General Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data refers to all data that can personally identify you. Detailed information on data protection can be found in the privacy policy listed below this text.
Data Collection on This Website
Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. Their contact details can be found in the section “Notice Regarding the Responsible Party” in this privacy policy.
How do we collect your data?
Some data is collected when you provide it to us. This could, for example, be data you enter in a contact form. Other data is collected automatically or after your consent when you visit the website by our IT systems. These are primarily technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter the website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data is also processed for contract offers, orders, or other inquiries.
What rights do you have regarding your data?
You have the right at any time to receive information free of charge about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time with effect for the future. Furthermore, under certain circumstances, you have the right to request the restriction of the processing of your personal data. You also have the right to file a complaint with the competent supervisory authority.
You can contact us at any time regarding these rights or any other questions concerning data protection.
Analytics Tools and Tools from Third Parties
When visiting this website, your surfing behavior may be statistically evaluated. This is primarily done using so-called analysis programs. Detailed information on these analysis programs can be found in the full privacy policy below.
We host the content of our website with the following provider:
All-Inkl
The provider is ALL-INKL.COM – Neue Medien Münnich, Owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf (hereinafter referred to as “All-Inkl”). For more details, please refer to All-Inkl’s privacy policy:
https://all-inkl.com/datenschutzinformationen/
The use of All-Inkl is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable presentation of our website possible. Where appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
The operators of this site take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations as well as this privacy policy.
When you use this website, various personal data are collected. Personal data refers to any information by which you can be personally identified. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this occurs.
Please note that data transmission over the internet (e.g., communication via email) can have security vulnerabilities. Complete protection of data from access by third parties is not possible.
Notice Regarding the Responsible Party
The party responsible for data processing on this website is:
Leoni Lydia Nägele Coaching
Füssener Straße 98
87437 Kempten
Germany
Phone: +49 1573 3949057
Email: hi@leonilydia.com
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Retention Period
Unless a more specific storage period has been stated in this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you request the deletion of your data or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, deletion will occur once these reasons no longer apply.
General Information on the Legal Bases for Data Processing on This Website
If you have given your consent to data processing, we process your personal data based on Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data are processed pursuant to Art. 9(1) GDPR. In the event of explicit consent to the transfer of personal data to third countries, data processing is also based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or to access to information on your device (e.g., via device fingerprinting), data processing is additionally based on § 25(1) TDDDG. Consent can be revoked at any time.
If your data are required for the performance of a contract or for pre-contractual measures, we process your data based on Art. 6(1)(b) GDPR. Furthermore, we process your data if it is necessary to fulfill a legal obligation based on Art. 6(1)(c) GDPR. Data processing may also be based on our legitimate interest pursuant to Art. 6(1)(f) GDPR. The respective legal basis applicable in each individual case is explained in the following sections of this privacy policy.
Note on Data Transfers to Countries Without Adequate Data Protection and to U.S. Companies Not Certified Under the DPF
We use, among other things, tools from companies based in countries that do not offer an adequate level of data protection from an EU perspective, as well as U.S. tools whose providers are not certified under the EU-U.S. Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to these countries and processed there.
We would like to point out that in countries without adequate data protection, it is not guaranteed that the data protection level is comparable to that of the EU.
We also point out that the USA is generally considered a secure third country. Data transfers to the USA are permitted if the recipient is certified under the EU-U.S. Data Privacy Framework (DPF) or has appropriate additional safeguards in place. Details on data transfers to third countries, including recipients, can be found in this privacy policy.
We use, among other things, tools provided by companies based in countries that are not considered to offer adequate data protection under EU standards, as well as U.S.-based tools whose providers are not certified under the EU-U.S. Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to and processed in these countries. Please note that countries not deemed secure from a data protection perspective may not guarantee a level of data protection comparable to that in the EU.
However, we would like to point out that the United States is generally regarded as a secure third country, with a level of data protection that is considered comparable to that of the EU. A data transfer to the U.S. is therefore permissible if the recipient is certified under the EU-U.S. Data Privacy Framework (DPF) or provides appropriate additional safeguards. For further details on data transfers to third countries, including information about the recipients of such data, please refer to this privacy policy.
Recipients of Personal Data
In the course of our business activities, we work with various external parties. In some cases, this involves the transfer of personal data to these third parties. We only pass on personal data to external parties if this is necessary for the performance of a contract, if we are legally obliged to do so (e.g. disclosure to tax authorities), if we have a legitimate interest pursuant to Art. 6(1)(f) GDPR, or if another legal basis allows the data transfer.
When using data processors, we only share personal data of our customers based on a valid data processing agreement. In cases of joint processing, a joint processing agreement is concluded.
Revocation of Your Consent to Data Processing
Many data processing operations are only possible with your explicit consent. You may revoke consent that has already been given at any time. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation.
Right to Object to Data Collection in Specific Cases and to Direct Marketing (Art. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. THE RELEVANT LEGAL BASIS FOR EACH PROCESSING ACTIVITY CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING, INCLUDING PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).
Right to Lodge a Complaint with the Competent Supervisory Authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, place of work, or the place of the alleged infringement. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, their place of work, or the place of the alleged infringement. This right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.
Right to Data Portability
You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract, in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done if it is technically feasible.
Right to Access, Rectification, and Erasure
Within the scope of applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin and recipient, and the purpose of the data processing. You may also have the right to request the correction or deletion of your data. For these purposes, or if you have any further questions about personal data, you can contact us at any time.
Right to Restriction of Processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time to exercise this right. The right to restriction applies in the following cases:
If you contest the accuracy of your personal data stored by us, we usually need time to verify this. During the verification period, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data was or is unlawful, you may request restriction of the data processing instead of deletion.
If we no longer need your personal data, but you need it to exercise, defend, or establish legal claims, you have the right to request the restriction of processing instead of deletion.
If you have objected pursuant to Art. 21(1) GDPR, a balance must be struck between your interests and ours. Until it is determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, such data – apart from being stored – may only be processed with your consent, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a member state.
SSL or TLS Encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the website operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the change in the browser’s address line from “http://” to “https://” and by the padlock icon in your browser line.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Objection to Promotional Emails
We hereby object to the use of contact data published within the scope of the legal notice obligation for the transmission of unsolicited advertising and information materials. The operators of this website expressly reserve the right to take legal action in the event of unsolicited promotional information being sent, such as spam emails.
Cookies
Our website uses so-called “cookies.” Cookies are small data files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored on your device until you delete them yourself or your web browser deletes them automatically.
Cookies can be set by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services provided by third parties within websites (e.g., cookies for handling payment services).
Cookies serve various purposes. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies are used to analyze user behavior or for advertising purposes.
Cookies that are necessary to carry out electronic communications, to provide certain functions you have requested (e.g., for the shopping cart function), or to optimize the website (e.g., cookies for measuring web traffic) are stored based on Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically error-free and optimized provision of services. If consent to store cookies and similar recognition technologies was requested, the processing is based exclusively on this consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG); the consent can be withdrawn at any time.
You can configure your browser to notify you about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for specific cases or in general, and to enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
You can find out which cookies and services are used on this website in this privacy policy.
Consent with Complianz
Our website uses Complianz’s consent technology to obtain your consent to store certain cookies on your device or to use certain technologies in a data protection-compliant manner. The provider of this technology is Complianz B.V., Kalmarweg 14-5, 9723 JG Groningen, Netherlands (hereinafter referred to as “Complianz”).
Complianz is hosted on our servers, which means no connection is made to the servers of the Complianz provider. Complianz stores a cookie in your browser to assign the consents you have given or revoked. The data collected in this way will be stored until you
request us to delete them, delete the Complianz cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention obligations remain unaffected.
The use of Complianz serves to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6(1)(c) GDPR.
Contact Form
If you send us inquiries via the contact form, your information from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data without your consent.
The processing of this data is based on Art. 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary to carry out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if requested; consent can be withdrawn at any time.
The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after your request has been fully processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
Inquiries by Email, Phone, or Fax
If you contact us by email, telephone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.
The processing of this data is based on Art. 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary to carry out pre-contractual measures. In all other cases, the data is processed based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if obtained; consent can be withdrawn at any time.
The data you send to us via contact inquiries will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after your request has been fully processed). Mandatory legal provisions – especially statutory retention periods – remain unaffected.
Communication via WhatsApp
For communication with our customers and other third parties, we also use the WhatsApp instant messaging service. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Communication is carried out via end-to-end encryption (peer-to-peer), which prevents WhatsApp or third parties from accessing the content of the communication. However, WhatsApp does receive metadata that arises during the communication process (e.g. sender, recipient, and time). We also point out that, according to WhatsApp’s own statement, personal data of users is shared with its parent company Meta, which is based in the USA.
You can find more details on data processing in WhatsApp’s privacy policy at:
https://www.whatsapp.com/legal/#privacy-policy.
We use WhatsApp based on our legitimate interest in fast and effective communication with customers, interested parties, and other business and contractual partners (Art. 6(1)(f) GDPR). If consent has been requested, data processing is carried out exclusively on the basis of this consent, which can be revoked at any time with effect for the future.
The communication content exchanged between you and us via WhatsApp will remain with us until you request deletion, revoke your consent to storage, or the purpose for the data storage no longer applies (e.g. after your request has been fully processed). Mandatory legal provisions – particularly retention periods – remain unaffected.
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that aims to ensure compliance with European data protection standards for data processing in the US. Each company certified under the DPF commits to complying with these data protection standards. You can find more information from the provider at:
https://www.dataprivacyframework.gov/participant/7735.
We use WhatsApp Business.
The transfer of data to the US is based on the EU Commission’s Standard Contractual Clauses. You can find details here:
https://www.whatsapp.com/legal/business-data-transfer-addendum.
We have signed a Data Processing Agreement (DPA) with the above-mentioned provider.
Calendly
On our website, you have the opportunity to schedule appointments with us. For appointment scheduling, we use the tool “Calendly.” The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter “Calendly”).
For scheduling, you enter the requested data and your preferred appointment date into the provided form. The submitted data is used for planning, conducting, and, if necessary, following up on the appointment. The appointment data is stored on Calendly’s servers. Their privacy policy can be found here:
https://calendly.com/privacy.
The data you provide will remain with us until you request its deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Mandatory legal provisions – especially retention periods – remain unaffected.
The legal basis for data processing is Art. 6(1)(f) GDPR. The website operator has a legitimate interest in offering a user-friendly way to schedule appointments with interested parties and clients. If consent has been requested, processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) TDDDG, provided that the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) as defined by the TDDDG. Consent can be withdrawn at any time.
The transfer of data to the USA is based on the EU Commission’s Standard Contractual Clauses. You can find details here:
https://calendly.com/pages/dpa.
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. You can find more information from the provider at the following link:
https://www.dataprivacyframework.gov/participant/6050.
Data Processing Agreement (DPA)
We have concluded a Data Processing Agreement (DPA) for the use of the service mentioned above. This is a legally required contract under data protection law that ensures the service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
Facebook
This website integrates elements of the Facebook social network. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Facebook, the data collected may also be transferred to the USA and other third countries.
You can find an overview of the Facebook social media plugins here:
https://developers.facebook.com/docs/plugins/?locale=de_DE
When the social media element is active, a direct connection is established between your device and the Facebook server. This informs Facebook that you visited this website with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account.
We would like to point out that, as the provider of this website, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information can be found in Facebook’s privacy policy:
https://de-de.facebook.com/privacy/explanation
The use of this service is based on your consent in accordance with Art. 6(1)(a) GDPR and § 25(1) TDDDG. This consent can be revoked at any time.
If personal data is collected on our website using the described tool and passed on to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of data and its transmission to Facebook. The subsequent processing by Facebook is not part of the joint responsibility.
The joint obligations are set out in an agreement on joint processing. The full text of the agreement can be found here:
https://www.facebook.com/legal/controller_addendum
According to this agreement, we are responsible for providing data protection information regarding the use of the Facebook tool and for implementing the tool in a data protection-compliant manner on our website. Facebook is responsible for the data security of its products. Data subject rights (e.g. access requests) regarding data processed by Facebook can be exercised directly with Facebook. If you contact us regarding your data subject rights, we are obliged to forward your request to Facebook.
The transfer of data to the USA is based on the EU Commission’s Standard Contractual Clauses.
Details can be found at the following links:
https://www.facebook.com/legal/EU_data_transfer_addendum,
https://de-de.facebook.com/help/566994660333381, and
https://www.facebook.com/policy.php.
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to upholding these standards. More information is available here:
https://www.dataprivacyframework.gov/participant/4452.
This website includes features of the Instagram service. These features are provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
When the Instagram social media element is active, a direct connection is established between your device and the Instagram server. Instagram thereby receives information about your visit to this website.
If you are logged into your Instagram account, clicking the Instagram button will link the contents of this website to your Instagram profile. This enables Instagram to associate your visit to this website with your user account. We would like to point out that, as the provider of this website, we do not have knowledge of the content of the transmitted data or how it is used by Instagram.
The use of this service is based on your consent in accordance with Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may withdraw your consent at any time.
To the extent that personal data is collected on this website using the tool described and transmitted to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited exclusively to the collection of data and its transfer to Facebook or Instagram. Any subsequent processing by Facebook or Instagram is not part of the joint responsibility.
The joint obligations are detailed in an agreement on joint processing. The agreement can be viewed at:
https://www.facebook.com/legal/controller_addendum
According to this agreement, we are responsible for providing privacy information regarding the use of the Facebook and Instagram tools, and for implementing the tools in a data-protection-compliant manner on our website. Facebook is responsible for the security of its products. You can assert data subject rights (e.g. access requests) directly with Facebook or Instagram. If you assert such rights with us, we are obligated to forward them to Facebook.
Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses.
More details:
https://www.facebook.com/legal/EU_data_transfer_addendum,
https://privacycenter.instagram.com/policy/,
https://de-de.facebook.com/help/566994660333381.
Further information can also be found in Instagram’s privacy policy:
https://privacycenter.instagram.com/policy/
The company is certified under the EU-US Data Privacy Framework (DPF). For more details:
https://www.dataprivacyframework.gov/participant/4452
The Data Privacy Framework (DPF) is an agreement between the European Union and the United States that aims to ensure compliance with European data protection standards when data is processed in the USA. Every company certified under the DPF commits to adhering to these data protection standards. More information can be found at the following link:
https://www.dataprivacyframework.gov/participant/4452
This website integrates elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Each time a page of this website containing LinkedIn elements is accessed, a connection is established to LinkedIn’s servers. LinkedIn is then informed that you have visited this website using your IP address. If you click the LinkedIn “Recommend” button while logged into your LinkedIn account, LinkedIn can associate your visit to this website with your user account. Please note that we, as the website provider, have no knowledge of the content of the transmitted data or how it is used by LinkedIn.
The use of this service is based on your consent in accordance with Art. 6(1)(a) GDPR and § 25(1) TDDDG. You can withdraw your consent at any time.
Data transfers to the USA are based on the Standard Contractual Clauses of the European Commission.
More details can be found here:
https://www.linkedin.com/help/linkedin/answer/a1343190
You can find further information in LinkedIn’s privacy policy:
https://www.linkedin.com/legal/privacy-policy
LinkedIn is certified under the EU-US Data Privacy Framework (DPF). For more information:
https://www.dataprivacyframework.gov/participant/5448
This website uses elements of the Pinterest social network, which is operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
When you visit a page containing such an element, your browser establishes a direct connection to Pinterest’s servers. This social media element transmits log data to a Pinterest server in the USA. This log data may include your IP address, the address of websites you visit that also include Pinterest features, your browser type and settings, the date and time of the request, your use of Pinterest, and cookies.
The use of this service is based on your consent in accordance with Art. 6(1)(a) GDPR and § 25(1) TDDDG. Your consent can be withdrawn at any time.
For more information about the purpose, scope, further processing, and use of the data by Pinterest, as well as your rights and options for protecting your privacy, please refer to Pinterest’s privacy policy:
https://policy.pinterest.com/de/privacy-policy
Google Analytics
This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, time spent on the site, operating systems used, and the origin of the user. These data are assigned to the respective user’s device. No user ID is assigned.
Additionally, Google Analytics can record your mouse and scroll movements and clicks. Google Analytics also uses various modeling approaches to supplement the collected data and applies machine learning technologies in its analysis.
Google Analytics uses technologies that enable user recognition for the purpose of behavior analysis (e.g., cookies or device fingerprinting). The information collected by Google regarding your use of this website is generally transmitted to a Google server in the United States and stored there.
The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may withdraw your consent at any time.
Data transfers to the USA are based on the Standard Contractual Clauses of the European Commission.
Details can be found here:
https://privacy.google.com/businesses/controllerterms/mccs/
Google is certified under the EU-US Data Privacy Framework (DPF), an agreement between the EU and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Each DPF-certified company commits to uphold these standards.
More information is available here:
https://www.dataprivacyframework.gov/participant/5780
IP Anonymization
IP anonymization is activated on this website. This means that Google shortens your IP address within the member states of the European Union or in other states that are party to the Agreement on the European Economic Area before transmission to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the website operator, Google uses this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Browser Plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=de
Further information on the handling of user data by Google Analytics can be found in Google’s privacy policy:
https://support.google.com/analytics/answer/6004245?hl=de
Data Processing Agreement
We have entered into a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Newsletter Data
If you wish to subscribe to the newsletter offered on the website, we require your email address and information that allows us to verify that you are the owner of the provided email address and agree to receive the newsletter. No other data is collected or only on a voluntary basis. We use newsletter service providers, described below, to manage and distribute the newsletter.
GetResponse
This website uses GetResponse for sending newsletters. The provider is GetResponse Sp. z o.o., headquartered in Gdansk, Poland, ul. Arkonska 6, A3, 80-387 Gdansk, Website: https://www.getresponse.de (hereinafter “GetResponse”).
GetResponse is a service used to organize and analyze newsletter distribution. The data you provide to subscribe to the newsletter is stored on GetResponse’s servers. GetResponse also uses servers in the United States, meaning your newsletter data may be transferred to the USA, which is considered a non-secure third country under EU data protection law.
Data Analysis by GetResponse
Newsletters sent via GetResponse allow us to analyze the behavior of newsletter recipients. We can analyze, for instance, how many recipients opened the newsletter and how often particular links were clicked. Conversion tracking can also show whether a predefined action was taken after clicking a link (e.g., product purchase, social media sharing, or unsubscription). We can also track when a newsletter was opened, allowing us to send future newsletters at optimal times. The recipient’s time zone may also be considered.
GetResponse additionally enables us to segment newsletter recipients by interest groups, allowing us to provide the most relevant content to each group.
You can find more information about the features of GetResponse here:
https://www.getresponse.de/email-marketing/funktionen/e-mail-marketing
Legal Basis
Data processing is based on your consent (Art. 6(1)(a) GDPR). You may revoke this consent at any time. The legality of data processing prior to the revocation remains unaffected.
Transfers of data to the USA are based on the EU Commission’s Standard Contractual Clauses.
Details can be found here: https://www.getresponse.com/de/legal/standard-contractual-clauses
Storage Duration
The data you provide to subscribe to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter. After you unsubscribe, your data will be deleted from the newsletter distribution list. Data that we have stored for other purposes remains unaffected.
After you unsubscribe from the newsletter, your email address may be stored in a blacklist either by us or the newsletter service provider, if necessary to prevent future mailings. The data in the blacklist will only be used for this purpose and will not be combined with other data. This serves both your interest and our interest in complying with legal requirements for newsletter distribution (legitimate interest according to Art. 6(1)(f) GDPR). Blacklist storage is not time-limited. You may object to the storage if your interests outweigh our legitimate interest.
Further information can be found in GetResponse’s privacy policy at:
https://www.getresponse.de/email-marketing/legal/datenschutz.html
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards for data processing in the USA. Every company certified under the DPF is committed to upholding these data protection standards.
More information is available here:
https://www.dataprivacyframework.gov/participant/4993
Data Processing Agreement
We have signed a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law that ensures the service processes personal data of our website visitors only according to our instructions and in compliance with the GDPR.
YouTube
This website incorporates videos from the YouTube platform. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit a page on our website with an embedded YouTube video, a connection to YouTube’s servers is established. YouTube is informed about which of our pages you have visited.
YouTube may also store cookies on your device or use similar recognition technologies (e.g. device fingerprinting). This allows YouTube to collect information about visitors to this website. These data are used, among other things, to compile video statistics, improve user experience, and prevent fraud. In addition, the collected data may be processed within the Google advertising network.
If you are logged into your YouTube account, your browsing behavior may be directly linked to your personal profile. You can prevent this by logging out of your YouTube account before using our website.
If you are logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
The use of YouTube is in the interest of presenting our online content in an appealing way. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Where consent has been requested, data processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, provided the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) as defined by the TDDDG. Consent can be revoked at any time.
For more information on how YouTube handles user data, please refer to their privacy policy:
https://policies.google.com/privacy?hl=de
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards for data processing in the USA. Each DPF-certified company is committed to these standards.
Further information can be found here:
https://www.dataprivacyframework.gov/participant/5780
Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
reCAPTCHA is used to check whether data entered on this website (e.g. via a contact form) is being entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the visitor enters the website. For the analysis, reCAPTCHA evaluates various pieces of information (e.g. IP address, time spent on the website, or user mouse movements). The data collected during the analysis is forwarded to Google.
reCAPTCHA analyses run entirely in the background. Website visitors are not notified that an analysis is taking place.
The storage and analysis of the data are based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its website offerings from abusive automated surveillance and from SPAM. If corresponding consent has been requested, the processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) TDDDG, as far as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.
For more information about Google reCAPTCHA, please refer to the Google Privacy Policy and Terms of Service at:
https://policies.google.com/privacy?hl=de
https://policies.google.com/terms?hl=de
Google is certified under the EU-US Data Privacy Framework (DPF), ensuring compliance with EU data protection standards for data processing in the United States.
More details:
https://www.dataprivacyframework.gov/participant/5780
Spotify
This website integrates features of the music service Spotify. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden.
You can recognize Spotify plugins by the green logo on this website. An overview of the Spotify plugins can be found here:
https://developer.spotify.com.
When you visit this website, a direct connection between your browser and the Spotify server may be established through the plugin. Spotify thereby receives information that you have visited this website with your IP address.
If you click the Spotify button while logged into your Spotify account, you can link the content of this website to your Spotify profile. This allows Spotify to associate your visit to this website with your user account.
Please note that Spotify uses Google Analytics cookies, meaning your usage data when using Spotify may also be transmitted to Google. Google Analytics is a tool from the Google Group for analyzing user behavior and is based in the USA. Spotify is solely responsible for this integration. As the website operator, we have no control over this data processing.
The storage and analysis of the data are based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the appealing acoustic design of its website. Where consent has been requested, the processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) TDDDG, as far as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
Further information can be found in Spotify’s privacy policy:
https://www.spotify.com/de/legal/privacy-policy/.
If you do not want Spotify to associate your visit to this website with your Spotify user account, please log out of your Spotify account.
Data processing
For communication with our customers, we use, among others, online conferencing tools. The specific tools we use are listed below.
When you communicate with us via video or audio conference over the Internet, your personal data is collected and processed by us and the respective provider of the conferencing tool.
The conferencing tools collect all the data that you provide or use to utilize the tools (e.g., your email address and/or telephone number). In addition, the tools process data regarding the duration of the conference, the start and end times of your participation, the number of participants, and other “contextual information” related to the communication process (metadata).
Furthermore, the tool provider processes all technical data necessary for handling the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device types, operating system type and version, client version, camera type, microphone or speaker information, and the type of connection.
If content is exchanged, uploaded, or otherwise made available within the tool, it will also be stored on the servers of the tool provider. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos, videos, files, whiteboards, and other information shared while using the service may also be stored.
Please note that we do not have full influence over the data processing operations of the tools used. Our options are largely governed by the policies of the respective providers.
Further details on data processing by the conferencing tools can be found in the privacy policies of the respective tools listed below.
Purpose and Legal Basis
We use conferencing tools to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6(1)(b) GDPR). Additionally, the use of these tools serves to simplify and speed up communication with us and our company (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Where consent has been obtained, the use of the relevant tools is based on this consent; consent can be revoked at any time with effect for the future.
Storage Duration
Data collected directly by us via video and conferencing tools will be deleted from our systems as soon as you request deletion, revoke your consent for storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.
We have no influence over the storage duration of your data that is stored by the operators of the conferencing tools for their own purposes. For details, please refer directly to the privacy policies of the respective conferencing tool providers.
Conferencing Tools We Use
Google Meet
We use Google Meet. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Details on data processing can be found in Google’s privacy policy:
https://policies.google.com/privacy?hl=en.
The company is certified under the “EU-US Data Privacy Framework” (DPF).
The DPF is an agreement between the European Union and the United States aimed at ensuring compliance with European data protection standards for data processing in the USA. Each company certified under the DPF commits to adhering to these data protection standards.
You can find more information from the provider at the following link:
https://www.dataprivacyframework.gov/participant/5780.
Data Processing Agreement
We have concluded a Data Processing Agreement (DPA) with the provider mentioned above.
This is a data protection contract required by law, ensuring that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
