Privacy Policy SHS Viveon AG As of June 30, 2022

     1. Subject Matter and Scope

With this Privacy Policy, we inform you about which personal data we collect and how and for what purposes it is processed. We always treat your personal data in accordance with the statutory data protection regulations and this Privacy Policy. 

     2. Controller and Data Protection Officer

The Controller within the meaning of GDPR is SHS Viveon AG, Clarita-Bernhard-Straße 27, 81249 Munich, Germany, Tel. +49 (0)89 747257-0, e-mail info@shs-viveon.com.

Our data protection officer is Christian Schmoll, Tel. +49 (0)89 4622 7322, e-mail dsb@shs-viveon.com

Every data subject can contact our data protection officer directly at any time with questions and suggestions regarding data protection. 

     3. Use of the SHS Viveon Platform (SaaS)

     3.1 Account

If you use an account for the SHS Viveon platform (hereinafter referred to as “Platform”), we, as the controller, will collect and process your data in order to enable you to use the Platform. 

In this context, we process your data in the context of making the Platform available and/or to provide the services we offer. Where applicable, this includes the processing of the surname and first name of the users of the Platform, address(es), contact data (e.g. e-mail address, telephone number), contractual data (e.g. subject matter of the contract, term), payment data and data collected in the course of providing our services and/or required for the provision of our services. 

Your data will be processed for as long as you use your account. If you close/delete your account, the data processed via your account will be deleted promptly (subject to any retention obligations, see below under “Retention and Deletion”). 

The legal basis for this storage and processing is the fulfilment of the contract or the implementation of pre-contractual measures in accordance with Art. 6 para. 1 lit. b) GDPR. 

     3.2 Data Processing via the Platform

The data that you collect and process with the Platform is collected and processed by us on your behalf and exclusively on your instructions. This data processing by us as your data processor is regulated in a data processing agreement. 

We will be happy to provide you with our template for such a data processing agreement. Please contact us at dsb@shs-viveon.com. 

     3.3 Helpdesk

When using our helpdesk, the contact data and other content you provide will be collected and processed. This processing is done for the administration and handling of your support or contact request. 

For our helpdesks and the processing of support requests we use an external service provider as a data processor on the basis of a data processing agreement pursuant to Art. 28 GDPR. 

The helpdesk is a necessary component of the Platform and the data processed in the context of the use of the helpdesk is processed by us as a controller for the performance of the contract (Art. 6 para. 1 lit. b). GDPR). 

     3.4 Ticket System

We use a ticket system to process support requests. When processing support requests, the contact data provided by you and the other contents of the respective ticket provided by you are collected and processed. This processing takes place for the processing of the support ticket. 

For the ticket system, we use an external service provider as a data processor on the basis of a data processing agreement pursuant to Art. 28 GDPR. 

The ticket system is a necessary component of the Platform and the data processed in the context of handling support requests via the ticket system are processed by us as a controller for the performance of the contract (Art. 6 para. 1 lit. b). GDPR). 

     3.5 Transactional Messages

For transactional messages sent by email in connection with your use of the Platform, we use an external service provider who carries out the email dispatch for us and ensures the deliverability of the messages. 

This service provider acts for us as a data processor on the basis of a data processing agreement pursuant to Art. 28 GDPR. 

Transactional messages as part of the use of the Platform are a necessary part of the Platform and the data processed as part of the sending of transactional messages are processed by us as a controller for the performance of the contract (Art. 6 para. 1 lit. b). GDPR). 

     4. Visiting Our Website

Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer. For the pages to be displayed in your browser, the IP address of the terminal device you are using must be processed. In addition, there is further information about the browser of your terminal device. 

We are required by data protection law to also ensure the confidentiality and integrity of the personal data processed with our IT systems. The data is also used to correct errors on the website. 

The following data is logged for these purposes: 

  • IP address of the calling computer 
  • Operating system of the calling computer 
  • Browser version of the calling computer 
  • Name of the retrieved file 
  • Date and time of the retrieval 
  • Transmitted data volume 
  • Referring URL 

This data is regularly deleted after a few days. 

For the hosting of our website, we use an external service provider as a data processor on the basis of a data processing agreement pursuant to Art. 28 GDPR. 

The legal basis for this data processing is Art. 6 para. 1 lit. f) GDPR. Our overriding legitimate interest is the operation of this website and the implementation of the protection goals of confidentiality, integrity and availability of the data. 

   5. Usage Analytics Website 

In order to better understand how you use the website and to continuously improve the website, we may collect and analyze information on how users use the website. In particular, information on the use of the website (browsing history), information on the device (device ID, but not, for example, the Apple ID), the operating system and the IP address are processed. The data collected is used to create aggregated and anonymized usage analyses. 

In doing so, we use a so-called heatmap tool, which allows us to analyze and understand how users use the website (e.g., how much time users spend on which pages, which links they click on, what users do and do not do, etc.). Based on the analysis of user behavior, we can optimize and develop the website. As part of the use of this heatmap tool, cookies and other technologies are used to collect data about the behavior of users and their devices, in particular, the IP address of the device (collected and stored only in anonymous form), the screen size of the device, the type of device (unique device identifiers), browser information, geographical location (country only) and preferred language. This information is stored in a pseudonymized user profile, but this information is not used to identify individual users or to match it with other data about an individual user. 

For the heatmap tool, we use an external service provider as a processor on the basis of a data processing agreement pursuant to Art. 28 GDPR. 

This may involve the transfer of personal data to a third country outside the EU without an adequate level of data protection. There are appropriate safeguards for the data transfer in accordance with Art. 46 GDPR. We will provide you with proof of the appropriate guarantees (standard contractual clauses) at any time upon request. 

The legal basis for the processing of data for the creation of such usage analyses is the consent of the user of the platform pursuant to Art. 6 (1) lit. a) GDPr. 

     6. Contact and CRM

If you contact us to request information or a quotation, the information you provide will be stored for the purpose of processing the request. We need the information requested in a contact form on the website, if applicable, in order to process your enquiry, to address you correctly and to send you a reply. 

Enquiries are stored in our CRM system. This data may be used by us for direct advertising measures. You can object to such use for direct advertising at any time. Details of your right to object can be found below under “Right to Object”. 

The CRM system is regularly checked to see whether data can be deleted. If data is no longer required in the context of a customer or interested party relationship or if a conflicting interest of the data subject outweighs this, we will delete the data concerned, provided that there are no legal retention obligations to the contrary. 

The legal basis for this storage and processing is Art. 6 para. 1 lit. f) GDPR. Our overriding legitimate interest is the communication with our customers, interested parties and suppliers, the maintenance of our customer relationships and the implementation of direct marketing measures. If the contact is aimed at concluding a contract, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. 

    7. Chat

When using the live chat function on our website, the contact details and other content you provide will be collected and processed. This processing is done for the administration and handling of your request. 

For the live chat function, we use an external service provider as a data processor on the basis of a data processing agreement pursuant to Art. 28 GDPR. This may involve the transfer of personal data to a third country outside the EU without an adequate level of data protection. There are suitable guarantees for the data transfer in accordance with Art. 46 GDPR. We provide appropriate safeguards for this data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (Standard Contractual Clauses/Standard Data Protection Clauses) upon request. 

The legal basis for this storage and processing is Art. 6 para. 1 lit. f) GDPR. Our overriding legitimate interest is the communication with our customers, interested parties and website visitors. If the aim of contacting us is to conclude a contract, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. 

     8. Newsletter

     8.1 Registration for our Newsletter

On our website you can register to receive our e-mail newsletter. The data requested as mandatory fields are required for sending the newsletter. All other information is voluntary. During registration, the data from the input mask, the IP address of the calling computer and the date and time of registration are transmitted to us. Your consent is obtained for the processing of the data during registration and reference is made to this Privacy Policy. 

In order to verify that a registration for the sending of a newsletter is made by the actual owner of an e-mail address, we use the so-called “double opt-in” procedure. In this process, after registration of an e-mail address, a confirmation e-mail is sent to the registered e-mail address. Registration for the newsletter is only completed when a confirmation link contained in the confirmation e-mail is activated. The IP address of the calling computer and the date and time of activation of the confirmation link are also transmitted to us. 

The registration for the newsletter can be terminated at any time by using the unsubscribe link included in each newsletter or by contacting us at the contact details provided above. 

The legal basis for the processing of data after registration for the newsletter is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. 

      8.2 E-mail newsletter within the framework of an existing customer relationship

If you register as a user of the platform and provide your e-mail address, this may subsequently be used by us to send you an e-mail newsletter if you have not objected to such use. In such a case, only direct advertising for our own similar goods or services will be sent via the e-mail newsletter. You can object to the use of your e-mail address at any time, without incurring any costs other than the transmission costs according to the basic rates, by using the unsubscribe link contained in every newsletter or by contacting us at the above-mentioned contact details. 

The legal basis for sending the newsletter as a result of the sale of goods or services is Art. 6 para. 1 lit. f) GDPR. 

      8.3 Newsletter Analysis

With our newsletter, a statistical evaluation of usage data may be carried out. For this purpose, we may record both the opening of the email and the internal clicks, as well as additional information about the time of opening and the IP address. This information serves the purpose of measuring and optimizing the success of our newsletter campaigns by making the newsletter content more relevant to our target group and technically optimizing the newsletter in terms of display ability. This information can be assigned to individual newsletter recipients. However, this is merely a technical necessity, and it is not our intention to observe and analyze the usage behavior of individual users. We are only interested in an aggregated statistical evaluation. 

The legal basis for this analysis is your consent pursuant to Art. 6 para. 1 lit. a) DSGVO. You can revoke your consent at any time by contacting us using the contact details provided above. 

      8.4 Newsletter Service Provider

We use an external service provider as a data processor for the sending and analysis of our newsletter on the basis of a data processing agreement pursuant to Art. 28 GDPR. 

This may involve the transfer of personal data to a third country outside the EU without an adequate level of data protection. There are suitable guarantees for the data transfer in accordance with Art. 46 GDPR. We provide appropriate safeguards for this data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (Standard Contractual Clauses/Standard Data Protection Clauses) upon request.

     9. Cookies

Our website uses cookies. Cookies are pieces of information that are transferred from our web server or third-party web servers to your browser and stored there for later retrieval. Cookies can be small files or other types of information storage. In cookies, information is stored that arises in each case in connection with the specific end device used. Cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. A cookie also contains information about its origin and the storage period. In the context of this Privacy Policy, we also understand cookies to mean other technologies that have a similar functionality to cookies. 

On the one hand, we use so-called session cookies, which are only stored for the duration of the respective visit to our website. A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. Session cookies are automatically deleted when you leave our website and close the browser. 

We also use temporary cookies that are stored by us on your end device for a certain period of time (so-called first party cookies). If you visit our site again, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again. 

We also use cookies for other purposes, for example for the purpose of web analysis. These cookies are also automatically deleted after a defined period of time. This use is explained in more detail below. 

You have the option of preventing cookies from being set by making the appropriate settings in your browser. However, we would like to point out that the use of our website may then only be possible to a limited extent. Cookies do not install or start any programs or other applications on your computer. 

You can object to the use of cookies used for reach measurement and advertising purposes via the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

Cookie Settings

 

     10. Essential Cookies

When you visit our website, cookies are set that are absolutely necessary for the operation of the website. These essential cookies can be, for example, cookies that are required for the display of the website with a content management system (e.g. TYPO3), that are used to recognize language settings or that are used to document whether you have consented to the setting of further (non-essential) cookies or whether you have rejected them. 

The legal basis for the processing of personal data using essential cookies is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. Our overriding legitimate interest is the operation, analysis and optimization of our website and our customer interactions. 

     11. Google Analytics

We use web analytics services on our website to record how our website is used by users and to improve and optimize the website. 

We use the web analytics service Google Analytics with IP anonymization for this purpose. Google Analytics is a web analytics service provided by Google Ireland Limited (“Google”). 

Cookies are set within the scope of Google Analytics. You can prevent the storage of cookies by setting your browser accordingly. In addition, you can prevent the collection of data generated by the cookie and related to your use of the online offer to Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link, which informs Google Analytics via JavaScript that no data and information on visits to Internet pages may be transmitted to Google Analytics:http://tools.google.com/dlpage/gaoptout?hl=de.

Within the scope of IP anonymization, the collected IP address of the users of our website is shortened by Google within the European Economic Area before being transmitted to the USA. Only in exceptional cases will the unabbreviated IP address be transmitted to Google in the USA and shortened there. The transmitted IP addresses are not merged with other data from Google. 

When using Google Analytics, personal data may be transferred to a third country outside the EU without an adequate level of data protection. We provide appropriate safeguards for this data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (Standard Contractual Clauses/Standard Data Protection Clauses) upon request. 

The legal basis for this data processing is your express consent pursuant to Art. 6 para. 1 lit. a) GDPR. 

    12. HubSpot

On our website, we use HubSpot for various functionalities. HubSpot is provided by HubSpot Germany GmbH in Germany as a data processor on the basis of a data processing agreement. We use HubSpot in the areas of email marketing, social media publishing, reporting, CRM or contact management, live chat, ticketing system, user segmentation, analytics and tracking for landing pages and contact forms. 

The legal basis for this data processing is basically set out in the context of the individual functionalities described in this Privacy Policy. The legal basis is either our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR in contacting and communicating with visitors to our website and our customers, or your express consent pursuant to Art. 6 (1) lit. a) GDPR. 

If the contact or communication is aimed at the conclusion of a contract or takes place within the context of an existing contractual relationship, the legal basis for the processing is Art. 6 (1) lit. b) GDPR. 

Within the scope of processing by HubSpot, personal data may be transferred to the USA. We provide appropriate safeguards for this data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (Standard Contractual Clauses/Standard Data Protection Clauses) upon request. 

    13. YouTube

YouTube videos are embedded on our website. These are provided by Google Ireland Ltd. in Ireland (“YouTube”) via a plugin. 

We use the “extended privacy settings” for embedded YouTube videos, i.e. YouTube does not set cookies. 

Nevertheless, when you visit a website with the YouTube plugin, a connection to YouTube is inevitably established and your IP address is transmitted to YouTube in the process. 

When using YouTube, personal data is transferred to a third country outside the EU without an adequate level of data protection. We provide appropriate safeguards for this data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (Standard Contractual Clauses/Standard Data Protection Clauses) upon request. 

For more information on YouTube’s privacy policy, please visit YouTube’s Privacy and Security Center: https://support.google.com/youtube/topic/2803240?hl=de&ref_topic=6151248

The legal basis for this data processing when using YouTube is Art. 6 para. 1 lit. f) GDPR. Our overriding legitimate interest is the integration of videos and the associated optimization of the interactivity of our website and our customer interactions.

    14. Fonts

In order to display the contents of our website correctly and in a graphically appealing manner across all browsers, we use font libraries on this website. Calling up font libraries automatically triggers a connection to the operator of the library. The operator receives the information that the font required for our website was called up from your IP address. 

You can prevent the use of such libraries and the associated data transmission by installing a Java Script blocker (e.g. www.noscript.net).

We use Google Fonts from Google Ireland Limited (https://www.google.com/webfonts/). When using Google Fonts, data is transferred to the USA. Further information on data processing by Google can be found in Google’s privacy policy: https://www.google.com/policies/privacy.

When using Google Fonts, personal data is transferred to a third country outside the EU without an adequate level of data protection. We provide appropriate safeguards for this data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (Standard Contractual Clauses/Standard Data Protection Clauses) upon request. 

The legal basis for the integration and use of the font library is Art. 6 para. 1 lit. f) GDPR. Our overriding legitimate interest is the uniform presentation of our website. 

    15. Social Media Buttons

Social media buttons (links) of various social media networks (e.g. Twitter, YouTube and/or LinkedIn) are integrated on our website. 

If you click on one of these social media buttons, you will be redirected to our pages on the respective social media network. In this case, the provider of the respective social media network receives the information that your browser has accessed the corresponding page of our website, even if you do not have a profile with the respective social media network or are not logged in there. This information (including your IP address) is transmitted by your browser directly to a server of the respective provider. If you click on a social media button and are either logged in to the respective social media network or then log in to the page of the respective social media network, the transmitted information can be assigned to your account with the social media network. 

For information on the purpose and scope of data collection and processing by the providers of the respective social media network, the provider identification, a contact option, and your rights and setting options for data protection, please refer to the respective privacy policies of the providers of the social media networks. 

The legal basis for the integration and use of the social media buttons is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is the marketing of our offers and our website. 

    16. Social Media Pages

We maintain a publicly accessible profile on various social media networks, e.g. Twitter, YouTube and/or LinkedIn (“social media pages” or “fan pages”). 

If you visit one of our social media pages and are logged in to the respective social media network, the provider of the respective social media network can analyse your usage behaviour and assign the information collected to your account with the social media network and enrich it there. Even if you are not logged in or if you do not have an account with the respective social media network, personal data may be collected by the provider of the respective social media network, for example your IP address or data collected via a cookie. 

The operators of the social media networks can use this data to create user profiles. Based on your user profile, you can then be shown interest-based advertisements both on the websites of the social media network and on other websites. 

If you visit one of our social media pages, we are jointly responsible with the provider of the social media network for the collection and processing of your personal data that takes place there. For information on the collection and processing of your personal data that takes place there, we refer you to the data protection information of the respective social media network. We do not have any further information on this. 

You can assert your data subject rights according to Chapter III. of the GDPR (right to information, correction, deletion, restriction of processing, data portability, etc.) both against us and against the provider of the respective social media network. In this context, we would like to point out that we can only influence the processing of personal data and the implementation of data subject rights within the framework of our social media pages within the scope of the possibilities made available to us by the respective provider. 

The legal basis for our use of social media pages is Art. 6 para. 1 lit. f) GDPR. Our overriding legitimate interest is the presence and marketing of our products and services on the internet. 

    17. Video Conferences and Webinars

If you participate in a video conference, webinar or online meeting etc. organized by us. (hereinafter “video conferences”) organized by us, we process your personal data in the course of your participation. 

When you participate in a video conference, various categories of data are processed. The scope of the data also depends on the data you provide before or during participation in a video conference. 

If you participate in a video conference organized by us, you usually have to provide at least a name when registering. However, you can also use a pseudonym. Your IP address will also be processed to enable your participation and login information and device/hardware information will be stored. Your email address and profile picture will also be processed, if provided. If you dial in by phone, your phone number and IP address, if any, will be processed. 

To enable participation in the video conference, data from your terminal’s microphone and any terminal video camera and, if you share your screen, information from this “screenshare” is processed. You can switch off or mute the camera or microphone yourself at any time. You always decide yourself whether and which parts of your screen are shared. 

Audio and video recordings of the video conference can be made. In this case, MP4 files of all video, audio and presentation recordings are processed. There will always be an indication of the recording if one is made and, if necessary, the explicit consent of the participants to the recording will always be obtained. 

You may have the opportunity to use the chat, question or survey functions in a video conference. In this respect, the text entries you make are processed in order to display them in the video conference and, if necessary, to record them. 

Insofar as personal data of our employees is processed, § 26 BDSG (German Federal Data Protection Act) is the legal basis for data processing, insofar as German law is applicable to the processing of employee data. 

If German law is not applicable to the processing of employee data or if, in connection with participation in video conferences, the processing of personal data is not necessary for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of participation in a video conference, our overriding legitimate interest pursuant to Art. 6 (1) lit. f) GDPR is the legal basis for the data processing. In these cases, our legitimate interest is in the effective implementation of video conferences. 

Furthermore, the legal basis for data processing when conducting video conferences is Art. 6 (1) lit. b) GDPR, insofar as the meetings are conducted in the context of contractual relationships or with a view to initiating a contractual relationship (for example, in the case of video conferences with our clients in the context of the implementation of a project or participation in a webinar). 

Furthermore, the legal basis for data processing in the context of your participation in a video conference organized by us is our legitimate interest pursuant to Art. 6 (1) f) GDPR. Our legitimate interest in these cases is the effective implementation of video conferences. 

We use one or more service providers as processors for the implementation of video conferences on the basis of a data processing agreement pursuant to Art. 28 GDPR. 

This may involve the transfer of personal data to a third country outside the EU without an adequate level of data protection. In this case, we provide appropriate safeguards for this data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (Standard Contractual Clauses/Standard Data Protection Clauses) upon request. 

    18. Video Surveillance (CCTV)

Some of our premises are under video surveillance. This surveillance is clearly indicated by information signs. The legal basis for this storage and processing is Art. 6 para. 1 lit. f) GDPR. The purpose of the video surveillance and our legitimate interest is the protection of our house rights, the protection of our employees from dangerous situations, the protection of our property, namely our premises including equipment and the preservation of evidence after criminal offences. Only the management has access to the recordings. In individual cases, the records may be passed on to law enforcement authorities, depending on the purpose. The data is deleted by the system after 3 working days, provided that there are no incidents in terms of our legitimate interest that make longer storage necessary. 

    19. Applications

We collect and process the personal data provided to us by an applicant for the purpose of carrying out the application procedure. The data requested as mandatory fields are required for the implementation of the application process. All other information is voluntary. Applicant data is only made available to those persons and positions in our company who prepare or are involved in the hiring decision. 

If we conclude an employment contract with an applicant, the data provided will be processed for the purpose of implementing the employment relationship in compliance with the statutory provisions. 

If an employment relationship is established, we store the applicant data for as long as it is required for the employment relationship and insofar as legal regulations justify an obligation to store it. 

The legal basis for this processing of the application documents is Art. 6 Para. 1 lit. b) GDPR, in Germany in conjunction with Section 26 (1) BDSG. 

If no employment contract is concluded with an applicant, we store the applicant data for a period of one year after the conclusion of the application process on the basis of our overriding legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest in this case is the traceability of applications in order to be able to determine whether an applicant had already applied or was introduced by a recruiter, since in this case, under certain circumstances, placement commissions may be due. 

We also store the data in parallel for a period of six months after the conclusion of the application process on the basis of our overriding legitimate interest in enabling the defense of claims or a preservation of evidence function under the applicable anti-discrimination and equal treatment laws (e.g., the General Equal Treatment Act (AGG) in Germany). 

If the applicant has consented to their data being stored for a longer period, we will store the data submitted as part of the application in accordance with the declaration of consent in our applicant pool for a period of two years after completion of the application process in order to identify future positions of potential interest to the applicant and, if necessary, contact the applicant in this regard. After this period, the data will be deleted. 

Such consent to the storage of application data in our applicant pool can be revoked at any time for the future. To do so, please send us an e-mail to the contact details provided above. 

The legal basis for storing the application documents in our applicant pool is, if applicable, the applicant’s consent pursuant to Art. 6 (1) lit. a) GDPR. 

    20. Age Restriction

This website is not intended or designed for use by children under the age of 16. We do not knowingly collect personal information from or about anyone under the age of 16.

    21. Recipients of Data

Within our company, your data will be received by those internal departments or organizational units that need it to fulfill their tasks, where applicable to fulfill contracts with you, to process data with your consent or to protect our (overriding) legitimate interests. 

Data will only be passed on to third parties within the framework of legal requirements. We only pass on your data to third parties if this is necessary, e.g., on the basis of Art. 6 (1) lit. b) GDPR for contractual purposes or to protect our legitimate interest in accordance with Art. 6 (1) lit. f) GDPR in the effective performance of our business operations. 

Insofar as we use service providers or third-party providers in the context of providing the website and/or providing our services, we take appropriate legal precautions as well as corresponding technical and organizational measures to ensure the protection of your personal data. 

If, in the course of providing the website and/or our services, we use content or tools from service providers or third-party providers whose registered office is in a third country, data is regularly transferred to a third country. Third countries are countries in which the GDPR is not directly applicable law, i.e., countries outside the EU or the European Economic Area. The transfer of data to third countries only takes place if either an adequate level of data protection, consent or other legal permission, in particular appropriate safeguards in accordance with Art. 46 GDPR, exists. 

It is possible that we may acquire or sell the company or parts of the company or individual assets. In connection with such a sale, merger, reorganization or similar event, personal data may be transferred. In this case, your personal data will of course continue to be processed in accordance with this privacy information. The legal basis for such transfer is our overriding legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR in the effective performance and further development of our business operations. 

    22. Your Rights

You have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing and a right to correction, blocking or deletion of this data. You also have the right to restrict processing and to object to processing. 

You also have the right to have your data that we process automatically handed over to you or to a third party in a common, machine-readable format. 

To exercise your rights, please contact us using the contact details provided above. 

You also have the right to lodge a complaint with the data protection supervisory authority responsible for you. 

    23. Withdrawal of Consent

Some data processing operations are only possible with your express consent. You can withdraw your consent at any time. To do so, it is sufficient to send us an informal message by e-mail using the contact details provided above. The legality of the data processing carried out until the withdrawal remains unaffected by the withdrawal. 

    24. RIGHT TO OBJECT

IN SO FAR AS YOUR DATA IS PROCESSED TO PROTECT OUR LEGITIMATE INTERESTS, AS EXPLAINED IN THIS PRIVACY POLICY, YOU MAY OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE. TO DO SO, PLEASE CONTACT US USING THE CONTACT DETAILS PROVIDED ABOVE. 

IN PRINCIPLE, YOU ONLY HAVE THIS RIGHT TO OBJECT IF THERE ARE GROUNDS ARISING FROM YOUR PARTICULAR SITUATION (ART. 21 (1) GDPR). AFTER EXERCISING YOUR RIGHT TO OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE PROCESSED FOR THESE PURPOSES UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS. 

IF THE PROCESSING IS FOR THE PURPOSES OF DIRECT MARKETING, YOU MAY EXERCISE YOUR RIGHT TO OBJECT AT ANY TIME (ART. 21 (2) GDPR) AND YOUR PERSONAL DATA WILL THEN NO LONGER BE PROCESSED FOR THE PURPOSES OF DIRECT MARKETING, REGARDLESS OF THE GROUNDS FOR THE OBJECTION. 

    25. Obligation to Provide Personal Data

The provision of personal data is neither legally nor contractually required, you are also not obliged to provide personal data, however, the provision of personal information is necessary for the conclusion and performance of the contract insofar as certain information is mandatory in order to conclude and perform a contract.

     26. Automated Decision Making

We do not carry out automated decision-making including profiling. 

    27. Retention and Deletion

We adhere to the principles of data avoidance and data minimization. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as stipulated by the storage periods provided for by law. 

If the purpose of storage no longer applies or if a storage period provided for by law expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions. 

    28. Data Security

We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of the data protection laws are complied with and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. 

Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders, enquiries or payment data that you send to us. 

    29. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy from time to time so that it always complies with the current legal requirements or in order to implement changes to our services in the Privacy Policy, e.g. when introducing new services. The new Privacy Policy will then apply to your next visit. 

Cookie Settings