for our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name for personal addressing in the newsletter or additional information if this is necessary for the purposes of the newsletter.


Double-Opt-In Procedure: The registration for our newsletter is generally carried out in a so-called double opt-in procedure. This means that after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can sign up using someone else's email address. Newsletter registrations are logged to verify the registration process in accordance with legal requirements. This includes the storage of the registration and confirmation timestamps as well as the IP address. Changes to your data stored by the mailing service provider are also logged.


Deletion and Restriction of Processing: We can store unsubscribed email addresses for up to three years based on our legitimate interests before we delete them, in order to demonstrate a previously given consent. The processing of this data is limited to the purpose of potentially defending against claims. An individual deletion request is possible at any time, provided that the previous existence of consent is confirmed at the same time. In the case of obligations to permanently heed objections, we reserve the right to store the email address solely for this purpose in a blocking list (so-called "Blocklist").

The logging of the registration process is done based on our legitimate interests for the purpose of proving its orderly conduct. To the extent that we employ a service provider for sending emails, this is done based on our legitimate interests in an efficient and secure mailing system.


Contents:


Information about us, our services, promotions, and offers.

  • Processed Data Types: Inventory data (e.g., names, addresses); contact data (e.g., email, phone numbers); meta-, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status). Usage data (e.g., visited websites, interest in content, access times).

  • Affected Persons: Communication partners.

  • Purposes of Processing: Direct marketing (e.g., by email or post).

  • Legal Bases: Consent (Art. 6 (1) sentence 1 (a) DSGVO). Legitimate interests (Art. 6 (1) sentence 1 (f) DSGVO).

  • Right to Object (Opt-Out): You can unsubscribe from our newsletter at any time, i.e., revoke your consents or object to further receipt. A link to unsubscribe from the newsletter can be found either at the end of each newsletter or you can otherwise use one of the above-mentioned contact options, preferably email, for this purpose.


Further information on processing processes, procedures, and services:


  • Measurement of Open and Click Rates: The newsletters contain a so-called "web beacon", i.e., a pixel-sized file that is retrieved from our server when the newsletter is opened, or from the server of a mail service provider we use. During this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, are collected.

    This information is used for the technical improvement of our newsletters based on technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. This information is assigned to individual newsletter recipients and stored in their profiles until their deletion. The evaluations help us to recognize the reading habits of our users and to adapt our content accordingly or to send different content according to the interests of our users.


  • HubSpot: Email sending and automation services; Service Provider: HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA; Legal Bases: Legitimate Interests (Art. 6 (1) sentence 1 (f) DSGVO); Website: https://www.hubspot.de; Privacy Policy: https://legal.hubspot.com/de/privacy-policy; Data Processing Agreement: https://legal.hubspot.com/dpa. Basis for Third Country Transfers: Data Privacy Framework (DPF).



USE OF GOOGLE ANALYTICS

We use Google Analytics, a web analysis service of Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google).

1. Scope of Processing Personal Data

Google Analytics examines, among other things, the origin of visitors, their duration of stay on individual pages, and the use of search engines, allowing for better success control of advertising campaigns. Google sets a cookie on your computer. This can store and evaluate personal data, primarily user activity (in particular, which pages have been visited and which elements have been clicked), device and browser information (in particular, the IP address and operating system), data on displayed advertisements (in particular, which advertisements were displayed and whether the user clicked on them), and even data from advertising partners (in particular, pseudonymized user IDs).

The information generated by the cookie about your use of this online presence is transmitted to a server of Google in the USA and stored there. In the event of IP anonymization being activated on this online presence, your IP address will, however, be truncated by Google within member states of the European Union or in other contracting states of the agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and then truncated.

On behalf of the operator of this online presence, Google will use this information to evaluate your use of the online presence, compile reports on the activities of the online presence and provide other related services to the operator of the online presence regarding the use of the online presence and internet usage. The IP address transmitted by your browser in connection with Google Analytics will not be merged with other data from Google. You can prevent the storage of cookies by an appropriate setting of your browser software; however, we point out that in this case, you may not be able to use all functions of our online presence to the full extent. Further information about data processing by Google can be found here:

https://policies.google.com/privacy?gl=DE&hl=de

2. Purpose of Data Processing

The purpose of processing personal data lies in the targeted addressing of a target group that has already expressed initial interest by visiting the page.

3. Legal Basis for Processing Personal Data

The legal basis for processing the personal data of users is fundamentally the consent of the user according to Art. 6 (1) sentence 1 (a) DSGVO.

4. Duration of Storage

Your personal information will be stored as long as necessary to fulfill the purposes described in this privacy policy or as required by law. Advertising data in server logs is anonymized by Google, which according to its own statements deletes parts of the IP address and cookie information after 9 or 18 months, respectively.

5. Right of Withdrawal and Deletion Options

You have the right to revoke your data protection consent declaration at any time. The legality of the processing carried out on the basis of consent until the revocation is not affected by the revocation.

You can prevent the collection and processing of your personal data by Google by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, disabling script execution in your browser, or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

You can also prevent the collection of data generated by the cookie and related to your use of the online presence (including your IP address) by Google, along with the processing of this data by Google, by downloading and installing the browser plugin available at the following link:

https://tools.google.com/dlpage/gaoptout?hl=de

With the following link, you can disable the use of your personal data by Google:

https://adssettings.google.de

Further information on objection and elimination options against Google can be found at:

https://policies.google.com/privacy?gl=DE&hl=de


IONOS WebAnalytics

This website uses the analysis services of IONOS WebAnalytics (hereinafter referred to as IONOS). The provider is

9 / 12

1&1 IONOS SE, Elgendorfer Straße 57, D – 56410 Montabaur. Within the analyses with IONOS, visitor numbers and behaviour (e.g., number of page views, duration of a website visit,

bounce rates), visitor sources (i.e., from which page the visitor is coming), visitor locations as well as

technical data (browser and operating system versions) can be analyzed. For this purpose, IONOS stores the following data:

Referrer (previously visited website)

requested website or file

Browser type and version

operating system used

device type used

access time

IP address in anonymized form (is only used to determine the location of access)

Data collection is done by IONOS completely anonymously, so it cannot be traced back to individual persons.

Cookies are not stored by IONOS WebAnalytics.

The storage and analysis of the data is done on the basis of Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in the statistical analysis of user behaviour in order to optimize both his web offering and his advertising. If consent has been requested, the processing takes place exclusively on the basis of Art. 6 (1) lit. a DSGVO and § 25 Abs. 1 TTDSG, provided that the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) in the sense of TTDSG. The consent can be revoked at any time.

For more information on data collection and processing by IONOS WebAnalytics, please refer to IONOS's privacy policy at the following link:

https://www.ionos.de/terms-gtc/datenschutzerklaerung/

Promotional communication via email, post, fax or telephone

We process personal data for marketing communication purposes, which may take place through various channels, such as email, telephone, post or fax, in accordance with legal requirements.


The recipients have the right to revoke granted consents at any time or to object to marketing communication at any time.


After revocation or objection, we will retain the data necessary to demonstrate the previous entitlement for contact or dispatch for up to three years after the end of the year of the revocation or objection based on our legitimate interests. The processing of this data is limited to the purpose of possible defence against claims. Based on the legitimate interest of permanently observing the revocation or objection by users, we will additionally retain the data necessary to prevent further contact (e.g. depending on the communication channel the email address, telephone number, name).


  • Processed data types: Inventory data (e.g. names, addresses). Contact data (e.g. email, telephone numbers).

  • Affected persons: Communication partners.

  • Purposes of processing: Direct marketing (e.g. by email or post).

  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Presence on social media

We maintain online presences within social networks and process user data in this context to communicate with the users active there or to provide information about us.


We would like to point out that, in this case, user data may be processed outside the territory of the European Union. This may pose risks for users, as the enforcement of user rights could be made more difficult.


Furthermore, user data is usually processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on users' behaviour patterns and interests that arise from them. These usage profiles may, in turn, be used to display advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on users' computers, in which usage behaviour and users' interests are stored. Additionally, usage profiles may also contain data independent of the devices used by the users (especially when users are members of the respective platforms and are logged in).


For a detailed representation of the respective processing forms and the options for objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.


Even in the case of information requests and the assertion of affected rights, we would like to point out that these can be asserted most effectively with the providers. Only the providers have access to users' data and can directly take corresponding measures and provide information. If you still need assistance, you can contact us.


  • Processed Data Types: Contact data (e.g., email, phone numbers); content data (e.g., inputs in online forms); usage data (e.g., visited websites, interest in content, access times). Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, consent status).

  • Affected Persons: Users (e.g., website visitors, online service users).

  • Purposes of Processing: Contact requests and communication; feedback (e.g., collecting feedback via online forms). Marketing.

  • Legal Bases: Legitimate interests (Art. 6 (1) (f) GDPR).


Further Notes on Processing Processes, Procedures, and Services:


  • Instagram: Social network; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.instagram.com; Privacy policy: https://instagram.com/about/legal/privacy. Basis for third-country transfers: Data Privacy Framework (DPF).

  • Facebook Pages: Profiles within the social network Facebook; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy; Basis for third-country transfers: Data Privacy Framework (DPF);


  • Further Information: We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data from visitors to our Facebook page (so-called "Fanpage"). This data includes information on the types of content that users view or interact with, or actions they take (see under "Things you and others have done and provided" in the Facebook data policy: https://www.facebook.com/policy), as well as information about the devices used by users (e.g., IP addresses, operating systems, browser types, language settings, cookie data; see under "Device Information" in the Facebook data policy: https://www.facebook.com/policy). As explained in the Facebook data policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, so-called "Page Insights", for page operators so they can gain insights into how people interact with their pages and related content. We have entered into a specific agreement with Facebook ("Information on Page Insights", https://www.facebook.com/legal/terms/page_controller_addendum), which includes the specific security measures Facebook must observe and in which Facebook has committed to fulfilling affected rights (e.g., users can make requests for information or deletion directly to Facebook). The rights of users (especially regarding access, deletion, objection, and complaints to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information on Page Insights" (https://www.facebook.com/legal/terms/information_about_page_insights_data). The shared responsibility is limited to the collection by and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data falls solely under the responsibility of Meta Platforms Ireland Limited, particularly with respect to the transfer of data to the parent company Meta Platforms, Inc. in the USA.

  • LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Basis for third-country transfers: Data Privacy Framework (DPF); Right to object (Opt-Out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Further Information: We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not the further processing) of data from visitors for the purposes of creating the “Page Insights” (statistics) of our LinkedIn profiles.
    This data includes information on the types of content that users view or interact with, or actions they take, as well as information about the devices used by users (e.g., IP addresses, operating systems, browser types, language settings, cookie data) and data from user profiles, such as job function, country, industry, hierarchy level, company size, and employment status. Data protection information regarding the processing of user data by LinkedIn can be found in LinkedIn’s privacy notices: https://www.linkedin.com/legal/privacy-policy
    We have entered into a specific agreement with LinkedIn Ireland ("Page Insights Joint Controller Addendum (the 'Addendum')", https://legal.linkedin.com/pages-joint-controller-addendum), which specifies the security measures LinkedIn must observe and in which LinkedIn has committed to fulfilling affected rights (i.e., users can make requests for information or deletion directly to LinkedIn). The rights of users (especially regarding access, deletion, objection, and complaints to the competent supervisory authority) are not restricted by the agreements with LinkedIn. The shared responsibility is limited to the collection of data by and transmission to Ireland Unlimited Company, a company based in the EU. The further processing of the data is the exclusive responsibility of Ireland Unlimited Company, particularly with respect to the transfer of data to the parent company LinkedIn Corporation in the USA.

  • Xing: Social network; Service provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany; Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.xing.com/. Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.