Overview of Processing Activities
The following overview summarizes the types of data processed, the purposes of processing, and the data subjects.

 

Types of Data Processed

• Inventory data

• Employee data

• Payment data

• Contact data

• Content data

• Contract data

• Usage data

• Metadata, communication data, and procedural data

 

Categories of Data Subjects

• Service recipients and clients

• Employees

• Prospective customers

• Communication partners

• Users

• Business and contractual partners

• Purposes of Processing

 

Provision of contractual services and fulfillment of contractual obligations

• Communication

• Security measures

• Office and organizational procedures

• Organizational and administrative procedures

• Feedback

• Provision of our online services and user-friendliness

• Whistleblower protection

• Public relations

• Business processes and operational procedures

 

Relevant Legal Bases
Relevant legal bases under the GDPR: Below you will find an overview of the legal bases under the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. If more specific legal bases apply in individual cases, we will inform you of these in the privacy policy.

Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.

Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.

Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.

Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany:

In addition to the GDPR, national data protection regulations apply in Germany. These include, in particular, the Federal Data Protection Act (BDSG). The BDSG contains, in particular, special provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and data transfers, as well as automated individual decision-making, including profiling. Furthermore, state data protection laws of the individual federal states may also apply.

National Data Protection Regulations in Austria: In addition to the GDPR, national data protection regulations apply in Austria. These include, in particular, the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act – DSG). The Data Protection Act contains, in particular, special provisions regarding the right of access, the right to rectification or erasure, the processing of special categories of personal data, processing for other purposes and transfers, as well as automated decision-making in individual cases.

Relevant Legal Bases under the Swiss Data Protection Act:

If you are located in Switzerland, we process your data on the basis of the Federal Act on Data Protection (Swiss DSG). Unlike, for example, the GDPR, the Swiss DSG generally does not require that a legal basis for the processing of personal data be stated, and that the processing of personal data be carried out in good faith, lawfully, and proportionately (Art. 6 para. 1 and 2 of the Swiss DSG). Furthermore, we only collect personal data for a specific purpose that is recognizable to the data subject and only process it in a manner compatible with that purpose (Art. 6 para. 3 of the Swiss Federal Act on Data Protection).

Note on the applicability of the GDPR and the Swiss Federal Act on Data Protection:

This privacy notice serves to provide information in accordance with both the Swiss Federal Act on Data Protection and the General Data Protection Regulation (GDPR). Therefore, please note that, due to its broader geographical scope and clarity, the terms used here are those of the GDPR. In particular, instead of the terms "processing" of "personal data," "overriding interest," and "special categories of personal data" used in the Swiss Federal Act on Data Protection (FADP), the terms "processing" of "personal data," "legitimate interest," and "special categories of data" used in the GDPR are employed. However, the legal meaning of these terms will continue to be determined according to the FADP within the scope of its application.

Security measures:

In accordance with legal requirements, and taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input of, disclosure of, and ensuring the availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data, and responses to data breaches. We also consider the protection of personal data during the development and selection of hardware, software, and processes, in accordance with the principles of data protection by design and by default.

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect user data transmitted via our online services from unauthorized access, we rely on TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), thus protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured with an SSL/TLS certificate, this is indicated by HTTPS in the URL. This serves as an indicator to users that their data is transmitted securely and encrypted.

International Data Transfers:

Data Processing in Third Countries: If we transfer data to a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of using third-party services or disclosing or transferring data to other persons, entities, or companies (which is identifiable by the postal address of the respective provider or if the privacy policy explicitly refers to the data transfer to third countries), this is always done in accordance with legal requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by an adequacy decision of the EU Commission on July 10, 2023. In addition, we have concluded standard contractual clauses with the respective providers that comply with the requirements of the European Commission and establish contractual obligations for the protection of your data.

This dual safeguard ensures comprehensive protection of your data: The Data Privacy Framework (DPF) forms the primary layer of protection, while the standard contractual clauses serve as an additional safeguard. Should changes occur within the framework of the DPF, the standard contractual clauses will act as a reliable fallback option. This ensures that your data remains adequately protected even in the event of any political or legal changes.

For each service provider, we will inform you whether they are certified under the DPF and whether standard contractual clauses are in place. Further information about the DPF and a list of certified companies can be found on the U.S. Department of Commerce website at:

https://www.dataprivacyframework.gov/ (in English).

​

For data transfers to other third countries, appropriate safeguards apply, in particular standard contractual clauses, explicit consent, or legally required transfers. Information on third-country transfers and applicable adequacy decisions can be found in the information provided by the European Commission:

https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

Disclosure of personal data abroad:

In accordance with the Swiss Federal Data Protection Act (FADP), we only disclose personal data abroad if adequate protection of the data subjects is guaranteed (Art. 16 FADP). If the Federal Council has not determined adequate protection (list:
https://www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung-staaten.html),
we implement alternative safeguards. For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by Switzerland's adequacy decision of September 15, 2024. In addition, we have concluded standard contractual clauses with the respective providers, which have been approved by the Federal Data Protection and Information Commissioner (FDPIC) and establish contractual obligations for the protection of your data.

This dual safeguard ensures comprehensive protection of your data: The DPF forms the primary layer of protection, while the standard contractual clauses serve as an additional layer of security. Should changes occur within the framework of the DPF, the standard contractual clauses come into play as a reliable fallback option. This ensures that your data remains adequately protected even in the event of any political or legal changes.

For each service provider, we will inform you whether they are DPF-certified and whether standard contractual clauses are in place. The list of certified companies and further information on the Data Privacy Framework (DPF) can be found on the U.S. Department of Commerce website at:

https://www.dataprivacyframework.gov/ (in English). For data transfers to other third countries, appropriate safeguards apply, including international agreements, specific guarantees, standard contractual clauses approved by the Federal Data Protection and Information Commissioner (FDPIC), or internal data protection policies approved in advance by the FDPIC or a competent data protection authority of another country.

General information on data storage and deletion:

We delete personal data that we process in accordance with legal requirements as soon as the underlying consent is withdrawn or no other legal basis for processing exists. This applies to cases in which the original processing purpose no longer applies or the data is no longer needed. Exceptions to this rule exist if legal obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for legal proceedings or the protection of the rights of other natural or legal persons, must be archived accordingly.

Our privacy policy contains additional information on the retention and deletion of data that applies specifically to certain processing activities.

If there are multiple retention periods or deletion deadlines for a given date, the longest period always applies. Data that is no longer needed for its originally intended purpose, but is retained due to legal requirements or other reasons, is processed by us exclusively for the reasons that justify its retention.

​

Data Retention and Deletion:

The following general retention periods apply under German law:

10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, and the work instructions and other organizational documents necessary for their understanding (§ 147 para. 1 no. 1 in conjunction with para. 3 AO, § 14b para. 1 UStG, § 257 para. 1 no. 1 in conjunction with para. 4 HGB).

8 years – Accounting documents, such as invoices and expense receipts (§ 147 para. 1 nos. 4 and 4a in conjunction with para. 3 sentence 1 AO and § 257 para. 1 no. 4 in conjunction with para. 4 HGB).

6 years – Other business documents: received commercial or business letters, copies of sent commercial or business letters, other documents relevant for taxation, e.g., timesheets, cost accounting sheets, calculation documents, price tags, and also payroll documents, insofar as they are not already accounting documents, and cash register receipts (Section 147 Paragraph 1 Nos. 2, 3, 5 in conjunction with Paragraph 3 of the German Fiscal Code (AO), Section 257 Paragraph 1 Nos. 2 and 3 in conjunction with Paragraph 4 of the German Commercial Code (HGB)).

3 years – Data required to consider potential warranty and damage claims or similar contractual claims and rights, as well as to process related inquiries, based on past business experience and standard industry practices, will be stored for the duration of the regular statutory limitation period of three years (Sections 195, 199 of the German Civil Code (BGB)).

3 years Data Retention and Deletion:

The following general retention periods apply under Austrian law for the retention and archiving of personal data, insofar as this is necessary for compliance with legal obligations or for the protection of legitimate interests:

7 years: Personal data processed in connection with tax-relevant business documents is retained for a period of seven years in accordance with Section 132 of the Austrian Federal Fiscal Code (BAO) and Sections 190–212 of the Austrian Commercial Code (UGB). This includes, in particular, books and records, annual financial statements, inventories, management reports, opening balance sheets, accounting documents, invoices, as well as received and sent commercial or business correspondence and other documents relevant for tax assessment. The period begins at the end of the calendar year for which the last entry was made and is extended, if necessary, as long as the documents are relevant for pending tax proceedings.

3 years: Data required for the assertion, exercise, or defense of warranty, damage, or other contractual claims is stored for the duration of the applicable statutory limitation period. This period is generally three years according to Section 1489 of the Austrian Civil Code (ABGB), unless longer statutory retention periods apply.

Data Retention and Deletion:

The following general retention periods apply under Swiss law:

10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, accounting documents and invoices, as well as all necessary work instructions and other organizational documents (Art. 958f of the Swiss Code of Obligations (CO)).

10 years – Data necessary for considering potential claims for damages or similar contractual claims and rights, as well as for processing related inquiries, based on past business experience and standard industry practices, is stored for the statutory limitation period of ten years, unless a shorter period of five years applies, which is relevant in certain cases (Art. 127, 130 CO). Claims for rent, lease payments and capital interest, as well as other periodic payments, for the supply of food, for meals and for innkeepers' debts, as well as for craft work, retail sale of goods, medical care, professional work of lawyers, legal agents, procurators and notaries and from the employment relationship of employees become statute-barred after five years (Art. 128 OR).

​

Commencement of the time limit at the end of the year: If a time limit does not expressly begin on a specific date and is at least one year long, it automatically starts at the end of the calendar year in which the event triggering the time limit occurred. In the case of ongoing contractual relationships within which data is stored, the event triggering the time limit is the effective date of termination or other dissolution of the legal relationship.

Rights of data subjects:
Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing. This also applies to profiling insofar as it is related to such direct marketing.

Right to withdraw consent:

You have the right to withdraw any consent you have given at any time.

Right of access:

You have the right to request confirmation as to whether your personal data is being processed and to access this data, as well as further information and a copy of the data, in accordance with legal requirements.

Right to rectification:

In accordance with legal requirements, you have the right to request the completion of incomplete personal data concerning you or the rectification of inaccurate personal data concerning you.

Right to erasure and restriction of processing:

In accordance with legal requirements, you have the right to request that personal data concerning you be erased without undue delay, or alternatively, in accordance with legal requirements, to request the restriction of processing of your personal data.

Right to data portability:

In accordance with legal requirements, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, or to request its transmission to another controller.

Right to lodge a complaint with a supervisory authority:

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

Rights of data subjects under the Swiss Federal Act on Data Protection (FADP):

As a data subject, you have the following rights under the Swiss FADP:

Right of access:

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and the following information: [list of information follows]. This also applies to the processing of personal data concerning you and to ensure transparent data processing.

Right to data portability:

You have the right to receive the personal data concerning you that you have provided to us in a commonly used electronic format.

Right to rectification:

You have the right to obtain the rectification of inaccurate personal data concerning you.

Right to object, erasure, and destruction:

You have the right to object to the processing of your data and to request that your personal data be erased or destroyed.

​

Business Services:

We process personal data of our contractual and business partners, such as customers, clients, prospective clients, suppliers, and other cooperation partners (collectively referred to as "Contractual Partners"), for the initiation, execution, and processing of contractual relationships and comparable legal relationships. This also includes pre-contractual measures taken upon request, as well as communication related to the respective contractual relationship.

The processing serves, in particular, to fulfill our primary and secondary contractual obligations. These include the provision of the agreed services, any update and information obligations, the handling of warranty claims and other service disruptions, the processing of cancellations, terminations of ongoing contractual relationships, rescission, refunds, and the processing of other contract-related declarations and inquiries. This covers both one-off contracts and ongoing contractual relationships.

We process, in particular, master data such as name, address, and, if applicable, company name; contact details such as email address and telephone number; contract and service data such as the subject matter of the contract, contract duration, order or transaction number; usage and performance data; payment and billing data; as well as communication content and history. Where necessary, we also process data that is disclosed or transmitted to us in the course of fulfilling an order.

Furthermore, we process the data to protect our rights and to fulfill legal obligations. This includes, in particular, commercial and tax law retention obligations, documentation obligations, and, where applicable, obligations to provide evidence and accountability. Processing also takes place based on our legitimate interests in proper business management, internal administration, risk management, and IT security, as well as in protecting our business operations and those of our contractual partners from misuse, breaches of data, confidential information, and other legal interests. This may also include the involvement of external service providers such as IT and telecommunications providers, transport and logistics companies, payment service providers, banks, tax and legal advisors, or other agents, insofar as this is necessary for the performance of the contract or for compliance with legal obligations.

Personal data will only be disclosed to third parties if this is necessary for the performance of the contract, for carrying out pre-contractual measures, for safeguarding legitimate interests, or for compliance with legal obligations. We will provide separate information about any further processing, particularly for marketing purposes, within the framework of this privacy policy.

We will inform our contractual partners which data is required in each individual case during the data collection process, for example, through appropriate labeling in online forms or in personal contact.

Data will be deleted as soon as it is no longer required for the aforementioned purposes and no statutory retention obligations apply. Statutory retention periods, in particular under commercial and tax law, may require longer storage. Data transmitted within the scope of a specific order will be deleted after completion of the order and expiry of any applicable retention periods, unless further legal or contractual obligations to store the data exist.

The legal basis for processing is Article 6(1)(b) GDPR for the performance of pre-contractual measures and for the fulfillment of the respective contractual relationship, as well as Article 6(1)(c) GDPR for compliance with legal obligations. Where processing is based on legitimate interests, it is carried out on the basis of Article 6(1)(f) GDPR. Insofar as processing is based on Article 6(1)(f) GDPR, it is carried out to safeguard our legitimate interests in proper and efficient business organization, the internal administration and documentation of business transactions, the enforcement and defense of legal claims, ensuring IT and data security, preventing misuse and fraud, and the economic management and further development of our business operations. These interests consist, in particular, of ensuring secure and legally compliant business operations and maintaining our entrepreneurial capacity.

​

Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses or telephone numbers); contract data (e.g., subject matter of the contract, term, customer category); usage data (e.g., page views and time spent on the site, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, individuals involved).

Data subjects: Service recipients and clients; prospective customers; business and contractual partners.

Purposes of processing and legitimate interests: Provision of contractual services and fulfillment of contractual obligations; security measures; communication; office and organizational procedures; organizational and administrative procedures; business processes and management procedures.

Storage and Deletion: Deletion is carried out in accordance with the information in the section "General Information on Data Storage and Deletion".

Legal Basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Information on Processing Procedures, Processes, and Services:

Online Shop, Order Forms, E-Commerce, and Service Fulfillment:

We process our customers' data to enable them to select, purchase, or order the chosen products, goods, and related services, as well as to facilitate payment and provision, delivery, or fulfillment. If necessary for order fulfillment, we use service providers, in particular postal, freight forwarding, and shipping companies, to carry out delivery or fulfillment for our customers. We utilize the services of banks and payment service providers for processing payments. The required information is marked as such during the ordering or similar purchase process and includes the data necessary for delivery, provision, and invoicing, as well as contact information to allow for any necessary follow-up; legal basis: performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Craft Services:

We process the data of our customers and clients (hereinafter referred to collectively as "customers") to enable them to select, purchase, or commission the chosen services or works, as well as related activities, and to facilitate payment, delivery, execution, or performance.

The required information is marked as such during the order, purchase, or similar contract conclusion process and includes the data necessary for delivery and invoicing, as well as contact information to allow for any necessary follow-up; legal basis: performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

​

Use of Cookies

The term "cookies" refers to functions that store information on and read information from users' devices. Cookies can also be used for various purposes, such as ensuring the functionality, security, and user-friendliness of online services, as well as analyzing visitor traffic. We use cookies in accordance with legal regulations. Where necessary, we obtain users' consent beforehand. If consent is not required, we rely on our legitimate interests. This applies when storing and reading information is essential to providing explicitly requested content and functions. This includes, for example, saving settings and ensuring the functionality and security of our online services. Consent can be withdrawn at any time. We provide clear information about the scope of consent and which cookies are used.

Information on the legal basis for data protection:

Whether we process personal data using cookies depends on consent. If consent has been given, it serves as the legal basis. Without your consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.

Storage period: Regarding storage duration, the following types of cookies are distinguished:

Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user leaves an online service and closes their device (e.g., browser or mobile application).

Persistent cookies: Persistent cookies remain stored even after the device is closed. For example, login status can be saved and preferred content can be displayed directly when the user revisits a website. User data collected using cookies can also be used for audience measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., when obtaining consent), they should assume that these cookies are persistent and can be stored for up to two years.

Persistent cookies: Persistent cookies remain stored even after the device is closed. General Information on Withdrawal and Objection (Opt-out):

Users can withdraw their consent at any time and also object to the processing of their data in accordance with legal requirements, including via their browser's privacy settings.

Types of data processed: Metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, individuals involved).

Data subjects: Users (e.g., website visitors, users of online services).

Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

​

Further information on processing procedures, methods, and services:

Processing of cookie data based on consent: We use a consent management solution to obtain user consent for the use of cookies or for the methods and providers mentioned within the consent management solution. This process serves to obtain, log, manage, and revoke consent, particularly regarding the use of cookies and similar technologies that are used to store, read, and process information on users' devices. Within this process, user consent for the use of cookies and the associated processing of information, including the specific processing activities and providers mentioned in the consent management process, is obtained. Users also have the option to manage and revoke their consent. The declarations of consent are stored to avoid having to request consent again and to be able to provide proof of consent in accordance with legal requirements. Storage takes place server-side and/or in a cookie (so-called opt-in cookie) or using comparable technologies to assign consent to a specific user or their device. Unless specific information is available regarding the providers of consent management services, the following general information applies: Consent is stored for up to two years. A pseudonymous user identifier is created, which is stored along with the time of consent, details regarding the scope of consent (e.g., the categories of cookies and/or service providers concerned), and information about the browser, system, and device used; legal basis: consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Blogs and publication media:

We use blogs or comparable means of online communication and publication (hereinafter "publication medium"). Reader data is processed for the purposes of the publication medium only to the extent necessary for its presentation and communication between authors and readers, or for security reasons. Furthermore, we refer you to the information on the processing of visitors to our publication within the framework of this privacy policy.

Types of data processed: Master data (e.g., full name, home address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or telephone numbers); Content data (e.g., textual or image messages and posts, as well as information relating to them, such as authorship or time of creation); Usage data (e.g., page views and time spent on the site, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).

Data subjects: Users (e.g., website visitors, users of online services).

Purposes of processing and legitimate interests: Feedback (e.g., collecting feedback via online form). Provision of our online services and user-friendliness.

Retention and Deletion: Deletion will be carried out in accordance with the information in the section "General Information on Data Storage and Deletion".

Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

​

Contact and Inquiry Management:

When you contact us (e.g., by mail, contact form, email, telephone, or via social media), as well as within the context of existing user and business relationships, the information provided by the inquiring individuals is processed to the extent necessary to respond to the contact requests and any requested actions.

Types of data processed: Contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or image messages and posts, as well as related information such as authorship or date of creation); metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, individuals involved).

Data subjects: Communication partners.

Purposes of processing and legitimate interests: Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via online form); provision of our online services and user-friendliness.

``` Storage and Deletion: Deletion is carried out in accordance with the information in the section "General Information on Data Storage and Deletion".

Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Further Information on Processing Procedures, Processes, and Services:

Contact Form: When you contact us via our contact form, by email, or through other communication channels, we process the personal data you provide to answer and process your request. This generally includes information such as your name, contact details, and any other information you provide that is necessary for proper processing. We use this data exclusively for the stated purpose of contacting you and communicating with you; Legal Basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Social Media Presence:

We maintain online presences within social networks and process user data in this context to communicate with users active there or to provide information about ourselves.

Please note that user data may be processed outside the European Union. This may pose risks for users, as it could, for example, make it more difficult to enforce their rights.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on usage patterns and the resulting user interests. These profiles may then be used to display advertisements within and outside the networks that are presumably tailored to the users' interests. Therefore, cookies are typically stored on users' computers to record their usage patterns and interests. Additionally, user profiles may also store data independently of the devices used by the users (especially if they are members of the respective platforms and logged in).

For a detailed description of the respective processing methods and the options to object (opt-out), please refer to the privacy policies and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be most effectively addressed directly with the providers. Only the latter have access to the user data and can take appropriate measures and provide information directly. Should you still require assistance, you can contact us.

Types of data processed: Contact data (e.g., postal and email addresses or telephone numbers); Content data (e.g., textual or image messages and posts, as well as information relating to them, such as authorship or time of creation); Usage data (e.g., page views and time spent on the site, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions).

Data subjects: Users (e.g., website visitors, users of online services).

Purposes of processing and legitimate interests: Communication; feedback (e.g., collecting feedback via online form); public relations.

Retention and deletion: Deletion as described in the section "General Information on Data Storage and Deletion".

Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

​

Further information on processing activities, procedures, and services:

Instagram: Social network enabling users to share photos and videos, comment on and like posts, send messages, and subscribe to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR);

Website: https://www.instagram.com

Privacy policy: https://privacycenter.instagram.com/policy/

Legal basis for third-country transfers: EU/EEA Data Privacy Framework (DPF), Switzerland Data Privacy Framework (DPF).

Facebook Pages: Profiles within the Facebook social network – The controller is jointly responsible with Meta Platforms Ireland Limited for the collection and transfer of data from visitors to our Facebook page (“Fanpage”). This includes, in particular, information about user behavior (e.g., viewed or interacted-with content, actions performed) as well as device information (e.g., IP address, operating system, browser type, language settings, cookie data). Further details can be found in the Facebook Data Policy: https://www.facebook.com/privacy/policy/. Facebook also uses this data to provide us with statistical analyses via the "Page Insights" service, which reveal how people interact with our page and its content. This is based on an agreement with Facebook ("Information about Page Insights": https://www.facebook.com/legal/terms/page_controller_addendum), which, among other things, regulates security measures and the exercise of data subject rights.

Further information can be found here: https://www.facebook.com/legal/terms/information_about_page_insights_data.

Users can therefore direct requests for information or deletion of their data directly to Facebook. The rights of users (in particular, access, erasure, objection, and the right to lodge a complaint with a supervisory authority) remain unaffected. Joint responsibility is limited exclusively to the collection of data by Meta Platforms Ireland Limited (EU). Meta Platforms Ireland Limited is solely responsible for further processing, including any potential transfer to Meta Platforms Inc. in the USA; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/privacy/policy/. Basis for third-country transfers: EU/EEA Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum), Switzerland Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum).

​

LinkedIn:

Social Network - We are jointly responsible with LinkedIn Ireland Unlimited Company for collecting (but not further processing) visitor data used to generate "Page Insights" (statistics) for our LinkedIn profiles. This data includes information about the types of content users view or interact with, as well as their actions. Details about the devices used are also collected, such as IP addresses, operating system, browser type, language settings, and cookie data, along with information from user profiles, such as job title, country, industry, hierarchical level, company size, and employment status. Information regarding LinkedIn's processing of user data can be found in LinkedIn's privacy policy:

https://www.linkedin.com/legal/privacy-policy

[Linkedin privacy policy information is not provided in the original text.] We have entered into a special agreement with LinkedIn Ireland (“Page Insights Joint Controller Addendum”, https://legal.linkedin.com/pages-joint-controller-addendum) that specifically regulates the security measures LinkedIn must observe and in which LinkedIn has agreed to fulfill the rights of data subjects (i.e., users can, for example, submit requests for access or erasure directly to LinkedIn).

The rights of users (in particular the right to access, erasure, objection, and to lodge a complaint with the competent supervisory authority) are not restricted by the agreements with LinkedIn. Joint controllership is limited to the collection and transfer of data to LinkedIn Ireland Unlimited Company, a company based in the EU. Further processing of the data is the sole responsibility of LinkedIn Ireland Unlimited Company, in particular with regard to the transfer of data to its parent company, LinkedIn Corporation, in the USA; Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR);

Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy.

Legal basis for third-country transfers: EU/EEA Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.linkedin.com/dpa),

Switzerland Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.linkedin.com/dpa).

Opt-out option:

https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

X: Social network; Service provider:

X Internet Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://x.com. Privacy Policy: https://x.com/de/privacy.

YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Legal basis:

Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy policy:

https://policies.google.com/privacy

Legal basis for third-country transfers: EU/EEA Data Privacy Framework (DPF), Switzerland Data Privacy Framework (DPF). Opt-out option: https://myadcenter.google.com/personalizationoff.

​