Arranging an appointment
Privacy Policy
Preamble

With the following privacy policy, we would like to inform you about what types of your personal data (hereinafter also referred to as "data") we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and particularly on our websites, in mobile applications, as well as within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering").

The terms used are not gender-specific.

As of: 10 December 2025

Table of Contents
Person in charge

KOCH Consulting & Coaching
Albina Koch
Weitegasse 6
9320 Arbon

Email address office@albinakoch.com

Impressum: albinakoch.com/impressum

Overview of processing

The following overview summarises the types of data processed and the purposes of processing, and refers to the data subjects.

Types of data processed
  • File data.
  • Payment details.
  • Contact details.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta-, communication and process data.
  • Images and/or video footage.
  • Audio recordings.
  • Log data.
Categories of affected persons
  • Beneficiary and client.
  • Employees.
  • Interested parties.
  • Communication partner.
  • User.
  • Business and contractual partners.
  • People shown.
  • Third parties.
Purposes of processing
  • Provision of contractual services and fulfilment of contractual obligations.
  • Communication.
  • Safety measures.
  • Reach measurement.
  • Tracking.
  • Office and organisational procedures.
  • Conversion measurement.
  • Target audience designation.
  • Organisational and administrative procedures.
  • Content Delivery Network (CDN).
  • Feedback.
  • Marketing.
  • Profiles with user-related information.
  • Provision of our online offering and user-friendliness.
  • Information technology infrastructure.
  • Financial and Payment Management.
  • Public relations.
  • Paragraph promotion.
  • Business processes and business procedures.
Relevant legal bases

Authoritative legal bases under the GDPR: Below is an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Furthermore, if more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6(1)(a) GDPR) The data subject has given their consent to the processing of their personal data for one or more specific purposes.
  • Contract performance and pre-contractual enquiries (Art. 6(1)(b) GDPR) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6(1)(c) GDPR) - The processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6(1)(f) GDPR) - processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Key legal bases under the Swiss Federal Act on Data Protection: If you are located in Switzerland, we process your data on the basis of the Swiss Federal Act on Data Protection (hereinafter referred to as „Swiss FADP"). Unlike, for example, the GDPR, the Swiss FADP fundamentally does not require a legal basis for the processing of personal data to be specified, and the processing of personal data is carried out in good faith, lawfully and proportionately (Art. 6 paras. 1 and 2 of the Swiss FADP). Furthermore, we only obtain personal data for a specific purpose that is recognisable to the data subject and only process it in a manner compatible with that purpose (Art. 6 para. 3 of the Swiss FADP).

Reference to the applicability of GDPR and Swiss FADP: These privacy notices are provided for information purposes in accordance with both the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation (GDPR). For this reason, please note that due to wider territorial application and comprehensibility, the terms of the GDPR are used. In particular, instead of the FADP terms „processing" of „personal data", "overriding interest" and "data concerning particularly sensitive persons", the terms used in the GDPR, „processing" of „personal data", as well as "legitimate interest" and "special categories of data", are used. However, the legal meaning of the terms will continue to be determined in accordance with the FADP within the scope of its applicability.

Safety measures

In accordance with statutory requirements, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we shall implement appropriate technical and organisational measures to ensure a level of security proportionate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access relating to it, data input, disclosure, ensuring availability, and separation. Furthermore, we have established procedures that ensure the perception of data subject rights, the deletion of data, and responses to data breaches. We also consider the protection of personal data from the outset during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection, through technical design and data protection-friendly default settings.

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect the data of users transmitted via our online services from unauthorised access, we utilise TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transferred between the website or app and the user's browser (or between two servers), thereby protecting the data from unauthorised access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions adhere to the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and in encrypted form.

Transfer of personal data

As part of our processing of personal data, it may be necessary to transfer or disclose this data to other entities, companies, legally independent organisational units, or individuals. Recipients of this data may include, for example, service providers commissioned with IT tasks, or providers of services and content integrated into a website. In such cases, we observe the statutory requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

International data transfers

Data processing in third countries: If we transfer data to a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs when using third-party services or disclosing/transferring data to other persons, bodies or companies (which is evident from the postal address of the respective provider or if the privacy policy expressly refers to data transfer to third countries), this will always be done in compliance with legal requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognised as a secure legal framework by an adequacy decision of the EU Commission dated 10.07.2023. In addition, we have concluded standard contractual clauses with the respective providers, which comply with the requirements of the EU Commission and establish contractual obligations for the protection of your data.

This dual protection ensures comprehensive security for your data: the DPF forms the primary layer of defence, while the Standard Contractual Clauses serve as an additional safeguard. Should any changes occur within the framework of the DPF, the Standard Contractual Clauses act as a reliable fallback option. This way, we ensure that your data remains adequately protected at all times, even in the event of political or legal changes.

For individual service providers, we will inform you whether they are DPF certified and whether standard contractual clauses are in place. Further information on the DPF and a list of certified companies can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English).

For data transfers to other third countries, appropriate security measures apply, in particular standard contractual clauses, explicit consent, or legally required transfers. Information on third-country transfers and applicable adequacy decisions can be found in the European Commission's information offering: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

Disclosure of personal data abroad: Under the Swiss Data Protection Act (DPA), we will only disclose personal data abroad if the affected individuals are adequately protected (Art. 16 Swiss DPA). Unless the Federal Council has determined that there is adequate protection (list: https://www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung-staaten.html), we take alternative security measures.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognised as a secure legal framework by a Swiss adequacy decision of 07.06.2024. Additionally, we have concluded standard data protection clauses with the respective providers, which have been approved by the Federal Data Protection and Information Commissioner (FDPIC) and establish contractual obligations for the protection of your data.

This dual safeguard ensures comprehensive protection of your data: the DPF forms the primary layer of protection, while the Standard Contractual Clauses serve as an additional security measure. Should any changes occur within the framework of the DPF, the Standard Contractual Clauses come into play as a reliable fallback option. This ensures that your data remains adequately protected at all times, even in the event of political or legal changes.

With individual service providers, we will inform you whether they are DPF certified and whether standard data protection clauses are in place. The list of certified companies and further information about the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English).

For data transfers to other third countries, appropriate safeguards apply, including international agreements, specific guarantees, standard data protection clauses approved by the FDPIC, or binding corporate rules previously recognised by the FDPIC or a competent supervisory authority in another country.

General information on data storage and deletion

We delete personal data that we process in accordance with legal regulations as soon as the underlying consents are revoked or no further legal grounds for processing exist. This concerns cases where the original purpose of processing ceases to apply or the data is no longer needed. Exceptions to this rule exist if legal obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax reasons, or whose storage is necessary for legal prosecution or for the protection of the rights of other natural or legal persons, must be archived accordingly.

Our privacy notice contains further information on data retention and erasure that applies to specific processing activities.

Where there are multiple specifications for the retention period or deletion deadlines for data, the longest period shall always apply. Data that is no longer kept for the original intended purpose but is retained due to legal requirements or other reasons is processed by us exclusively for the reasons that justify its retention.

Storage and Deletion of Data: The following general deadlines apply to retention and archiving under Swiss law:

  • 10 years - Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, booking vouchers and invoices, as well as all required operating instructions and other organisational documents (Art. 958f of the Swiss Code of Obligations (CO)).
  • 10 years - Data necessary for the consideration of potential claims for damages or similar contractual claims and rights, as well as for processing associated enquiries, based on previous business experience and standard industry practice, shall be stored for the statutory limitation period of ten years, unless a shorter period of five years applies, which is relevant in specific cases (Art. 127, 130 OR). After five years, claims for rent, lease and capital interest, as well as other periodic payments, for the supply of food, for board and lodging and innkeeper's debts, as well as for artisanal work, retail sale of goods, medical services, professional work of lawyers, legal agents, procurators and notaries, and for employment relationships of employees expire (Art. 128 OR).

Commencement of a period of limitation at the end of the year: Unless a period of limitation expressly commences on a specific date and lasts for at least one year, it automatically begins at the end of the calendar year in which the event triggering the period of limitation occurred. In the case of ongoing contractual relationships in which data is stored, the event triggering the period of limitation is the time at which the termination or other ending of the legal relationship becomes effective.

Rights of data subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, particularly arising from Art. 15 to 21 GDPR:

  • Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling in so far as it is connected with such direct marketing.
  • Right of withdrawal for consents: You have the right to withdraw consent given at any time.
  • Right to information You have the right to request confirmation of whether relevant data is being processed and to access information about this data, as well as further information and a copy of the data in accordance with the legal requirements.
  • Right to rectification In accordance with legal requirements, you have the right to request the completion of data concerning you or the correction of inaccurate data concerning you.
  • Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to demand that data concerning you be deleted immediately, or alternatively, in accordance with legal requirements, to demand a restriction on the processing of the data.
  • Right to data portability You have the right, in accordance with the legal requirements, to receive data concerning you which you have provided to us in a structured, common and machine-readable format, or to request its transmission to another controller.
  • Complaint to supervisory authority In accordance with the statutory provisions and without prejudice to any other administrative or judicial remedy, you further have the right to lodge a complaint with a supervisory authority, in particular a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

Rights of Data Subjects under the Swiss Data Protection Act: As a data subject, you have the following rights in accordance with the provisions of the Swiss Data Protection Act:

  • Right to information You have the right to request confirmation as to whether personal data concerning you is being processed, and to receive the information necessary for you to exercise your rights under this Act and to ensure transparent data processing.
  • Right to data portability: You have the right to request the handover of your personal data, which you have provided to us, in a commonly used electronic format.
  • Right to rectification You have the right to request the rectification of inaccurate personal data concerning you.
  • Right to object, erasure and destruction: You have the right to object to the processing of your data, as well as to request that your personal data be deleted or destroyed.
Business Services

We process data from our contractual and business partners, e.g. customers and prospects (collectively referred to as „contractual partners"), in the context of contractual and comparable legal relationships as well as related measures and with regard to communication with the contractual partners (or pre-contractually), for example, to respond to inquiries.

We use this data to fulfil our contractual obligations. This includes in particular obligations for the provision of agreed services, any update obligations, and remedies for warranty claims and other performance disruptions. Furthermore, we use the data to safeguard our rights and for the purposes of administrative tasks associated with these obligations, as well as for company organisation. In addition, we process the data based on our legitimate interests in both proper and business-economic management and in security measures to protect our contractual partners and our business operations from misuse, the endangerment of their data, secrets, information and rights (e.g. for the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or financial authorities). Within the scope of applicable law, we only pass on the data of contractual partners to third parties insofar as this is necessary for the aforementioned purposes or for the fulfilment of legal obligations. Contractual partners will be informed about further forms of processing, such as for marketing purposes, within the scope of this data protection declaration.

We will inform contracting parties about the data required for the aforementioned purposes before or during data collection, for example, in online forms, by special marking (e.g. colours) or symbols (e.g. asterisks or similar), or in person.

We delete data after the expiry of statutory warranty and comparable obligations, i.e. generally after four years, unless the data is stored in a customer account, for example, for as long as it must be retained for statutory archiving purposes (e.g. for tax purposes, generally ten years). Data disclosed to us by the contractual partner in the course of an order will be deleted according to the specifications and generally after the end of the order.

  • Processed data types: File data (e.g., full name, residential address, contact information, customer number, etc.); Payment data (e.g., bank details, invoices, payment history); Contact details (e.g., postal and email addresses or telephone numbers); Contract data (e.g., subject matter of the contract, duration, customer category); Usage data (e.g., page views and duration, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).
  • Affected persons: Beneficiaries and clients; interested parties. Business and contract partners.
  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; security measures; communication; office and organisational procedures; organisational and administrative procedures. Business processes and business management procedures.
  • Storage and Deletion Deletion in accordance with the information in the "General Information on Data Storage and Deletion" section.
  • Legal basis: Contract fulfilment and pre-contractual inquiries (Art. 6(1)(b) GDPR); Legal obligation (Art. 6(1)(c) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures and services:

  • Online shops, order forms, e-commerce and fulfilment: We process our customers' data to enable them to select, purchase, or order the chosen products, goods, and associated services, as well as their payment and provision or delivery, or execution. Where necessary for the fulfilment of an order, we engage service providers, particularly postal, freight forwarding, and shipping companies, to carry out the delivery or execution to our customers. For the processing of payment transactions, we use the services of banks and payment service providers. The required information is marked as such during the ordering or comparable purchase process and includes the details needed for delivery, provision, and billing, as well as contact information for any necessary consultations; Legal basis: Contract fulfilment and pre-contractual inquiries (Art. 6(1)(b) GDPR).
  • Coaching: We process the data of our clients, prospective clients, and other principals or contractual partners (collectively referred to as "clients") in order to provide our services to them. The procedures carried out within the scope and for the purposes of coaching include: establishing contact and communicating with clients, needs analysis to determine suitable coaching measures, planning and conducting coaching sessions, documenting coaching progress, recording and managing client-specific information and data, scheduling and organising appointments, providing coaching materials and resources, billing and payment management, follow-up and follow-through of coaching sessions, quality assurance and feedback processes.
    The processed data, its nature, scope, purpose and necessity of its processing are determined by the underlying contractual and client relationship.
    We will disclose or transmit client data to third parties or agents, such as authorities, billing centres, or those providing IT, office, or similar services, if it is necessary for the performance of our contract, to protect vital interests, or if required by law, or if the client has given their consent, in compliance with professional regulations.; Legal basis: Contract fulfilment and pre-contractual inquiries (Art. 6(1)(b) GDPR).
  • Consulting We process the data of our clients, prospective clients, and other principals or contractual partners (collectively referred to as "Clients") in order to provide our services to them. The procedures included within the scope and purposes of our consulting services are: contacting and communicating with Clients, conducting needs and requirements analyses, planning and implementing consulting projects, documenting project progress and results, capturing and managing client-specific information and data, scheduling and organising appointments, providing consulting resources and materials, billing and payment management, post-processing and follow-up of consulting projects, and quality assurance and feedback processes. The data processed, the nature, scope, purpose, and necessity of its processing are determined by the underlying contractual and client relationship.

    We disclose or transmit client data to third parties or processors, such as authorities, subcontractors, or those in IT, office, or similar service sectors, if it is necessary for fulfilling our contract, protecting vital interests, or required by law, or if we have the clients' consent, in compliance with professional regulations.; Legal basis: Contract fulfilment and pre-contractual inquiries (Art. 6(1)(b) GDPR).
Business processes and procedures

Personal data of service recipients and clients – including customers, clients, or in special cases counsel, patients, or business partners, as well as other third parties – is processed within the scope of contractual and comparable legal relationships and pre-contractual measures, such as the initiation of business relationships. This data processing supports and facilitates business operations in areas such as customer management, sales, payment transactions, accounting, and project management.

The data collected is used to fulfil contractual obligations and to efficiently organise operational processes. This includes the processing of business transactions, the management of customer relationships, the optimisation of sales strategies, and the safeguarding of internal accounting and financial processes. In addition, the data supports the assertion of the controller's rights and promotes administrative tasks as well as the organisation of the company.

Personal data may be passed on to third parties if this is necessary for the fulfilment of the stated purposes or for statutory obligations. After the expiry of statutory retention periods or when the purpose of processing ceases to apply, the data will be deleted. This also includes data that must be stored for longer due to tax law and statutory proof obligations.

  • Processed data types: File data (e.g. full name, home address, contact information, customer number, etc.); Payment data (e.g. bank details, invoices, payment history); Contact details (e.g. postal and email addresses or telephone numbers); Content data (e.g. text or image messages and posts, and information relating to them, such as authorship or creation date); Contract data (e.g. subject of contract, duration, customer category); Log data (e.g. log files concerning logins or data retrieval or access times); Usage data (e.g. page views and duration of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, persons involved).
  • Affected persons: Beneficiaries and clients; Interested parties; Communication partners; Business and contractual partners; Third parties; Users (e.g. website visitors, users of online services). Employees (e.g. employees, applicants, temporary staff and other personnel).
  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; office and organisational procedures; business processes and commercial procedures; communication; marketing; sales promotion; public relations; financial and payment management. Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers etc.)).
  • Storage and Deletion Deletion in accordance with the information in the "General Information on Data Storage and Deletion" section.
  • Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); Legitimate interests (Art. 6(1)(f) GDPR). Legal obligation (Art. 6(1)(c) GDPR).

Further information on processing operations, procedures and services:

  • Contact management and relationship maintenance Procedures required for the organisation, maintenance and security of contact information (e.g., establishing and maintaining a central contact database, regular updates to contact information, monitoring data integrity, implementing data protection measures, ensuring access controls, performing backups and recoveries of contact data, training employees on effective use of contact management software, regularly reviewing communication history and adjusting contact strategies); Legal basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).
  • General Payment Transactions Procedures required for carrying out payment transactions, monitoring bank accounts, and controlling payment flows (e.g. creation and checking of transfers, processing of direct debits, checking of bank statements, monitoring of incoming and outgoing payments, direct debit reversal management, account reconciliation, cash management); Legal basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).
  • Accounting, Accounts Payable, Accounts Receivable Procedures required for the recording, processing, and control of business transactions in accounts payable and accounts receivable (e.g., creation and checking of incoming and outgoing invoices, monitoring and management of open items, execution of payment transactions, handling of dunning processes, account reconciliation within the scope of receivables and liabilities, accounts payable accounting, and accounts receivable accounting); Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legal obligation (Art. 6(1)(c) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).
  • Financial accounting and taxes Processes required for the recording, management and control of finance-relevant business transactions, as well as for the calculation, reporting and payment of taxes (e.g. account assignment and booking of business transactions, preparation of quarterly and annual financial statements, execution of payment transactions, handling of dunning procedures, account reconciliation, tax advice, preparation and submission of tax returns, handling of tax affairs); Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legal obligation (Art. 6(1)(c) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).
  • Marketing, Advertising and Sales Promotion Procedures required within marketing, advertising, and sales promotion (e.g., market analysis and target group definition, development of marketing strategies, planning and execution of advertising campaigns, design and production of advertising materials, online marketing including SEO and social media campaigns, event marketing and trade fair participation, customer loyalty programmes, sales promotion measures, performance measurement and optimisation of marketing activities, budget management, and cost control); Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
  • Public relations Procedures required within the scope of public relations (e.g., development and implementation of communication strategies, planning and execution of PR campaigns, creation and distribution of press releases, maintenance of media contacts, monitoring and analysis of media coverage, organisation of press conferences and public events, crisis communication, content creation for social media and company websites, corporate branding management); Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
Use of online platforms for offering and sales purposes

We offer our services on online platforms operated by other service providers. In this context, in addition to our data protection notices, the data protection notices of the respective platforms apply. This applies in particular with regard to the execution of the payment process and the procedures used on the platforms for reach measurement and interest-based marketing.

  • Processed data types: File data (e.g., full name, residential address, contact information, customer number, etc.); Payment data (e.g., bank details, invoices, payment history); Contact details (e.g., postal and email addresses or telephone numbers); Contract data (e.g., subject matter of the contract, duration, customer category); Usage data (e.g., page views and duration, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).
  • Affected persons: Beneficiaries and clients. Business and contractual partners.
  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; Marketing. Business processes and business management procedures.
  • Storage and Deletion Deletion in accordance with the information in the "General Information on Data Storage and Deletion" section.
  • Legal basis: Contract performance and pre-contractual enquiries (Art. 6(1)(b) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures and services:

Payment methods

In the context of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and, in addition to banks and credit institutions, use other service providers for this purpose (collectively, "payment service providers"). The payment transactions are carried out exclusively via encrypted connections in accordance with the state of the art, so that the entered data is protected from unauthorised access during transmission.

The data processed by payment service providers includes inventory data, such as name and address, bank details, such as account numbers or credit card numbers, passwords, TANs and check digits, as well as contract, amount and recipient-related details. The details are required to carry out the transactions. However, the entered data is only processed and stored by the payment service providers. This means we do not receive any account or credit card-related information, but merely information confirming or denying the payment. In certain circumstances, the data may be transmitted by the payment service providers to credit reporting agencies. This transmission is for the purpose of identity and credit checks. For this purpose, we refer to the terms and conditions and data protection information of the payment service providers.

The terms and conditions and data protection notices of the respective payment service providers, which can be accessed within the respective websites or transaction applications, apply to the payment transactions. We also refer to these for further information and the assertion of rights of withdrawal, access, and other data subject rights.

  • Processed data types: File data (e.g. full name, home address, contact information, customer number, etc.); Payment data (e.g. bank details, invoices, payment history); Contract data (e.g. subject matter of contract, duration, customer category); Usage data (e.g. page views and duration of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, persons involved).
  • Affected persons: Beneficiaries and clients; business and contract partners. Interested parties.
  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations. Business processes and business management procedures.
  • Storage and Deletion Deletion in accordance with the information in the "General Information on Data Storage and Deletion" section.
  • Legal basis: Contract performance and pre-contractual enquiries (Art. 6(1)(b) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures and services:

  • Mastercard Payment services (technical integration of online payment methods); Service provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium; Legal basis: Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); Website https://www.mastercard.de/de-de.html. Privacy Policy https://www.mastercard.de/de-de/datenschutz.html.
  • PayPal: Payment services (technical integration of online payment methods) (e.g. PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal basis: Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); Website https://www.paypal.com/de. Privacy Policy https://www.paypal.com/de/legalhub/paypal/privacy-full.
  • Stripe: Payment services (technical integration of online payment methods); Service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legal basis: Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); Website https://stripe.com; Privacy Policy https://stripe.com/de/privacy. Basis for third-country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF).
  • Visa Payment services (technical integration of online payment methods); Service provider: Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, GB; Legal basis: Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); Website https://www.visa.de. Privacy Policy https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.
Provision of online services and web hosting

We process user data to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or end device.

  • Processed data types: Usage data (e.g. page views and duration of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); Meta, communication and procedural data (e.g. IP addresses, time stamps, identification numbers, persons involved); Log data (e.g. logfiles concerning logins or the retrieval of data or access times); Content data (e.g. textual or image-based messages and contributions as well as information relating to them, such as authorship or creation date); Inventory data (e.g. full name, residential address, contact information, customer number, etc.); Payment data (e.g. bank details, invoices, payment history); Contact data (e.g. postal and email addresses or telephone numbers). Contract data (e.g. subject matter of the contract, term, customer category).
  • Affected persons: Users (e.g. website visitors, users of online services); beneficiaries and contractors; interested parties. Business and contractual partners.
  • Purposes of processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)); Security measures; Content Delivery Network (CDN); Provision of contractual services and fulfillment of contractual obligations; Conversion measurement (measurement of the effectiveness of marketing measures). Marketing.
  • Storage and Deletion Deletion in accordance with the information in the "General Information on Data Storage and Deletion" section.
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures and services:

  • Provision of online offering on rented storage space: To provide our online services, we use storage space, computing capacity and software that we rent or otherwise obtain from a relevant server provider (also known as a "web host"); Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
  • Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files". Server log files may include the address and name of the retrieved web pages and files, date and time of retrieval, amount of data transferred, a message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. Server log files can be used for security purposes, e.g., to prevent server overload (especially in the case of malicious attacks, so-called DDoS attacks), and on the other hand, to ensure server utilisation and stability.; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Data deletion Logfile information is stored for a maximum of 30 days and then deleted or anonymised. Data which requires further retention for evidential purposes is exempt from deletion until the respective incident has been finally clarified.
  • 1&1 IONOS Services in the field of IT infrastructure provision and associated services (e.g. storage space and/or computing capacity); Service provider: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website https://www.ionos.de; Privacy Policy https://www.ionos.de/terms-gtc/terms-privacy. Data processing agreement https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/vereinbarung-zur-auftragsverarbeitung-avv-mit-ionos-abschliessen/.
  • Cloudflare: Content Delivery Network (CDN) – a service that enables the content of a website, particularly large media files such as graphics or programme scripts, to be delivered more quickly and securely via a network of servers distributed across different regions and connected via the internet; Service provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website https://www.cloudflare.com; Privacy Policy https://www.cloudflare.com/privacypolicy/; Data processing agreement https://www.cloudflare.com/cloudflare-customer-dpa/. Basis for third-country transfers: EU/EEA - Data Privacy Framework (DPF), Standard Contractual Clauseshttps://www.cloudflare.com/cloudflare-customer-scc/), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.cloudflare.com/cloudflare-customer-scc/).
  • WooCommerce: E-commerce software for operating online shops, processing payments and customer management processes.; Service provider: Execution on servers and/or computers under your own data protection responsibility; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website https://woocommerce.com/. Privacy Policy https://automattic.com/privacy/.
  • gstatic.com: Content Delivery Network (CDN) – a service that enables the content of a website, particularly large media files such as graphics or programme scripts, to be delivered more quickly and securely via a network of servers distributed across different regions and connected via the internet; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website https://www.google.de/. Privacy Policy https://policies.google.com/privacy.
  • Google Workspace: Cloud-based application software (e.g., word processing, spreadsheets, scheduling and contact management), cloud storage, and cloud infrastructure services; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website https://workspace.google.com/; Privacy Policy https://policies.google.com/privacy; Data processing agreement https://cloud.google.com/terms/data-processing-addendum; Basis for third-country transfers: EU/EEA - Data Privacy Framework (DPF), Standard Contractual Clauseshttps://cloud.google.com/terms/eu-model-contract-clause), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (https://cloud.google.com/terms/eu-model-contract-clause). Further information: https://cloud.google.com/privacy.
Use of Cookies

The term „cookies" refers to functions that store and retrieve information on users' terminal devices. Cookies can also be used for various purposes, for example, for the functionality, security and convenience of online services, as well as for analysing visitor traffic. We use cookies in accordance with legal regulations. To do this, we obtain users' consent in advance if necessary. If consent is not required, we rely on our legitimate interests. This applies when storing and retrieving information is essential to provide expressly requested content and functions. This includes, for example, storing settings and ensuring the functionality and security of our online services. Consent can be withdrawn at any time. We provide clear information about their scope and which cookies are used.

Notes on data protection legal bases: Whether we process personal data using cookies depends on consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and processes.

Storage period: With regard to storage duration, the following types of cookies are distinguished:

  • Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest when a user leaves an online service and closes their device (e.g. browser or mobile application).
  • Persistent Cookies Persistent cookies remain stored even after the end device is closed. This allows, for example, the login status to be saved and preferred content to be displayed directly when the user revisits a website. Similarly, user data collected using cookies can be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., when obtaining consent), they should assume that they are permanent and the storage duration can be up to two years.

General information on revocation and objection (opt-out): Users can revoke their consent at any time and also object to the processing in accordance with the statutory provisions, including via their browser's privacy settings.

  • Processed data types: Meta-, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, persons involved). Usage data (e.g. page views and dwell times, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
  • Affected persons: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness.
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Consent (Art. 6(1)(a) GDPR).

Further information on processing operations, procedures and services:

  • Processing of cookie data based on consent: We use a consent management solution, where user consent is obtained for the use of cookies or for the procedures and providers mentioned within the scope of the consent management solution. This procedure is used to obtain, log, manage, and withdraw consents, particularly with regard to the use of cookies and comparable technologies, which are used to store, read, and process information on users' end devices. Within the scope of this procedure, user consents are obtained for the use of cookies and the associated processing of information, including the specific processing activities and providers mentioned in the consent management procedure. Users also have the option to manage and withdraw their consents. Consent declarations are stored to avoid repeated queries and to be able to provide proof of consent in accordance with legal requirements. Storage is done server-side and/or in a cookie (so-called opt-in cookie) or using comparable technologies in order to be able to assign the consent to a specific user or their device. If no specific information is provided for the providers of consent management services, the following general information applies: The duration of consent storage is up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, details of the scope of consent (e.g., relevant categories of cookies and/or service providers), and information about the browser, system, and device used.; Legal basis: Consent (Art. 6(1)(a) GDPR).
  • Cookie Opt-Out At the bottom of our website, you will find a link that allows you to change your cookie settings and withdraw your consent accordingly.
  • Complianz: Storage and management of consents (agreement to cookies and data processing), logging of user decisions, display of notices on data protection and cookies, enabling users to withdraw or adjust consents; Service provider: Execution on servers and/or computers under your own data protection responsibility; Website https://complianz.io/; Privacy Policy https://complianz.io/legal/. Further information: An individual user ID, language, and types of consents together with the time of their submission are stored server-side and in a cookie on the user's device.
Blogs and publishing media

We use blogs or comparable means of online communication and publication (hereinafter referred to as "publication medium"). The data of readers will only be processed for the purposes of the publication medium to the extent necessary for its presentation and communication between authors and readers, or for security reasons. Otherwise, we refer to the information on the processing of visitors to our publication medium within the scope of this privacy notice.

  • Processed data types: File data (e.g. full name, residential address, contact information, customer number, etc.); contact details (e.g. postal and email addresses, or telephone numbers); content data (e.g. textual or pictorial messages and posts, as well as information relating to them, such as authorship or creation time); usage data (e.g. page views and dwell times, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, persons involved).
  • Affected persons: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Feedback (e.g. collecting feedback via online form); provision of our online services and user-friendliness. Security measures.
  • Storage and Deletion Deletion in accordance with the information in the "General Information on Data Storage and Deletion" section.
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures and services:

Contact and Enquiry Management

When you contact us (e.g. by post, contact form, email, telephone or via social media), and in the context of existing user and business relationships, the details of the enquirers are processed, insofar as this is necessary to answer contact requests and any requested actions.

  • Processed data types: File data (e.g. full name, residential address, contact information, customer number, etc.); contact details (e.g. postal and email addresses, or telephone numbers); content data (e.g. textual or pictorial messages and posts, as well as information relating to them, such as authorship or creation time); usage data (e.g. page views and dwell times, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, persons involved).
  • Affected persons: Communication partners; Beneficiaries and clients. Users (e.g. website visitors, users of online services).
  • Purposes of processing: Communication; Organisational and administrative procedures; Feedback (e.g. collecting feedback via online form). Provision of our online offering and user-friendliness.
  • Storage and Deletion Deletion in accordance with the information in the "General Information on Data Storage and Deletion" section.
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Further information on processing operations, procedures and services:

Video conferences, online meetings, webinars, and screen sharing

We use platforms and applications from third-party providers (hereinafter referred to as "conference platforms") for the purpose of conducting video and audio conferences, webinars, and other types of video and audio meetings (hereinafter referred to collectively as "conferences"). We observe statutory requirements when selecting conference platforms and their services.

Data processed by conference platforms: As part of participation in a conference, the conference platforms process the personal data of participants listed below. The scope of processing depends, on the one hand, on which data is requested in the context of a specific conference (e.g., provision of access details or full names) and which optional information is provided by the participants. In addition to processing for the purpose of conducting the conference, participant data may also be processed by the conference platforms for security purposes or service optimisation. The processed data includes personal data (first name, last name), contact information (email address, phone number), access details (access codes or passwords), profile pictures, details on professional position/function, the IP address of internet access, details on participants' end devices, their operating system, the browser and its technical and language settings, information on content communication processes, i.e., entries in chats as well as audio and video data, and the use of other available functions (e.g., polls). The content of communications is encrypted to the extent technically provided by the conference providers. If participants are registered users with the conference platforms, further data may be processed in accordance with the agreement with the respective conference provider.

Logging and recordings: Where text inputs, participation results (e.g. from surveys), and video or audio recordings are logged, participants will be informed upfront in a transparent manner and asked for their consent where necessary.

Data protection measures of participants: Please refer to the privacy notices of the conference platforms regarding the processing of your data and select the optimal security and data protection settings for you within the conference platform settings. Furthermore, during a video conference, please ensure data and personal privacy in the background of your recording (e.g. by informing housemates, closing doors and, where technically possible, using the background blurring function). Links to the conference rooms and access data must not be passed on to unauthorised third parties.

Notes on Legal Basis: So long as we process user data in addition to the conference platforms, and ask users for their consent for the use of the conference platforms or specific functions (e.g. consent to a recording of conferences), the legal basis for the processing is this consent. Furthermore, our processing may be necessary for the performance of our contractual obligations (e.g. in participant lists, in the case of processing of discussion results, etc.). Otherwise, user data will be processed on the basis of our legitimate interests in efficient and secure communication with our communication partners.

  • Processed data types: File data (e.g., full name, residential address, contact information, customer number, etc.); contact details (e.g., postal and email addresses or phone numbers); content data (e.g., text or image messages and posts, as well as information appertaining to them, such as authorship or creation time); usage data (e.g., page views and duration of visits, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); image and/or video recordings (e.g., photographs or video recordings of a person); audio recordings. Log data (e.g., log files concerning logins or the retrieval of data or access times).
  • Affected persons: Communication partner; User (e.g. website visitor, online service user). Depicted persons.
  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; communication. Office and organisational procedures.
  • Storage and Deletion Deletion in accordance with the information in the "General Information on Data Storage and Deletion" section.
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures and services:

Cloud services

We use software services accessible via the internet and run on their providers" servers (so-called "cloud services", also referred to as "software as a service") for the storage and management of content (e.g. document storage and management, exchange of documents, content and information with specific recipients, or publication of content and information).

Within this framework, personal data may be processed and stored on the providers' servers to the extent that they are part of communication processes with us or are otherwise processed by us as outlined in this privacy policy. These data may include, in particular, master data and contact details of users, data on processes, contracts, other transactions and their content. The providers of cloud services also process usage data and metadata, which they use for security purposes and service optimisation.

If we provide forms or other documents and content to other users or publicly accessible websites using cloud services, providers may store cookies on users' devices for web analysis purposes or to remember user settings (e.g., in the case of media control).

  • Processed data types: File data (e.g., full name, residential address, contact information, customer number, etc.); Contact details (e.g., postal and email addresses or telephone numbers); Content data (e.g., text or image messages and posts and information relating to them, such as authorship or creation time). Usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
  • Affected persons: Interested parties; Communication partners; Business and contract partners. Users (e.g. website visitors, users of online services).
  • Purposes of processing: Office and organisational procedures. IT infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)).
  • Storage and Deletion Deletion in accordance with the information in the "General Information on Data Storage and Deletion" section.
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures and services:

Web analysis, monitoring and optimisation

Web analytics (also referred to as „reach measurement") is used to evaluate visitor traffic to our online offering and can include pseudonymous data on visitor behaviour, interests or demographics, such as age or gender. Reach analysis allows us, for example, to identify when our online offering or its functions/content are used most frequently, or invite reuse. It also enables us to understand which areas require optimisation.

In addition to web analytics, we can also use testing methods to test and optimise different versions of our website or its components.

Unless otherwise specified below, profiles, i.e. data aggregated from usage activity, may be created for these purposes, and information may be stored in and then read from a browser or end device. The data collected includes, in particular, visited websites and elements used on them, as well as technical information such as the browser used, the computer system used, and information about usage times. If users have consented to the collection of their location data, either to us or to the providers of the services we use, the processing of location data is also possible.

Furthermore, users' IP addresses are stored. However, we use an IP masking procedure (i.e., pseudonymisation by shortening the IP address) to protect users. Generally, no clear user data (such as email addresses or names) is stored as part of web analysis, A/B testing, and optimisation; instead, pseudonyms are used. This means that neither we nor the providers of the software used know the actual identity of the users, but only the details stored in their profiles for the purpose of the respective procedures.

Notes on Legal Basis: If we ask users for their consent to use third-party providers, the legal basis for data processing is consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economically viable, and user-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

  • Processed data types: Usage data (e.g. page views and duration of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, times, identification numbers, persons involved).
  • Affected persons: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g. access statistics, detection of returning visitors); profiles with user-related information (creation of user profiles); tracking (e.g. interest/behaviour-related profiling, use of cookies); conversion measurement (measurement of the effectiveness of marketing measures); audience segmentation; marketing. Provision of our online offering and user-friendliness.
  • Storage and Deletion Deletion in accordance with the information in the section "General Information on Data Storage and Deletion". Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).
  • Safety measures IP Masking (Pseudonymisation of the IP Address).
  • Legal basis: Consent (Art. 6(1)(a) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures and services:

Social media presence

We maintain online presences on social networks and process user data within this framework to communicate with active users there or to offer information about us.

We wish to point out that user data may be processed outside the European Union. This may pose risks for users, as it could, for example, make it more difficult to enforce user rights.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles can be created based on user behaviour and resulting interests. These, in turn, may be used to display advertisements within and outside the networks that are presumed to match the user's interests. Therefore, cookies are generally stored on users' computers, which store the users' usage behaviour and interests. In addition, data independent of the devices used by the users can also be stored in the usage profiles (especially if they are members of the respective platforms and logged in there).

For a detailed explanation of the respective processing methods and the possibilities of objection (opt-out), please refer to the privacy policies and information provided by the operators of the respective networks.

Even in the case of information requests and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers. Only the latter have access to the user data and can take appropriate measures and provide information directly. Should you still require assistance, you can contact us.

  • Processed data types: Contact details (e.g. postal and e-mail addresses or telephone numbers); Content data (e.g. text or image messages and posts, and information relating to them, such as authorship details or creation date). Usage data (e.g. page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features).
  • Affected persons: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Communication; Feedback (e.g. collecting feedback via online form). Public relations.
  • Storage and Deletion Deletion in accordance with the information in the "General Information on Data Storage and Deletion" section.
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures and services:

  • Instagram Social network, enabling the sharing of photos and videos, commenting on and favouriting posts, sending messages, subscribing to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website https://www.instagram.com; Privacy Policy https://privacycenter.instagram.com/policy/. Basis for third-country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF).
  • LinkedIn: Social Network - We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not further processing) of visitor data used to create the „Page Insights" for our LinkedIn profiles. This data includes information about the types of content users view or interact with, and the actions they take. Details about the devices used are also recorded, such as IP addresses, operating systems, browser types, language preferences, and cookie data, as well as information from user profiles, such as job function, country, industry, seniority level, company size, and employment status. Data protection information on the processing of user data by LinkedIn can be found in LinkedIn's privacy notices: https://www.linkedin.com/legal/privacy-policy.
    We have entered into a special agreement with LinkedIn Ireland („Page Insights Joint Controller Addendum", https://legal.linkedin.com/pages-joint-controller-addendum), which in particular lays down the security measures LinkedIn must observe and in which LinkedIn has agreed to comply with the rights of data subjects (i.e. users can, for example, send requests for information or deletion directly to LinkedIn). The rights of users (in particular the right to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with LinkedIn. The joint responsibility is limited to the collection and transmission of data to LinkedIn Ireland Unlimited Company, an EU-based company. The further processing of the data is exclusively the responsibility of LinkedIn Ireland Unlimited Company, particularly with regard to the transmission of data to the parent company LinkedIn Corporation in the USA.; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website https://www.linkedin.com; Privacy Policy https://www.linkedin.com/legal/privacy-policy; Basis for third-country transfers: EU/EEA - Data Privacy Framework (DPF), Standard Contractual Clauseshttps://legal.linkedin.com/dpa), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.linkedin.com/dpa). Possibility of objection (Opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Plug-ins, embedded features and content

We incorporate functional and content elements into our online offering that are sourced from the servers of their respective providers (hereinafter referred to as „third-party providers"). These may include, for example, graphics, videos, or maps (hereinafter collectively referred to as „content").

Embedding always requires that the third-party providers of this content process the user's IP address, as they cannot send the content to their browser without an IP address. The IP address is therefore necessary for the display of this content or functions. We endeavour to use only content whose respective providers merely use the IP address for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as „web beacons") for statistical or marketing purposes. „Pixel tags" can be used to evaluate information such as visitor traffic to the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and may include technical information on the browser and operating system, referring websites, visiting time, and further details on the use of our online services, but can also be linked with such information from other sources.

Notes on Legal Basis: If we ask users for their consent to use third-party providers, the legal basis for data processing is the permission granted. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., an interest in efficient, economical, and user-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

  • Processed data types: Usage data (e.g. page views and duration of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, times, identification numbers, persons involved).
  • Affected persons: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness. Performance of contractual services and fulfilment of contractual obligations.
  • Storage and Deletion Deletion in accordance with the information in the section "General Information on Data Storage and Deletion". Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).
  • Legal basis: Consent (Art. 6(1)(a) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures and services:

  • reCAPTCHA: We integrate the "reCAPTCHA" function to detect whether inputs (e.g. in online forms) are made by humans and not by automated machines (so-called "bots"). The data processed may include IP addresses, information about operating systems, devices or browsers used, language settings, location, mouse movements, keystrokes, time spent on websites, previously visited websites, interactions with reCAPTCHA on other websites, under certain circumstances cookies, as well as results of manual detection processes (e.g. answering questions or selecting objects in images). Data processing is based on our legitimate interest in protecting our online offering from abusive automated crawling and spam.; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website https://www.google.com/recaptcha/; Privacy Policy https://policies.google.com/privacy; Basis for third-country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF). Possibility of objection (Opt-out): Opt-Out Plugin https://tools.google.com/dlpage/gaoptout?hl=de, Ad display settings: https://myadcenter.google.com/personalizationoff.
Management, Organisation and Auxiliary Tools

We use the services, platforms, and software of other providers (hereinafter referred to as "third-party providers") for the purposes of organising, managing, planning, and delivering our services. We observe the statutory requirements when selecting third-party providers and their services.

Within this framework, personal data can be processed and stored on the servers of third-party providers. This can affect various types of data that we process in accordance with this privacy policy. This data may include, in particular, master data and contact details of users, data relating to transactions, contracts, other processes, and their contents.

Should users be referred to third parties or their software or platforms within the scope of communication, business or other relationships with us, the third parties may process usage data and metadata for security purposes, service optimisation or marketing purposes. We therefore ask that you observe the data protection notices of the respective third parties.

  • Processed data types: Content data (e.g. textual or pictorial messages and posts, as well as information relating to them, such as details of authorship or time of creation); Usage data (e.g. page views and duration of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, persons involved); Contact data (e.g. postal and email addresses or telephone numbers). Inventory data (e.g. full name, residential address, contact information, customer number, etc.).
  • Affected persons: Communication partners; Users (e.g. website visitors, users of online services); Business and contractual partners. Third parties.
  • Purposes of processing: Provision of contractual services and fulfilment of contractual duties; Office and organisational procedures; Organisational and administrative procedures; Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)). Business processes and business management procedures.
  • Storage and Deletion Deletion in accordance with the information in the "General Information on Data Storage and Deletion" section.
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures and services:

Change and update

We ask you to inform yourself regularly about the content of our Data Protection Statement. We adjust the Data Protection Statement as soon as changes in the data processing we carry out make this necessary. We will inform you as soon as further action is required on your part (e.g. consent) or any other individual notification becomes necessary due to the changes.

Should we provide addresses and contact details of companies and organisations in this privacy policy, please note that addresses may change over time and we kindly request you to verify the details before making contact.

Definitions of terms

In this section, you will receive an overview of the terminology used in this privacy policy. Where the terms are legally defined, their legal definitions shall apply. The following explanations, on the other hand, are primarily intended to aid understanding.

  • Employees Employees are individuals who are in an employment relationship, whether as staff, salaried employees, or in similar positions. An employment relationship is a legal connection between an employer and an employee, established by an employment contract or agreement. It includes the employer's obligation to pay remuneration to the employee in exchange for the employee performing their work. The employment relationship encompasses various stages, including its inception, when the employment contract is concluded; its execution, when the employee carries out their work activities; and its termination, when the employment relationship ends, whether through dismissal, mutual agreement, or otherwise. Employee data refers to all information relating to these individuals within the context of their employment. This includes aspects such as personal identification details, identification numbers, salary and banking information, working hours, holiday entitlements, health data, and performance appraisals.
  • File data Inventory data encompasses essential information necessary for the identification and management of contractual partners, user accounts, profiles, and similar associations. This data may include personal and demographic details such as names, contact information (addresses, phone numbers, email addresses), dates of birth, and specific identifiers (user IDs), among others. Inventory data forms the basis for all formal interactions between individuals and services, facilities, or systems by enabling unambiguous assignment and communication.
  • Content Delivery Network (CDN): A "Content Delivery Network" (CDN) is a service that uses regionally distributed servers connected via the internet to deliver the content of an online offering, particularly large media files such as graphics or program scripts, more quickly and securely.
  • Contents data Content data includes information generated during the creation, editing, and publishing of all types of content. This category of data can include text, images, videos, audio files, and other multimedia content published across various platforms and media. Content data is not limited to the actual content itself, but also includes metadata that provides information about the content, such as tags, descriptions, author information, and publication dates.
  • Contact details: Contact details are essential information that enable communication with individuals or organisations. They include, among other things, telephone numbers, postal addresses, and email addresses, as well as communication methods such as social media handles and instant messaging identifiers.
  • Conversion measurement Conversion tracking (also known as "visit action evaluation") is a method for determining the effectiveness of marketing measures. As a general rule, this involves storing a cookie on users' devices within the websites where the marketing measures are implemented and then retrieving it again on the target website. For example, this allows us to ascertain whether advertisements placed by us on other websites have been successful.
  • Meta, communication and processing data: Meta-, communication and process data are categories that contain information about how data is processed, transmitted and managed. Meta-data, also known as data about data, include information that describes the context, origin and structure of other data. They can include details about file size, creation date, document author and revision histories. Communication data capture the exchange of information between users via various channels, such as email traffic, call logs, social media messages and chat histories, including the individuals involved, timestamps and transmission paths. Process data describe the processes and workflows within systems or organisations, including workflow documentation, transaction and activity logs, as well as audit logs used for tracking and reviewing operations.
  • Usage data Usage data refers to information that captures how users interact with digital products, services, or platforms. This data encompasses a wide range of information, illustrating how users engage with applications, which features they prefer, how long they spend on specific pages, and the paths they navigate through an application. Usage data can also include frequency of use, timestamps of activities, IP addresses, device information, and location data. It is particularly valuable for analysing user behaviour, optimising user experiences, personalising content, and improving products or services. Furthermore, usage data plays a crucial role in identifying trends, preferences, and potential problem areas within digital offerings.
  • Personal data "Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Profiles with user-related information: The processing of "profiles with user-related information", or "profiles" for short, includes any form of automated processing of personal data which consists of using such personal data to analyse, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this can include various information concerning demographics, behaviour and interests, such as interaction with websites and their content, etc.) (e.g. interests in specific content or products, click behaviour on a website or location). Cookies and web beacons are frequently used for profiling purposes.
  • Log data: Log data is information about events or activities that have been recorded in a system or network. This data typically contains information such as timestamps, IP addresses, user actions, error messages, and other details about the usage or operation of a system. Log data is often used for analysing system problems, security monitoring, or for generating performance reports.
  • Reach measurement Reach measurement (also known as web analytics) is used to evaluate visitor traffic to an online offering and can include the behaviour or interests of visitors in specific information, such as website content. With the help of reach analysis, operators of online offerings can, for example, recognise at what times users visit their websites and what content they are interested in. This allows them, for example, to better adapt the content of the websites to the needs of their visitors. Pseudonymous cookies and web beacons are often used for reach analysis purposes to recognise repeat visitors and thus obtain more accurate analyses of the use of an online offering.
  • Tracking "Tracking" refers to the ability to follow user behaviour across multiple online services. Typically, when it comes to the online services used, behavioural and interest information is stored in cookies or on the servers of the providers of the tracking technologies (so-called profiling). This information can then be used, for example, to show users advertisements that are likely to match their interests.
  • Person in charge The "controller" is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term covers a wide range and includes practically any handling of data, be it the collection, evaluation, storage, transmission, or deletion.
  • Contract details Contract data consists of specific details pertaining to the formalisation of an agreement between two or more parties. They document the terms and conditions under which services or products are provided, exchanged, or sold. This category of data is essential for managing and fulfilling contractual obligations and includes both the identification of the contracting parties and the specific terms and conditions of the agreement. Contract data can include the start and end dates of the contract, the type of services or products agreed upon, pricing arrangements, payment terms, termination rights, renewal options, and special conditions or clauses. They serve as the legal basis for the relationship between the parties and are crucial for clarifying rights and responsibilities, enforcing claims, and resolving disputes.
  • Payment details Payment data includes all information required to process payment transactions between buyers and sellers. This data is of crucial importance for e-commerce, online banking, and any other form of financial transaction. It comprises details such as credit card numbers, bank details, payment amounts, transaction dates, verification numbers, and billing information. Payment data can also include information on payment status, chargebacks, authorisations, and fees.
  • Target group formation Target audiences (English "Custom Audiences") are formed when target groups are identified for advertising purposes, e.g., for displaying advertisements. For example, a user's interest in certain products or topics on the internet can be used to infer that this user is interested in advertisements for similar products or for the online shop where they viewed the products. "Lookalike Audiences" (or similar target audiences) are formed when content deemed suitable is shown to users whose profiles or interests presumably correspond to the users for whom the profiles were created. Cookies and web beacons are generally used for the purpose of creating Custom Audiences and Lookalike Audiences.

Rechtstext von Dr. Schwenke - für weitere Informationen bitte anklicken.