Privacy Policy

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and encompasses practically any handling of data.

"Pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

In accordance with Art. 32 GDPR and taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input, disclosure, ensuring availability and separation of data. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data and response to data threats. Furthermore, we consider the protection of personal data already in the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default (Art. 25 GDPR).

If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this is only done on the basis of a legal permission (e.g., if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 (1) (b) GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).

If we commission third parties to process data on the basis of a so-called "data processing agreement", this is done on the basis of Art. 28 GDPR.

You have the right to request confirmation as to whether data concerning you is being processed and to information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.

You have the right in accordance with Art. 16 GDPR to request the completion of data concerning you or the correction of inaccurate data concerning you.

In accordance with Art. 17 GDPR, you have the right to demand that relevant data be deleted immediately, or alternatively, in accordance with Art. 18 GDPR, to demand restriction of the processing of the data.

You have the right to request that the data concerning you that you have provided to us be received in accordance with Art. 20 GDPR and to request its transmission to other controllers.

You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.

"Cookies" are small files that are stored on users' computers. Different information can be stored within the cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offering. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offering and closes their browser. Such a cookie may store, for example, the contents of a shopping cart in an online shop or a login status. "Permanent" or "persistent" cookies are those that remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days. The interests of users may also be stored in such a cookie, which are used for reach measurement or marketing purposes. "Third-party cookies" are cookies offered by providers other than the controller operating the online offering (otherwise, if they are only its cookies, they are called "first-party cookies").

We may use temporary and permanent cookies and explain this in our privacy policy.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the browser's system settings. The exclusion of cookies may lead to functional restrictions of this online offering.

A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by switching them off in the browser settings. Please note that in this case not all functions of this online offering may be used.

The data processed by us will be deleted or restricted in its processing in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

According to legal requirements in Germany, storage takes place in particular for 10 years in accordance with §§ 147 (1) AO, 257 (1) No. 1 and 4, (4) HGB (books, records, management reports, accounting documents, commercial books, documents relevant for taxation, etc.) and 6 years in accordance with § 257 (1) No. 2 and 3, (4) HGB (commercial letters).

According to legal requirements in Austria, storage takes place in particular for 7 years in accordance with § 132 (1) BAO (accounting documents, receipts/invoices, accounts, receipts, business papers, statement of income and expenses, etc.), for 22 years in connection with real estate and for 10 years in the case of documents in connection with electronically provided services, telecommunications, radio and television services provided to non-entrepreneurs in EU member states for which the Mini-One-Stop-Shop (MOSS) is used.

We process the data of our contractual partners and interested parties as well as other principals, customers, clients or contractual partners (uniformly referred to as "contractual partners") in accordance with Art. 6 (1) (b) GDPR in order to provide them with our contractual or pre-contractual services. The data processed here, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship.

The processed data includes the master data of our contractual partners (e.g., names and addresses), contact data (e.g., email addresses and telephone numbers) as well as contract data (e.g., services used, contract contents, contractual communication, names of contact persons) and payment data (e.g., bank details, payment history).

As a matter of principle, we do not process special categories of personal data unless they are part of a commissioned or contractual processing.

We process data that is necessary for the establishment and fulfilment of contractual services and point out the necessity of their provision if this is not evident for the contractual partners. Disclosure to external persons or companies only takes place if it is necessary within the framework of a contract. When processing the data provided to us in the context of an order, we act in accordance with the instructions of the client as well as the legal requirements.

In the context of using our online services, we may store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the interests of users in protection against misuse and other unauthorised use. As a matter of principle, this data is not passed on to third parties unless it is necessary to pursue our claims pursuant to Art. 6 (1) (f) GDPR or there is a legal obligation to do so pursuant to Art. 6 (1) (c) GDPR.

The data is deleted when it is no longer necessary for the fulfilment of contractual or legal duties of care and for dealing with any warranty and comparable obligations, whereby the necessity of retaining the data is reviewed every three years; otherwise, the statutory retention obligations apply.

When contacting us (e.g., via contact form, email, telephone or via social media), the user's information is processed for the purpose of handling the contact request and its processing in accordance with Art. 6 (1) (b) (within the scope of contractual/pre-contractual relationships), Art. 6 (1) (f) (other enquiries) GDPR. The user's information may be stored in a Customer Relationship Management System ("CRM System") or comparable enquiry organisation.

We delete enquiries if they are no longer necessary. We review the necessity every two years; furthermore, the statutory archiving obligations apply.

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email delivery, security services and technical maintenance services that we use for the purpose of operating this online offering.

Here we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offering on the basis of our legitimate interests in an efficient and secure provision of this online offering in accordance with Art. 6 (1) (f) GDPR in conjunction with Art. 28 GDPR (conclusion of data processing agreement).

We use the web analytics service "Plausible Analytics" to continuously optimise our offering, both technically and in terms of content. Plausible is a trademark of Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia, Registration number 14709274, hereinafter referred to as "Plausible". Plausible Insights OÜ is fully GDPR-compliant.

Plausible takes a particularly privacy-friendly approach to analysing your visit. For this purpose, Plausible collects, among other things, the following information: date and time of your visit, title and URL of the pages visited, incoming links, the country you are in and the user agent of your browser software. Plausible does not use or store "cookies" on your device. All personal data (e.g., your IP address) is stored in a completely anonymised form as a so-called hash. A hash is an encryption of data that is irreversible, i.e., cannot be "decrypted". In this way, we can analyse your visit without storing personal data in a form that would be readable by us, Plausible or third parties.

Further information on the technical implementation can be found at https://plausible.io/privacy-focused-web-analytics.

Further information on data protection at Plausible can be found at https://plausible.io/data-policy.

The legal basis for processing is Art. 6 (1) (f) GDPR.

We use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google") on the basis of our legitimate interests (i.e., interest in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6 (1) (f) GDPR).

Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We use the online marketing method Google "AdWords" to place advertisements in the Google advertising network (e.g., in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the advertisements. This allows us to display advertisements for and within our online offering in a more targeted manner in order to present users only with advertisements that potentially match their interests. If a user is shown advertisements for products that they were interested in on other online offerings, for example, this is referred to as "remarketing". For these purposes, when our and other websites on which the Google advertising network is active are accessed, Google directly executes a code and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e., a small file, is stored on the user's device (comparable technologies may also be used instead of cookies). This file records which websites the user has visited, which content they are interested in and which offers the user has clicked on, as well as technical information about the browser and operating system, referring websites, time of visit and other information on the use of the online offering.

We also receive an individual "conversion cookie". The information collected with the help of the cookie is used by Google to generate conversion statistics for us. However, we only learn the anonymous total number of users who clicked on our advertisement and were redirected to a page with a conversion tracking tag. However, we do not receive any information that personally identifies users.

The data of the users is processed pseudonymously within the Google advertising network. This means that Google does not store and process, for example, the name or email address of the users, but processes the relevant data in a cookie-related manner within pseudonymous user profiles. This means that from Google's perspective, the advertisements are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymisation. The information collected about users is transmitted to Google and stored on Google's servers in the USA.

Further information on data use by Google, settings and opt-out options can be found in Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).

We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.

Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within social networks and platforms, e.g., write posts on our online presences or send us messages.

We use content or service offerings from third-party providers within our online offering on the basis of our legitimate interests (i.e., interest in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6 (1) (f) GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content").

This always presupposes that the third-party providers of this content are aware of the IP address of the users, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information on the use of our online offering, as well as being linked to such information from other sources.

Description and purpose: We use rapidmail for sending newsletters. The provider is Positive Group Deutschland GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. With rapidmail, the sending of newsletters is organised and analysed, among other things. The data you enter for the purpose of receiving the newsletter is stored on rapidmail's servers in Germany. If you do not want analysis by rapidmail, you must unsubscribe from the newsletter. We provide a corresponding link in every newsletter message for this purpose. For the purpose of analysis, the emails sent with rapidmail contain a so-called tracking pixel that connects to rapidmail's servers when the email is opened. In this way, it can be determined whether a newsletter message has been opened. Furthermore, we can use rapidmail to determine whether and which links in the newsletter message are clicked. Optionally, links in the email can be set as tracking links with which your clicks can be counted.

Legal basis: The legal basis for the data processing is Art. 6 (1) (a) GDPR.

Recipients: The recipient of the data is Positive Group Deutschland GmbH.

Transfer to third countries: The data is not transferred to third countries.

Duration: The data stored by you as part of the consent for the purpose of the newsletter is stored by us until you unsubscribe from the newsletter and is deleted from both our servers and rapidmail's servers after unsubscribing from the newsletter. Data that has been stored by us for other purposes (e.g., email addresses for the member area) remains unaffected.

Right of withdrawal: You have the possibility to withdraw your consent to data processing with effect for the future at any time. The lawfulness of the data processing operations that have already taken place remains unaffected by the withdrawal.

Further privacy notices: For further details, please refer to rapidmail's data security information at: https://www.rapidmail.de/datensicherheit. For more information about rapidmail's analysis features, please visit: https://www.rapidmail.de/hilfe