Surveys and questionnaires

The surveys and questionnaires we conduct (hereinafter referred to as "surveys") are evaluated anonymously. Personal data will only be processed to the extent necessary for the provision and technical implementation of the surveys (e.g. processing of the IP address to display the survey in the user's browser or to enable a resumption of the survey by means of a temporary cookie (session cookie)) or users have consented to this.

 

Legal basis: If we ask the participants to give their consent to the processing of their data, this is the legal basis for the processing, otherwise the processing of the participants' data is based on our legitimate interest in conducting an objective survey.

• Processed data types: contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

• Persons concerned: Communication partners, users (e.g. website visitors, users of online services).

• Purposes of processing: contact requests and communication, direct marketing (e.g. by e-mail or postal mail), tracking (e.g. interest/behavioural profiling, use of cookies), feedback (e.g. collecting feedback via online form).

• Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), legitimate interests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

 

Services used and service providers:

• SurveyMonkey survey services; service provider: SurveyMonkey Inc, 1 Curiosity Way, San Mateo, California 94403, USA; Web site: https://www.surveymonkey.de; Privacy Statement: https://www.surveymonkey.de/mp/policy/privacy-policy/?ut_source=footer; Privacy Shield (Ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000Gn7zAAC&status=Active.

​

Video conferences, online meetings, webinars and screen sharing

We use platforms and applications of other providers (hereinafter referred to as "Third Party Providers") for the purpose of holding video and audio conferences, webinars and other types of video and audio meetings. When selecting the third-party providers and their services, we observe the legal requirements.

 

In this context, data of the communication participants are processed and stored on the servers of third party providers, as far as they are part of communication processes with us. This data may include, in particular, registration and contact data, visual and vocal contributions, as well as entries in chats and shared screen content.

 

If users are referred to the third-party providers, or their software or platforms, in the course of communication, business or other relations with us, the third-party providers may process usage data and metadata for security, service optimisation or marketing purposes. We therefore ask you to observe the data protection notices of the respective third party providers.

Notes on legal bases: If we ask users for their consent to use the third-party providers or certain functions (e.g. consent to a recording of conversations), the legal basis for processing is consent.

​

Furthermore, their use can be a component of our (pre)contractual services, provided that the use of the third-party providers has been agreed in this context. Otherwise, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners. In this context we would like to refer you additionally to the information on the use of cookies in this data protection declaration.

• Processed data types: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

• Persons affected: Communication partners, users (e.g. website visitors, users of online services).

• Purposes of processing: contractual services and performances, contact requests and communication, office and organisational procedures, direct marketing (e.g. by e-mail or by post).

• Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), Performance of contract and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

​

Services used and service providers:

• Microsoft Teams: messenger and conferencing software; service providers: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Website: https://products.office.com; Privacy Statement: https://privacy.microsoft.com/de-de/privacystatement, Security Notices: https://www.microsoft.com/de-de/trustcenter; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active.

• Skype: messenger and conference software; service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Website: https://www.skype.com/de/; Privacy Statement: https://privacy.microsoft.com/de-de/privacystatement, Security Notices: https://www.microsoft.com/de-de/trustcenter; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active.

• Zoom: video conferences, web conferences and webinars; service providers: Zoom Video Communications, Inc, 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA; Website: https://zoom.us; Privacy Statement: https://zoom.us/docs/de-de/privacy-and-legal.html; Privacy Shield (Ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt00000008TN8AAM&status=Active Standard Contractual Clauses (Ensuring the level of data protection when processing in a third country): https://zoom.us/docs/de-de/privacy-and-legal.html (Referred to as Global DPA).

​

Provision of the online offer and web hosting

In order to be able to provide our online offer securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security and technical maintenance services.

The data processed within the framework of the provision of the hosting offer may include all data relating to the users of our online offer, which are generated within the framework of use and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of online offers to browsers, and all entries made within our online offer or from websites.

Collection of access data and log files: We ourselves (or our web hosting provider) collect data on every access to the server (so-called server log files). The server log files may include the address and name of the web pages and files called up, the date and time of the call-up, the amount of data transferred, notification of successful call-up, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.

 

The server log files can be used on the one hand for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks), and on the other hand to ensure the capacity utilisation of the servers and their stability.

• Processed data types: Content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

• Persons affected: Users (e.g. website visitors, users of online services).

• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

 

Music and podcasts

We use hosting and analysis services provided by service providers to make our audio content available for listening or downloading and to obtain statistical information on the retrieval of the audio content.

• Processed data types: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

• Persons affected: Users (e.g. website visitors, users of online services).

• Purposes of processing: range measurement (e.g. access statistics, recognition of returning visitors), visitor action evaluation, profiling (creation of user profiles).

Services used and service providers:

• Soundcloud: Soundcloud - music hosting; service provider: SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany; Website: https://soundcloud.com; Privacy Policy: https://soundcloud.com/pages/privacy.

• Spotify - music hosting and widget; service provider: Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden; website: https://www.spotify.com/de; privacy policy: https://www.spotify.com/de/legal/privacy-policy/.

​

Cloud services

We use software services accessible via the Internet and running on the servers of their providers (so-called "cloud services", also referred to as "software as a service") for the following purposes: document storage and management, calendar management, e-mailing, spreadsheets and presentations, exchanging documents, content and information with specific recipients or publishing web pages, forms or other content and information, as well as chatting and participating in audio and video conferences.

In this context, personal data may be processed and stored on the servers of the providers, as far as they are part of communication processes with us or otherwise processed by us as described in this privacy policy. This data may include, in particular, master data and contact details of users, data on procedures, contracts, other processes and their contents. The providers of the cloud services also process usage data and metadata which they use for security purposes and for service optimisation.

If we use cloud services to provide other users or publicly accessible websites with forms or other documents and content, the providers may store cookies on the users' devices for web analysis purposes or to remember user settings (e.g. in the case of media control).

 

Notes on legal basis: If we ask for consent to use the cloud services, the legal basis for processing is consent. Furthermore, their use can be a component of our (pre)contractual services, provided that the use of the cloud services has been agreed in this context. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., interest in efficient and secure administration and collaboration processes)

• Processed data types: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

• Persons affected: Customers, employees (e.g. employees, applicants, former employees), interested parties, communication partners.

• Purpose of the processing: office and organisational procedures.

• Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), Performance of contract and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

 

Services used and service providers:

• Dropbox: Cloud storage services; service provider: Dropbox, Inc, 333 Brannan Street, San Francisco, California 94107, USA; Website: https://www.dropbox.com/de; Privacy Policy: https://www.dropbox.com/privacy; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000GnCLAA0&status=Active; Standard Contractual Clauses (ensuring the level of data protection when processing in a third country): https://www.dropbox.com/terms/business-agreement-2016.

• Google Cloud Services: cloud storage services; service providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://cloud.google.com/; Privacy Policy: https://www.google.com/policies/privacy, Security Notice: https://cloud.google.com/security/privacy; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000000001L5AAI&status=Aktive; Standard Contractual Clauses (ensuring the level of data protection when processing in a third country): https://cloud.google.com/terms/data-processing-terms; Additional Privacy Notice: https://cloud.google.com/terms/data-processing-terms.

• Microsoft Cloud Services: cloud storage services; service providers: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Website: https://microsoft.com/de-de; Privacy Statement: https://privacy.microsoft.com/de-de/privacystatement, Security Notices: https://www.microsoft.com/de-de/trustcenter; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active.

​

Newsletter and Broadcasting

We send newsletters, e-mails and other electronic notifications (hereinafter "newsletters") only with the consent of the recipients or a legal permission. Insofar as the contents of a newsletter are specifically described in the context of a registration for the newsletter, they are decisive for the consent of the users. Furthermore, our newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally sufficient to provide your e-mail address. However, we may ask you to provide a name for the purpose of personal contact in the newsletter, or other details if these are required for the purposes of the newsletter.

​

Double-Opt-In procedure: The registration to our newsletter is always done in a so-called Double-Opt-In-Procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that nobody can register with foreign e-mail addresses. The newsletter registrations are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored by the dispatch service provider are also logged.

​

Deletion and restriction of processing: We may store the deleted e-mail addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove that we have previously given our consent. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for deletion is possible at any time, provided that the former existence of a consent is confirmed at the same time. In case of obligations to permanently observe objections, we reserve the right to store the e-mail address in a blacklist for this purpose alone.

The registration procedure is recorded on the basis of our legitimate interests for the purpose of proving that it has been carried out properly. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in an efficient and secure sending system.

 

Information on legal bases: The dispatch of the newsletters is based on the consent of the recipients or, if consent is not required, on our legitimate interests in direct marketing, if and to the extent that this is permitted by law, e.g. in the case of advertising to existing customers. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests. The registration process will be recorded on the basis of our legitimate interests in order to prove that it has been carried out in accordance with the law.

 

Contents: Blog articles about balance, emotion, happiness and inspiration.

Information about us and our events

​

Success measurement: The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened, or, if we use a dispatch service provider, from their server. Within the framework of this retrieval, technical information such as information on the browser and your system, as well as your IP address and the time of retrieval, is initially collected.

This information is used for the technical improvement of our newsletter on the basis of technical data or target groups and their reading behaviour on the basis of their retrieval locations (which can be determined by means of the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be allocated to individual newsletter recipients. However, it is neither our endeavour nor, if used, that of the dispatch service provider to observe individual users. The evaluations rather serve to identify the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

The evaluation of the newsletter and the measurement of success are carried out, subject to the express consent of the users, on the basis of our legitimate interests for the purpose of using a user-friendly and secure newsletter system that serves our business interests and meets the expectations of the users.

A separate revocation of the performance measurement is unfortunately not possible. In this case, the entire newsletter subscription must be cancelled or objected to.

• Processed data types: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), meta/communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times).

• Persons affected: communication partners.

• Purposes of processing: direct marketing (e.g. by e-mail or by post).

• Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), legitimate interests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

• You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options listed above, preferably e-mail.

 

Services used and service providers:

• Mailchimp: e-mail marketing platform; service provider: "Mailchimp" - Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; website: https://mailchimp.com; privacy statement: https://mailchimp.com/legal/privacy/; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active.

 

Web analysis, monitoring and optimization
Web analytics (also referred to as "reach measurement") is used to evaluate the flow of visitors to our online offering and may include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can recognize, for example, at what time our online offer or its functions or content are most frequently used or invite re-use. Likewise, we can understand which areas need optimization.
In addition to web analysis, we may also use test procedures, for example, to test and optimize different versions of our online offering or its components.
For these purposes, so-called user profiles may be created and stored in a file (so-called "cookie") or similar procedures may be used with the same purpose. This information may include, for example, content viewed, web pages visited and elements used there and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, this may also be processed, depending on the provider.
The IP addresses of users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, in the context of web analysis, A/B testing and optimization, no clear data of the users (such as e-mail addresses or names) are stored, but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.
Notes on legal foundation: If we ask users for their consent to use the third-party providers, the legal basis for processing data is consent. Otherwise, users' data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this Privacy Policy.
Types of data processed:

Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Data subjects:

Users (e.g., website visitors, users of online services).
Purposes of processing:

reach measurement (e.g. access statistics, recognition of returning visitors), profiles with user-related information (creation of user profiles), click tracking, A/B testing, feedback (e.g. collecting feedback via online form), heatmaps (mouse movements on the part of users that are aggregated to form an overall picture.), surveys and questionnaires (e.g. surveys with input options, multiple choice questions), marketing.
Security measures:

IP masking (pseudonymization of the IP address).
Legal basis:

Consent (Art. 6 para. 1 p. 1 lit. a. DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).
Services used and service providers:
Possibility of objection (opt-out):

We refer to the data protection notices of the respective providers and the objection options given to the providers (so-called "opt-out"). If no explicit opt-out option has been specified, you have the option of switching off cookies in your browser settings. However, this may restrict functions of our online offer. We therefore recommend the following additional opt-out options, which are offered in summary for the respective areas:a) Europe: https://www.youronlinechoices.eu.
b) Canada: https://www.youradchoices.ca/choices.
c) USA: https://www.aboutads.info/choices.
d) Cross-territory: https://optout.aboutads.info.

Services used and service providers:

• Google Analytics: online marketing and web analytics; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplatform.google.com/intl/de/about/analytics/; privacy policy: https://policies.google.com/privacy; opt-out: opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de.

Advertising communication via e-mail, post, fax or telephone

We process personal data for the purposes of advertising communication, which can take place via various channels, such as e-mail, telephone, post or fax, in accordance with legal requirements.

Recipients have the right to revoke any consent given or to object to the promotional communication at any time.

After revocation or objection, we may store the data required to prove consent for up to three years on the basis of our legitimate interests before we delete it. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for deletion is possible at any time, provided that the former existence of a consent is confirmed at the same time.

• Data types processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers).

• Persons concerned: communication partners.

• Purposes of processing: direct marketing (e.g. by e-mail or by post).

• Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), legitimate interests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

​

Representation in social networks

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

 

Please note that user data may be processed outside the European Union. This may entail risks for the users, as it could, for example, make it more difficult to enforce the rights of the users. With regard to US providers that are certified under the Privacy Shield or offer comparable guarantees of a secure level of data protection, we would like to point out that they thereby undertake to comply with the data protection standards of the EU.

 

Furthermore, user data within social networks is usually processed for market research and advertising purposes. Thus, for example, user profiles can be created on the basis of user behaviour and the resulting interests of the users. The user profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behaviour and interests of the users are stored. Furthermore, data may also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to these).

 

For a detailed presentation of the respective forms of processing and the possibilities of objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.

 

Also in the case of requests for information and the assertion of data subject rights, we would like to point out that these can most effectively be asserted with the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information directly. Should you nevertheless require assistance, you can contact us.

• Processed data types: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

• Persons affected: Users (e.g. website visitors, users of online services).

• Purposes of processing: contact requests and communication, tracking (e.g. interest/behavioural profiling, use of cookies), remarketing, range measurement (e.g. access statistics, recognition of returning visitors).

• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

 

Services used and service providers:

• Instagram: Social network; Service provider: Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA; website: https://www.instagram.com; privacy policy: https://instagram.com/about/legal/privacy.

• Facebook: Social network; Service provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Statement: https://www.facebook.com/about/privacy; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC status=Active; Opt-Out: Advertising Settings: https://www.facebook.com/settings?tab=ads; Additional Privacy Notice: Agreement on Joint Processing of Personal Data on Facebook Pages: https://www.facebook.com/legal/terms/page_controller_addendum, Privacy Notice for Facebook Pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.

• LinkedIn: social network; service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

• Twitter: social network; service provider: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Privacy Statement: https://twitter.com/de/privacy, (Settings) https://twitter.com/personalization; Privacy Shield (Ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.

• YouTube: Social network; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opt-Out: https://adssettings.google.com/authenticated.

• Xing: social network; service provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany; Website: https://www.xing.de; Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.

 

Plugins and embedded functions and content

We integrate into our online offer functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as "third party providers"). These may, for example, be graphics, videos or social media buttons and contributions (hereinafter referred to uniformly as "content").

 

The integration always presupposes that the third party providers of this content process the IP address of the users, as without the IP address they would not be able to send the content to their browsers. The IP address is therefore necessary for the display of these contents or functions. We make every effort to use only such content whose respective providers use the IP address only to deliver the content. Third party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain technical information on the browser and operating system, websites to be referred to, the time of visit and other details on the use of our online offer, as well as being linked to such information from other sources.

 

Information on legal bases: If we ask users for their consent to use the third party providers, the legal basis for processing data is consent. Otherwise, the users' data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient-friendly services). In this context we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

• Processed data types: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data (data indicating the location of an end user's terminal equipment), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), inventory data (e.g. names, addresses).

• Persons affected: Users (e.g. website visitors, users of online services), communication partners.

• Purposes of processing: Provision of our online offer and user-friendliness, contractual benefits and service, coverage measurement (e.g. access statistics, recognition of returning visitors), tracking (e.g. interest/behaviour-related profiling, use of cookies), interest-based and behaviour-related marketing, profiling (creation of user profiles), feedback (e.g. collection of feedback via online form), security measures, administration and answering of enquiries, contact enquiries and communication, direct marketing (e.g. by e-mail or post).

• Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. DSGVO), consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), fulfilment of contract and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO).

 

Services used and service providers:

• Google Maps: We integrate the maps of the service "Google Maps" of the provider Google. The processed data may include, in particular, IP addresses and location data of the users, which, however, cannot be collected without their consent (usually within the framework of the settings of their mobile devices); service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://cloud.google.com/maps-platform; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000TRkEAAW&status=Active; Opt-Out: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Advertising Display Settings: https://adssettings.google.com/authenticated.

• Soundcloud Music Player Widget: Soundcloud Music Player Widget; Service Provider: SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany; Website: https://soundcloud.com; Privacy Policy: https://soundcloud.com/pages/privacy.

• Spotify Music Player Widget: Spotify Music Player Widget; Service Provider: Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden; Website: https://www.spotify.com/de; Privacy Policy: https://www.spotify.com/de/legal/privacy-policy/.

• YouTube videos: Video content; service providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opt-Out: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Advertising Display Settings: https://adssettings.google.com/authenticated.

• Vimeo videos: Video content; service provider: Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA; Website: https://vimeo.com; Privacy Policy: https://vimeo.com/privacy; Opt-out: Please note that Vimeo may use Google Analytics and refer to the privacy policy (https://policies.google.com/privacy) and the opt-out options for Google Analytics (https://tools.google.com/dlpage/gaoptout?hl=de) or the settings of Google for the use of data for marketing purposes (https://adssettings.google.com/).

 

Deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as their consent permitted for processing is revoked or other permissions cease to apply (e.g. if the purpose for which the data were processed ceases to apply or if they are not necessary for the purpose).

​

Unless the data are deleted because they are required for other and legally permissible purposes, their processing is limited to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or that must be stored for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.

​

Further information on the deletion of personal data can also be found in the individual data protection notes of this privacy policy.

 

Amendment and update of the privacy policy

We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes make it necessary for you to take action to cooperate (e.g. to give your consent) or to receive other individual notification.

If we provide addresses and contact information of companies and organisations in this privacy policy, please note that the addresses may change over time and please check the information before contacting us.

 

Rights of data subjects

As data subjects, they are entitled to various rights under the DSGVO, which result in particular from Articles 15 to 18 and 21 DSGVO:

• Right of objection: You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out pursuant to Art. 6, paragraph 1, letter e or f of the DPA; this also applies to profiling based on these provisions. If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is linked to such direct marketing.

• Right of withdrawal in case of consent: You have the right to revoke consents at any time.

• Right of access: You have the right to obtain confirmation as to whether or not data in question is being processed and to obtain information about this data and other information and a copy of the data in accordance with the law.

• Right of rectification: You have the right to ask for the completion of the data concerning you or the rectification of incorrect data concerning you, in accordance with the law.

• Right to deletion and restriction of processing: You have the right, in accordance with the statutory provisions, to demand that data relating to you be deleted immediately, or alternatively, in accordance with the statutory provisions, to demand restriction of the processing of the data.

• Right to data transferability: You have the right to receive data concerning you that you have provided to us in a structured, common and machine-readable format in accordance with the law or to request that it be transferred to another responsible party.

• Complaints to the supervisory authority: You also have the right, in accordance with the law, to lodge a complaint with a supervisory authority, in particular in the Member State in which you are habitually resident, your place of work or the place where the alleged infringement occurred, if you consider that the processing of personal data concerning you is in breach of the DPA.

 

Definitions of terms

This section provides an overview of the terms used in this privacy policy. Many of the terms are taken from the law and defined above all in Art. 4 DSGVO. The legal definitions are binding. The following explanations, on the other hand, are primarily intended to help you understand them. The terms are sorted alphabetically.

• Conversion tracking: Conversion tracking is a method of determining the effectiveness of marketing activities. For this purpose, a cookie is usually stored on the user's devices within the websites on which the marketing measures are carried out and then retrieved again on the target website. For example, we can then track whether the ads we have placed on other websites have been successful.

• Cross-Device Tracking: Cross-Device Tracking is a form of tracking in which the behaviour and interest information of users is recorded in so-called profiles across devices by assigning users an online identifier. This allows the user information to be analysed for marketing purposes, regardless of the browser or device used (e.g. mobile phones or desktop computers). With most providers, the online identification is not linked to clear data, such as names, postal or e-mail addresses.

• Interest-based and behavioural marketing: We speak of interest-based and/or behavioural marketing when the potential interests of users in advertisements and other content are predetermined as precisely as possible. This is done on the basis of information about their previous behaviour (e.g. visiting and staying on certain websites, buying behaviour or interaction with other users), which is stored in a so-called profile. As a rule, cookies are used for these purposes.

• Personal data: "Personal data" shall mean any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, a location data, an online identifier (e.g. a cookie) or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

• Profiling: "Profiling" is any automated processing of personal data which consists of using personal data to analyse, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include information on age, gender, location and movement data, interaction with websites and their content, shopping behaviour, social interactions with other people) (e.g. interests in certain content or products, click behaviour on a website or location). Cookies and web beacons are often used for profiling purposes.

• Reach measurement: Reach measurement (also known as web analytics) is used to evaluate the flow of visitors to an online offering and can include the behaviour or interests of visitors in certain information, such as the content of websites. With the help of reach analysis, website owners can, for example, identify at what time visitors visit their website and what content they are interested in. This enables them to better adapt the contents of the website to the needs of their visitors. Pseudonymous cookies and web beacons are often used for the purpose of range analysis in order to recognise returning visitors and thus obtain more precise analyses of the use of an online offer.

• Remarketing: We speak of "remarketing" or "retargeting", for example, when it is noted for advertising purposes which products a user has been interested in on a website in order to remind the user of these products on other websites, e.g. in advertisements.

• Tracking: We speak of "tracking" when the behaviour of users can be traced across several online offers. As a rule, behavioural and interest information regarding the online offers used is stored in cookies or on servers of the providers of the tracking technologies (so-called profiling). This information can then be used, for example, to display advertisements to users that are likely to correspond to their interests.

• Controller: "Controller" means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data.

• Processing: "processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually all processing of data, whether it be collection, analysis, storage, communication or deletion.

• Target group formation: One speaks of target group formation (or "custom audiences") when target groups are determined for advertising purposes, e.g. insertion of advertisements. For example, based on a user's interest in certain products or topics on the internet, it can be concluded that this user is interested in advertisements for similar products or the online shop where he/she viewed the products. Lookalike Audiences" (or similar target groups) is again referred to when the content deemed suitable is displayed to users whose profiles or interests presumably correspond to the users for whom the profiles were created. Cookies and web beacons are generally used to create custom audiences and lookalike audiences.