Thank you for visiting our website. We take data protection very seriously and are committed to protecting your personal data within the scope of our website offering.
By personal data we mean all data concerning the personal and factual circumstances of a natural person. Personal data collected on our website is used exclusively for our own purposes.
1 Legal basis of data processing
The legal basis for data processing within the framework of the EU General Data Protection Regulation for our data processing results from Art. 6 DS-GVO. In detail, depending on the situation in which we process your data, different legal bases may arise.
Insofar as your consent has been obtained for processing operations of personal data, Article 6 I a) DS-GVO is the legal basis for the data processing. Consent given can be revoked at any time with effect for the future.
When processing personal data collected for the performance of a contract to which you are a party, Article 6 I b) DS-GVO is the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as processing of personal data is necessary to comply with a legal obligation to which our company is subject, Article 6 I c) DS-GVO serves as the legal basis.
In the event that vital interests of you or another natural person make processing of personal data necessary, Article 6 I d) DSGVO is the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Article 6 I f) DS-GVO serves as the legal basis for the processing. The legitimate interest of our company lies in the performance of our business activities.
Pursuant to Article 88 of the General Data Protection Regulation (DS-GVO) in conjunction with Section 26 of the Federal Data Protection Act (BDSG), personal data of employees are processed for the purposes of the employment relationship if this is necessary for the decision on the establishment of an employment relationship or, after the establishment of the employment relationship, for its implementation or termination or for the exercise or fulfilment of the rights and obligations of the employees’ representation of interests resulting from a law or collective agreement, a company or service agreement (collective agreement).
2 Data subject rights
Within the scope of our data processing, personal data relating to you will be processed. You are entitled to the rights from the third chapter of the GDPR against our company.
We observe the rights to information, correction, restriction of processing, deletion or transferability of your personal data. You can assert these rights as follows:
Right of access
You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you have the right to access this personal data and to be informed of the following:
(a) the purposes of processing;
b) the categories of personal data processed;
(c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;
(d) if possible, the envisaged duration for which the personal data will be stored or, if this is not possible, the criteria for determining that duration;
(e) the existence of a right to obtain the rectification or erasure of personal data concerning you, or the restriction of processing by the controller, or a right to object to such processing;
(f) the existence of a right of appeal to a supervisory authority;
(g) if the personal data are not collected from the data subject, any available information on the origin of the data;
(h) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) and, at least in such cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
If personal data are transferred to a third country or to an international organisation, you have the right to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.
We will provide you with a copy of the personal data that is the subject of the processing. For any further copies you request, we may charge a reasonable fee based on administrative costs. If you make the request for access electronically, we must provide the information in a commonly used electronic format unless you specify otherwise.
The right to receive a copy must not affect the rights and freedoms of other people.
Right to rectification
You also have the right to request that inaccurate personal data relating to you be rectified without undue delay. Taking into account the purposes of the processing, you have the right to request that incomplete personal data be completed, including by means of a supplementary declaration.
Right to erasure (“right to be forgotten”)
You also have the right to request that we erase personal data relating to you without undue delay and we are obliged to erase personal data without undue delay if one of the following reasons applies:
(a) the personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
b) You withdraw your consent on which the processing was based pursuant to Article 6 I lit. a DS-GVO or Article 9(2)(a) and there is no other legal basis for the processing.
c) You object to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2).
(d) The personal data have been processed unlawfully.
(e) erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
(f) the personal data have been collected in relation to information society services offered in accordance with Article 8(1).
(Where we have made the personal data public and we are obliged to erase it pursuant to paragraph 1, we shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers processing the personal data that you have requested the erasure of all links to, or copies or replications of, those personal data. This does not apply insofar as the processing is necessary a) for the exercise of the right to freedom of expression and information; b) for compliance with a legal obligation which requires processing under Union or Member State law to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us; (c) for reasons of public interest in the field of public health pursuant to Article 9(2)(h) and (i) and Article 9(3); (d) for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Article 89(1), where the right referred to in paragraph 1 is likely to make impossible or seriously prejudice the achievement of the purposes of such processing; or (e) for the establishment, exercise or defence of legal claims.
Right to restriction of processing
(1) You have the right to request us to restrict processing if
a) the accuracy of the personal data is contested by you, for a period of time which allows us to verify the accuracy of the personal data;
b) the processing is unlawful and you object to the erasure of the personal data and request the restriction of the use of the personal data instead;
(c) we no longer need the personal data for the purposes of processing, but you need it for the establishment, exercise or defence of legal claims; or
(d) you have objected to the processing pursuant to Article 21(1) as long as it has not yet been determined whether our legitimate grounds override yours.
(2) Where processing has been restricted in accordance with paragraph 1, those personal data may be processed, apart from being stored, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State. 4.5.2016 L 119/44 Official Journal of the European Union EN
(3) A data subject who has obtained a restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction is rescinded.
Notification obligation in connection with the rectification or erasure of personal data or the restriction of processing
We shall notify all recipients to whom personal data have been disclosed of any rectification or erasure of personal data or restriction of processing pursuant to Article 16, Article 17(1) and Article 18, unless this proves impossible or involves a disproportionate effort. We will inform you of these recipients if you so request.
Right to data portability
(1) You have the right to receive the personal data relating to you that you have provided to us in a structured, commonly used and machine-readable format and you have the right to transfer this data to another controller without hindrance from us to whom the personal data has been provided, provided that
(a) the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b); and
(b) the processing is carried out by automated means.
(2) When exercising your right to data portability under paragraph 1, you have the right to obtain that the personal data be transferred directly from us to another controller, where technically feasible.
(3) The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
(4) The right referred to in paragraph 2 shall not affect the rights and freedoms of other persons.
You also have the right to consult our Data Protection Officer about the above rights and about any matter relating to the processing of your personal data.
Right to complain
You also have the right to lodge a complaint with the relevant supervisory authorities.
Right to object
(1) You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 I e) or f; this also applies to profiling based on this provision. The controller shall then no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of your person, or the processing serves the purpose of asserting, exercising or defending legal claims.
2) If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
3) If you object to the processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
4) In the context of the use of information society services, notwithstanding Directive 2002/58/EC, you may exercise your right to object by means of automated procedures using technical specifications.
5) You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1), unless the processing is necessary for the performance of a task carried out in the public interest.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR.
3 Web server logs
In the course of using our website, connection information is stored in server log files.
This information includes:
- IP address of the calling system
- Browser information such as operating system used and screen resolution
- Web page called up
- source website
- time of the call
- The web server logs are processed exclusively for security purposes.
We use the log data only for statistical evaluations for the purpose of operation, security and optimisation of the offer.
However, we reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use on the basis of concrete indications.
It is possible to object to the setting of cookies at any time by changing the setting in the internet browser accordingly. Cookies that have been set can be deleted. Please note that if you deactivate cookies, you may not be able to use all the functions of our website to their full extent.
The exact functions of the cookies can be found in the more detailed information in this data protection declaration.
Note: If you delete your cookies, the deactivation cookie of the respective service will also be deleted and may have to be reactivated by you on your next visit.
5 Contact form
Within the framework of the contact form, you have the possibility to send us any data. The data will be forwarded by our web server to our company’s e-mail box. Please note that communication via the contact form is not encrypted. Please use a secure communication channel for confidential communication out of your own interest.
If you have entered your email address to receive a newsletter, we will only use the data to send you information in accordance with the newsletter registration.
When you register for the newsletter, we store your IP address and the date of registration. This storage serves solely as evidence in the event that a third party misuses an email address and registers to receive the newsletter without the knowledge of the authorised person.
You can unsubscribe from the newsletter at any time here.
7 Login area
Insofar as data is collected in the context of a user login, it is only used for the provision of the respective service. An evaluation only takes place to ensure a comfortable and secure operation of the system.
8 Comment function
When using the comment function, your IP address is stored for the purpose of abuse control.
9 Deployment and Use of the Scalable Central Measurement Procedure of INFOnline GmbH
Our website uses the measurement procedure (“SZMnG”) of INFOnline GmbH (https://www.INFOnline.de) to determine statistical parameters about the use of our sites. The aim of the usage measurement is to statistically determine the number of visits to our website, the number of website visitors and their surfing behaviour – on the basis of a uniform standard procedure – and thus to obtain values that are comparable across the market.
For all digital sites that are members of the Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V. (IVW – http://www.ivw.eu), the usage statistics are regularly processed further by the Arbeitsgemeinschaft Media-Analyse e.V. (agma – http://www.agma-mmc.de) into ranges and published with the performance value “Unique User” as well as by IVW with the performance values “Page Impression” and “Visits”. These ranges and statistics can be viewed on the respective websites.
a) Legal basis for processing
The measurement by means of the SZMnG measurement procedure by INFOnline GmbH is carried out with a legitimate interest pursuant to Art. 6 para. 1 lit. f) DSGVO.
The purpose of the processing of personal data is the creation of statistics and the formation of user categories. The statistics are used to track and document the use of our offer.
The website also serves as an advertising presence for INFOnline. Among other things, products, services and vacancies are to be advertised. In order to verify the success of these measures, measurement by means of the SZMnG measurement procedure is required. INFOnline operates and develops the measurement procedure used (SZMnG). The use of the measurement procedure on its own website is an important basis for INFOnline for quality assurance and further development of the measurement system. Our legitimate interest thus results from the economic usability of the findings resulting from the statistics and user categories and the need to obtain suitable bases for the maintenance and further development of the measurement system.
INFOnline is the provider of the measurement system (SZMnG). Therefore, it can be assumed that the reasonable expectation of a website visitor to be measured by the SZMnG is given. Furthermore, it is possible to object to the measurement by means of an opt-out.
b) Type of data
INFOnline GmbH collects the following data, which is personal data according to the EU-DSGVO:
IP address: On the Internet, every device requires a unique address, the so-called IP address, in order to transmit data. The storage of the IP address, at least for a short period of time, is technically necessary due to the way the Internet works. The IP addresses are shortened by 1 byte before any processing and are only processed anonymously. No storage or further processing of the untruncated IP addresses takes place.
A randomly generated client identifier: Range processing alternatively uses either a cookie with the identifier “ioam.de”, a “Local Storage Object” or a signature created from various automatically transmitted information from your browser to recognise computer systems. This identifier is unique for a browser as long as the cookie or local storage object is not deleted. Measurement of the data and subsequent assignment to the respective client identifier is therefore also possible if you call up other websites that also use the measurement procedure (“SZMnG”) of INFOnline GmbH.
The validity of the cookie is limited to a maximum of 1 year.
c) Use of the data
The measurement procedure of INFOnline GmbH, which is used on this website, determines usage data. This is done in order to collect the performance values page impressions, visits and clients and to form further key figures from them (e.g. qualified clients). In addition, the measured data is used as follows:
A so-called geolocation, i.e. the assignment of a website call to the location of the call, is carried out exclusively on the basis of the anonymised IP address and only up to the geographical level of the federal states / regions. Under no circumstances can conclusions be drawn about the specific location of a user from the geographical information obtained in this way.
The usage data of a technical client (e.g. a browser on a device) is aggregated across websites and stored in a database. This information is used for the technical estimation of the socio-information age and gender and transferred to AGOF’s service providers for further coverage processing. Within the scope of the AGOF study, socio characteristics are technically estimated on the basis of a random sample, which can be assigned to the following categories: Age, gender, nationality, occupation, marital status, general household information, household income, place of residence, internet usage, online interests, place of usage, user type.
d) Storage period of the data
The complete IP address is not stored by INFOnline GmbH. The shortened IP address is stored for a maximum of 60 days. The usage data in connection with the unique identifier will be stored for a maximum of 6 months.
e) Passing on of data
The IP address as well as the shortened IP address will not be passed on. For the creation of the agof study, data with client identifiers are passed on to agof.
We use the integrated hosting and marketing solution of HubSpot Ireland Limited, 2nd Floor 30, North Wall Quay, Dublin 1, Ireland within the framework of our legitimate interest in a technically flawless online offer and its economically efficient design and optimisation in accordance with Art. 6 Para. 1 lit. f DSGVO as well as – insofar as the storage of data for the initiation or conclusion of a contract with you is concerned – on the basis of permission to process contractual data in accordance with Art. 6 Para. 1 lit. b DSGVO.
HubSpot Ireland Limited is a subsidiary of a US company. However, the Irish company is a data processor in the EU.
You can find a transparent list of the cookies set by HubSpot here and here.
We have concluded an order processing agreement with HubSpot, according to which HubSpot only processes your data on our behalf: https://legal.hubspot.com/de/dpa
HubSpot offers the following functions:
- CMS (Content Management System)
- Contact forms
- Newsletter software
- Tracking and analysis
- CRM (Customer Relation Management)
- Chat software
We use the functions described below:
- HubSpot Hosting / CMS / CRM
We use HubSpot to host our website within the framework of our legitimate interest in a technically flawless online offering and its economically efficient design and optimisation. HubSpot collects usage data like any other hoster. This is identifiable and non-identifiable data when you visit our website. This data is either provided to HubSpot or collected automatically through the use of HubSpot services (“non-personal data”).
On the basis of non-personal data, it is not possible for HubSpot to trace the origin of the data. Non-Personal Data is technical and usage information, such as visitors’ and service users’ browsing and clickstream behaviour, session heatmaps and scrolls, as well as non-identifying data about the user’s or visitor’s device used, operating system, browser, screen resolution, language and keyboard settings, ISP, referring/exit pages, date/time stamp, and so on.
As a hoster, however, HubSpot also collects data that can identify a person with manageable effort (“personal data”). In principle, this personal data is all data that you enter when using the website. It may include contact information (such as email address or phone number), billing information (name, billing address, payment method, and bank account information), browser or user session information (IP address, geographic location, and/or unique terminal identifier), third party related account information (such as email address or username for a related PayPal, Google, or Facebook account), scanned identification documents provided to us (such as ID, driving licence, passport, or official company registration documents), and any other personally identifiable information.
HubSpot also takes physical, electronic and procedural safeguards to protect your personal information. You can find more information about this from HubSpot here.
We also use Hubspot as a customer relation management system on the basis of permission to process contractual data. Here, we store all data that you have transmitted to us for the purpose of initiating or concluding a contract, in particular your name, your contact data, payment data, if applicable, and purchased products. This data remains stored by us as long as we still need it for the processing of the contract (in particular warranty period) or a storage is legally prescribed (in particular of the tax-relevant data).
We use HubSpot within the scope of our legitimate interest in economically efficient customer communication to arrange appointments on our website. Hubspot receives all data that you enter in our forms and also collects usage data for this purpose. For this, we refer to our general presentation on contact forms.
As part of our legitimate interest in a technically flawless online offering and its economically efficient design and optimisation, we also use HubSpot to analyse our website.
HubSpot uses certain techniques for the analysis, in particular cookies, which are stored on your computer. These store information about the use of our site, which we use to improve our offer. HubSpot only collects the data pseudonymously and does not combine it with other personal data about you. It is not possible for us to identify you as a visitor to our website.
If you would like to deactivate tracking by HubSpot on our website, click here to opt out.
10 Data protection contact
Brühler Str. 9
Tel: 0228 – 410 29-0