Privacy policy

The protection of personal data is important to us. We only process personal data in accordance with the applicable data protection requirements, in particular the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz ‒ BDSG) and the German Telecommunications Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz ‒TDDDG).

You will find information about us as the controller under data protection law set out below (A). You will also find information below about how we process personal data (B), the cookies and similar technologies we use (D) and your rights in relation to processing (E).

A. Controller and data protection officer

You can contact our data protection officer at:

B. Processing of personal data in the context of provision of the website

When our website is made available, log data that is technically necessary is processed. This occurs whenever the website is accessed via the Hypertext Transfer Protocol (Secure) (HTTP(S)). This includes the IP address, type and version of your internet browser, the operating system used, page requested, previously visited page (referrer URL) and the date and time of the request.

We process this data for the purpose of temporarily providing the website content requested by the user on our web server. To ensure the security of the IT infrastructure used to provide the website, particularly for detecting, eliminating and forensically documenting disruptions (for example, DDoS attacks), this data is also temporarily processed in web server log files.

The legal basis for this processing is Article 6(1)(f) of the GDPR (protection of legitimate interests while balancing interests). Through this processing, we pursue our legitimate interests in providing you with the website content you have requested and in ensuring the security of the IT infrastructure used to provide the website.

For the purposes described above, our hosting service provider processes the data listed above on our behalf as a “data processor”: Profihost GmbH, Hildesheimer Str. 25, 30880 Laatzen.

We do not transfer the data mentioned to countries outside the European Union or the European Economic Area (third countries).

The data is stored in server log files for a maximum period of 31 days, unless a security-relevant event occurs (for example, a DDoS attack). In the event of a security-relevant incident, server log files are retained until the incident has been resolved and fully investigated.

You are not obliged to provide us with your data. The provision of your data is neither legally nor contractually required, nor is it necessary for the conclusion of a contract.

However, if you do not provide us with the data, we will not be able to provide you with the content on our website that you have requested.

We do not engage in automated decisionmaking or profiling based on your personal data as defined by Article 22(1) and (4) of the GDPR.

C. Use of our online contact form

You can get in touch with us via the contact form on our website. When you do so, your email address, your name and any other data you include in your message to us will be processed. This data is processed on the basis of Article 6(1)(f) of the GDPR (protection of legitimate interests while balancing interests), which is based on our legitimate interest in handling your enquiry. If your enquiry relates to a contract to which you are a party or to taking steps to enter into a contract, the processing is carried out on the basis of Article 6(1)(b) of the GDPR.

For the purposes described above, our hosting service provider processes the data listed above on our behalf as a “data processor”: Profihost GmbH, Hildesheimer Str. 25, 30880 Laatzen.

We do not transfer the data mentioned to countries outside the European Union or the European Economic Area (third countries).

The data is only stored for as long as is necessary for the relevant purpose.

The provision of the data processed in this case is neither legally nor contractually required or necessary for the conclusion of a contract. There is no obligation for you to provide this data. However, if you do not provide the data, we will not be able to process your enquiry.

D. Use of cookies on our website

We use cookies in connection with our website. In doing so, we use processing and storage functions of your device’s browser and collect information from the memory of your device’s browser.

General information
Cookies are text files that contain data from visited websites or domains and are stored on the user’s device. A cookie is primarily used to store information about a user during or after their visit to an online service. The information stored may include, for example, language settings. The term “cookies” also encompasses other technologies that perform the same functions as cookies (for example, when user information is stored using pseudonymous online identifiers, also referred to as “user IDs”).

Cookie used
We use a cookie called pll_language on our website. This cookie is stored on your device for one year. This cookie is strictly necessary for the operation of our website as it ensures the correct language is selected. In this case, the legal basis is section 25(2) of the Telecommunications Digital Services Data Protection Act. Your consent is therefore not required.

E. Rights of data subjects in relation to processing

As a data subject, you have the following rights in relation to the processing of your personal data:

• Right of access (Article 15 of the GDPR)
• Right of rectification (Article 16 of the GDPR)
• Right of erasure (right to be forgotten) (Article 17 of the GDPR)
• Right to restriction of processing (Article 18 of the GDPR)
• Right to data portability (Article 20 of the GDPR)
• Right to object (Article 21 of the GDPR)
• Right to withdraw consent (Article 7(3) of the GDPR)

We would like to draw your attention in particular to the following rights of objection under Article 21(1) and (2) of the GDPR:

To exercise your rights, you can contact us using the contact information provided above.

As a data subject, you also have the right to lodge a complaint with a supervisory authority (Article 77 of the GDPR). You can exercise this right in particular with the data protection supervisory authority in the country where you reside. You can also exercise this right with the supervisory authority responsible for us: