PRIVACY POLICY

1. Scope of Processing Personal Data

We collect and use personal data of our website users and other affected persons (such as service providers, suppliers, customers) only to the extent necessary for providing our website, our content, and our services.

 

2. Legal Basis for Processing Personal Data

Where we obtain consent from the data subject for processing operations involving personal data, Article 6(1)(a) GDPR serves as the legal basis.

When processing personal data is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary to carry out pre-contractual measures.

If the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party, and the interests, fundamental rights, and freedoms of the data subject do not override this interest, Article 6(1)(f) GDPR serves as the legal basis.

If the processing involves storing information on your terminal device or accessing information already stored on the device, § 25(1), (2) TTDSG serves as the legal basis.

 

3. Data Deletion and Storage Duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Further storage may occur if provided for by European or national legislation in EU regulations, laws, or other provisions to which the controller is subject. Blocking or deletion of data also occurs when a storage period prescribed by the aforementioned regulations expires, unless there is a need for further storage of the data for a contract conclusion or contract fulfillment.

 

4. General Contact

You can contact us via email, phone, or letter. Your information and attachments from the inquiry, including the contact details you provided, will be stored solely for processing the request and in case of follow-up questions. If you contact us via email, your email address and the date and time of sending will be processed. For telephone contact, the phone number will be processed. If you write to us by letter, we will process your address data and the date of receipt. In this context, there is no transfer of data to third parties.

The legal basis for processing the data is Article 6(1)(f) GDPR. Our interest in answering your inquiry outweighs your interest; as you are contacting us, responding is also in your interest, and you are aware that we need to process your data to respond to your inquiry. Connection data is collected to process and answer your inquiry and to prevent misuse of the contact options.

If the contact aims to conclude a contract, the legal basis for processing is Article 6(1)(b) GDPR.

The data will be deleted once they are no longer necessary for achieving the purpose of their collection. This is the case when the respective communication with the data subject has ended. The communication is considered ended when it can be inferred from the circumstances that the relevant facts have been conclusively clarified.

 

5. Recipients of Your Data

Within our company, departments have access to your data as necessary to fulfill their processing purposes. This also applies to service providers and agents employed by us. All departments and individuals working with your data are obligated to confidentiality and to handle personal data sensitively.

Outside the company, your data will only be shared if it complies with data protection regulations. This is the case when the transmission is necessary to fulfill the purposes or if we have obtained your consent for the use and sharing of the data. The following recipients may receive your data:

• Gerwan GmbH and inmedias.it Gesellschaft für Informationstechnologie mbH: Service providers for operating our website and processing data stored or transmitted through the systems (e.g., data center services, payment processing, IT security). The legal basis for sharing is Article 6(1)(b) or (f) GDPR, unless they are processors.

• State authorities/agencies, if necessary to fulfill a legal obligation. The legal basis for sharing is Article 6(1)(c) GDPR.

• Individuals involved in our business operations, Jumpgate AB, auditors COUNSEL Treuhand GmbH, Wirtschaftsprüfungs- und Steuerberatungsgesellschaft, banks, insurers, legal advisors, supervisory authorities, parties involved in business acquisitions, or the formation of joint ventures. The legal basis for sharing is Article 6(1)(b) or (f) GDPR.

• If you contact us via email, Microsoft Ireland Operations Ltd. processes the data as a processor.

• During website visits, other recipients may be considered, listed under "II." in the relevant sections.

 

6. Data Sources

We primarily receive your personal data directly from you and may additionally use public sources (websites, contact directories, etc.) for initial contact.

If we receive your data from other third parties (e.g., recommendations from other partners), we will inform you about these data sources during the initial contact.

 

7. Rights of the Data Subject

If personal data relating to you is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

​

     a) Right to Access

You can request confirmation from the controller as to whether personal data concerning you is being processed.

If such processing is taking place, you can request information from the controller about the following:

(1) 

The purposes for which the personal data is being processed;

(2)      

The categories of personal data being processed;

(3)      

The recipients or categories of recipients to whom the personal data concerning you has been disclosed or is still being disclosed;

(4)      

The planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;

(5)      

The existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;

(6)      

The existence of a right to lodge a complaint with a supervisory authority;

(7)      

All available information on the origin of the data, if the personal data is not collected from the data subject;

(8)      
The existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the significance and envisaged consequences of such processing for the data subject.

​

You have the right to request information about whether personal data concerning you is transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.

​

     b) Right to Rectification

You have the right to obtain rectification and/or completion from the controller if the personal data concerning you that is being processed is incorrect or incomplete. The controller must carry out the rectification without undue delay.

​

     c) Right to Restriction of Processing

Under the following conditions, you can request the restriction of processing of personal data concerning you:

(1)      

If you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

(2)      

The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of its use instead;

(3)     

The controller no longer needs the personal data for the purposes of processing, but you need it for the establishment, exercise, or defense of legal claims; or

(4)      
If you have objected to processing pursuant to Article 21(1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.

​

If the processing of personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing is applied according to the aforementioned conditions, you will be informed by the controller before the restriction is lifted.

​

     d) Right to Erasure

You can request the controller to erase the personal data concerning you without undue delay, and the controller is obliged to erase this data without undue delay if one of the following reasons applies:

(a)      

The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

(b)      

You withdraw your consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal ground for the processing.

(c)      

You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.

(d)      

The personal data concerning you has been unlawfully processed.

(e)      

The erasure of personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

 

Information to Third Parties

If the controller has made the personal data concerning you public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you have requested the erasure by such controllers of any links to, or copies or replications of, that personal data.

​

Exceptions

The right to erasure does not apply to the extent that processing is necessary:

(a)      

For exercising the right of freedom of expression and information;

(b)  

to fulfill a legal obligation requiring processing under Union or Member State law to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;

(c)   

for reasons of public interest in the field of public health in accordance with Article 9 Paragraph 2 Letters h and i and Article 9 Paragraph 3 GDPR;

(d)      

for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89 Para. 1 GDPR, insofar as the law referred to in section a) is likely to make the achievement of the objectives of this processing impossible or seriously impair it, or

(e)      
to assert, exercise or defend legal claims.

​

     e) Right to information

If you have asserted the right to rectification, deletion or restriction of processing against the person responsible, the person responsible is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or deletion of the data or restriction

​

     f) Right to data portability

You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided

(1)      

the processing is based on consent in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract in accordance with Article 6 (1) (b) GDPR and

(2)      

the processing takes place using automated procedures.

​

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another controller, to the extent that this is technically feasible. The freedoms and rights of other people must not be impaired by this. The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

​

     g)  Right to object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is carried out on the basis of Article 6 (1) (e) or (f) of the GDPR; This also applies to profiling based on these provisions. The person responsible will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If the personal data concerning you is processed for the purpose of direct advertising, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising. If you object to processing for direct advertising purposes, your personal data will no longer be processed for these purposes. In connection with the use of information society services - regardless of Directive 2002/58/EC - you have the opportunity to exercise your right to object using automated procedures that use technical specifications.

​

     h) Right to revoke the declaration of consent under data protection law

You have the right to revoke your data protection declaration of consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its revocation.

​

     i) Automated decision-making in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1)      

is necessary for the conclusion or fulfillment of a contract between you and the person responsible,

(2)      

is permitted by Union or Member State law to which the controller is subject and such law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests or

(3)      
with your express consent.

​

However, these decisions may not be based on special categories of personal data according to Article 9 Paragraph 1 GDPR, unless Article 9 Paragraph 2 Letters a or g applies and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests. With regard to the cases mentioned in (1) and (3), the controller shall take appropriate measures to protect the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express one's own point of view and heard to challenge the decision.

​

     j) Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your personal data is contrary to violates the GDPR. The supervisory authority to which the complaint was submitted will inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.