{"id":6074,"date":"2025-11-22T01:43:13","date_gmt":"2025-11-22T01:43:13","guid":{"rendered":"https:\/\/albinakoch-kochc-hw9guttw8o.live-website.com\/?page_id=6074"},"modified":"2025-12-15T15:47:14","modified_gmt":"2025-12-15T15:47:14","slug":"datenschutz","status":"publish","type":"page","link":"https:\/\/albinakoch.com\/en\/datenschutz\/","title":{"rendered":"Privacy"},"content":{"rendered":"<div data-elementor-type=\"wp-page\" data-elementor-id=\"6074\" class=\"elementor elementor-6074\" data-elementor-post-type=\"page\">\n\t\t\t\t<div class=\"elementor-element elementor-element-c3bded8 e-flex e-con-boxed wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no wpr-column-slider-no wpr-equal-height-no e-con e-parent\" data-id=\"c3bded8\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-b568dd0 elementor-widget elementor-widget-html\" data-id=\"b568dd0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t\t<h5>Privacy Policy<\/h5>\r\n<h6 id=\"m716\">Preamble<\/h6>\r\n<p>With the following privacy policy, we would like to inform you about what types of your personal data (hereinafter also referred to as \"data\") we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and particularly on our websites, in mobile applications, as well as within external online presences, such as our social media profiles (hereinafter collectively referred to as \"online offering\").<\/p>\r\n<p>The terms used are not gender-specific.<\/p>\r\n\r\n<p>As of: 10 December 2025<\/p>\r\n<h6>Table of Contents<\/h6> <ul class=\"index\"><li><a class=\"index-link\" href=\"#m716\">Preamble<\/a><\/li><li><a class=\"index-link\" href=\"#m3\">Person in charge<\/a><\/li><li><a class=\"index-link\" href=\"#mOverview\">Overview of processing<\/a><\/li><li><a class=\"index-link\" href=\"#m2427\">Relevant legal bases<\/a><\/li><li><a class=\"index-link\" href=\"#m27\">Safety measures<\/a><\/li><li><a class=\"index-link\" href=\"#m25\">Transfer of personal data<\/a><\/li><li><a class=\"index-link\" href=\"#m24\">International data transfers<\/a><\/li><li><a class=\"index-link\" href=\"#m12\">General information on data storage and deletion<\/a><\/li><li><a class=\"index-link\" href=\"#m10\">Rights of data subjects<\/a><\/li><li><a class=\"index-link\" href=\"#m317\">Business Services<\/a><\/li><li><a class=\"index-link\" href=\"#m13\">Business processes and procedures<\/a><\/li><li><a class=\"index-link\" href=\"#m605\">Use of online platforms for offering and sales purposes<\/a><\/li><li><a class=\"index-link\" href=\"#m326\">Payment methods<\/a><\/li><li><a class=\"index-link\" href=\"#m225\">Provision of online services and web hosting<\/a><\/li><li><a class=\"index-link\" href=\"#m134\">Use of Cookies<\/a><\/li><li><a class=\"index-link\" href=\"#m104\">Blogs and publishing media<\/a><\/li><li><a class=\"index-link\" href=\"#m182\">Contact and Enquiry Management<\/a><\/li><li><a class=\"index-link\" href=\"#m735\">Video conferences, online meetings, webinars, and screen sharing<\/a><\/li><li><a class=\"index-link\" href=\"#m29\">Cloud services<\/a><\/li><li><a class=\"index-link\" href=\"#m263\">Web analysis, monitoring and optimisation<\/a><\/li><li><a class=\"index-link\" href=\"#m136\">Social media presence<\/a><\/li><li><a class=\"index-link\" href=\"#m328\">Plug-ins, embedded features and content<\/a><\/li><li><a class=\"index-link\" href=\"#m723\">Management, Organisation and Auxiliary Tools<\/a><\/li><li><a class=\"index-link\" href=\"#m15\">Change and update<\/a><\/li><li><a class=\"index-link\" href=\"#m42\">Definitions of terms<\/a><\/li><\/ul><h6 id=\"m3\">Person in charge<\/h6><p>KOCH Consulting &amp; Coaching<br>Albina Koch<br>Weitegasse 6<br>9320 Arbon<\/p>\r\n<p>Email address <a href=\"mailto:office@albinakoch.com\">office@albinakoch.com<\/a><\/p>\r\n<p>Impressum: albinakoch.com\/impressum<\/p>\r\n\r\n<h6 id=\"mOverview\">Overview of processing<\/br><\/h6><p>The following overview summarises the types of data processed and the purposes of processing, and refers to the data subjects.<\/p><h7>Types of data processed<\/h7>\r\n<ul><li>File data.<\/li><li>Payment details.<\/li><li>Contact details.<\/li><li>Content data.<\/li><li>Contract data.<\/li><li>Usage data.<\/li><li>Meta-, communication and process data.<\/li><li>Images and\/or video footage.<\/li><li>Audio recordings.<\/li><li>Log data.<\/li><\/ul><h7>Categories of affected persons<\/h7><ul><li>Beneficiary and client.<\/li><li>Employees.<\/li><li>Interested parties.<\/li><li>Communication partner.<\/li><li>User.<\/li><li>Business and contractual partners.<\/li><li>People shown.<\/li><li>Third parties.<\/li><\/ul><h7>Purposes of processing<\/h7><ul><li>Provision of contractual services and fulfilment of contractual obligations.<\/li><li>Communication.<\/li><li>Safety measures.<\/li><li>Reach measurement.<\/li><li>Tracking.<\/li><li>Office and organisational procedures.<\/li><li>Conversion measurement.<\/li><li>Target audience designation.<\/li><li>Organisational and administrative procedures.<\/li><li>Content Delivery Network (CDN).<\/li><li>Feedback.<\/li><li>Marketing.<\/li><li>Profiles with user-related information.<\/li><li>Provision of our online offering and user-friendliness.<\/li><li>Information technology infrastructure.<\/li><li>Financial and Payment Management.<\/li><li>Public relations.<\/li><li>Paragraph promotion.<\/li><li>Business processes and business procedures.<\/li><\/ul><h6 id=\"m2427\">Relevant legal bases<\/h6><p><strong>Authoritative legal bases under the GDPR: <\/strong>Below is an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Furthermore, if more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.<\/p>\r\n <ul><li><strong>Consent (Art. 6(1)(a) GDPR)<\/strong> The data subject has given their consent to the processing of their personal data for one or more specific purposes.<\/li><li><strong>Contract performance and pre-contractual enquiries (Art. 6(1)(b) GDPR)<\/strong> Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.<\/li><li><strong>Legal obligation (Art. 6(1)(c) GDPR)<\/strong> - The processing is necessary for compliance with a legal obligation to which the controller is subject.<\/li><li><strong>Legitimate interests (Art. 6(1)(f) GDPR)<\/strong> - processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.<\/li><\/ul><p><strong>Key legal bases under the Swiss Federal Act on Data Protection: <\/strong>If you are located in Switzerland, we process your data on the basis of the Swiss Federal Act on Data Protection (hereinafter referred to as \u201eSwiss FADP\"). Unlike, for example, the GDPR, the Swiss FADP fundamentally does not require a legal basis for the processing of personal data to be specified, and the processing of personal data is carried out in good faith, lawfully and proportionately (Art. 6 paras. 1 and 2 of the Swiss FADP). Furthermore, we only obtain personal data for a specific purpose that is recognisable to the data subject and only process it in a manner compatible with that purpose (Art. 6 para. 3 of the Swiss FADP).<\/p>\r\n<p><strong>Reference to the applicability of GDPR and Swiss FADP: <\/strong>These privacy notices are provided for information purposes in accordance with both the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation (GDPR). For this reason, please note that due to wider territorial application and comprehensibility, the terms of the GDPR are used. In particular, instead of the FADP terms \u201eprocessing\" of \u201epersonal data\", \"overriding interest\" and \"data concerning particularly sensitive persons\", the terms used in the GDPR, \u201eprocessing\" of \u201epersonal data\", as well as \"legitimate interest\" and \"special categories of data\", are used. However, the legal meaning of the terms will continue to be determined in accordance with the FADP within the scope of its applicability.<\/p>\r\n\r\n<h6 id=\"m27\">Safety measures<\/h6><p>In accordance with statutory requirements, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we shall implement appropriate technical and organisational measures to ensure a level of security proportionate to the risk.<\/p>\r\n<p>The measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access relating to it, data input, disclosure, ensuring availability, and separation. Furthermore, we have established procedures that ensure the perception of data subject rights, the deletion of data, and responses to data breaches. We also consider the protection of personal data from the outset during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection, through technical design and data protection-friendly default settings.<\/p>\r\n<p>Securing online connections through TLS\/SSL encryption technology (HTTPS): To protect the data of users transmitted via our online services from unauthorised access, we utilise TLS\/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transferred between the website or app and the user's browser (or between two servers), thereby protecting the data from unauthorised access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions adhere to the highest security standards. When a website is secured by an SSL\/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and in encrypted form.<\/p>\r\n\r\n<h6 id=\"m25\">Transfer of personal data<\/h6><p>As part of our processing of personal data, it may be necessary to transfer or disclose this data to other entities, companies, legally independent organisational units, or individuals. Recipients of this data may include, for example, service providers commissioned with IT tasks, or providers of services and content integrated into a website. In such cases, we observe the statutory requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.<\/p>\r\n\r\n<h6 id=\"m24\">International data transfers<\/h6><p>Data processing in third countries: If we transfer data to a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs when using third-party services or disclosing\/transferring data to other persons, bodies or companies (which is evident from the postal address of the respective provider or if the privacy policy expressly refers to data transfer to third countries), this will always be done in compliance with legal requirements.<\/p>\r\n<p>For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognised as a secure legal framework by an adequacy decision of the EU Commission dated 10.07.2023. In addition, we have concluded standard contractual clauses with the respective providers, which comply with the requirements of the EU Commission and establish contractual obligations for the protection of your data.<\/p>\r\n<p>This dual protection ensures comprehensive security for your data: the DPF forms the primary layer of defence, while the Standard Contractual Clauses serve as an additional safeguard. Should any changes occur within the framework of the DPF, the Standard Contractual Clauses act as a reliable fallback option. This way, we ensure that your data remains adequately protected at all times, even in the event of political or legal changes.<\/p>\r\n<p>For individual service providers, we will inform you whether they are DPF certified and whether standard contractual clauses are in place. Further information on the DPF and a list of certified companies can be found on the website of the US Department of Commerce at <a href=\"https:\/\/www.dataprivacyframework.gov\/\" target=\"_blank\">https:\/\/www.dataprivacyframework.gov\/<\/a> (in English).<\/p>\r\n<p>For data transfers to other third countries, appropriate security measures apply, in particular standard contractual clauses, explicit consent, or legally required transfers. Information on third-country transfers and applicable adequacy decisions can be found in the European Commission's information offering: <a href=\"https:\/\/commission.europa.eu\/law\/law-topic\/data-protection\/international-dimension-data-protection_en?prefLang=de\" target=\"_blank\">https:\/\/commission.europa.eu\/law\/law-topic\/data-protection\/international-dimension-data-protection_en?prefLang=de.<\/a><\/p>\r\n<p>Disclosure of personal data abroad: Under the Swiss Data Protection Act (DPA), we will only disclose personal data abroad if the affected individuals are adequately protected (Art. 16 Swiss DPA). Unless the Federal Council has determined that there is adequate protection (list: <a href=\"https:\/\/www.bj.admin.ch\/bj\/de\/home\/staat\/datenschutz\/internationales\/anerkennung-staaten.html\" target=\"_blank\">https:\/\/www.bj.admin.ch\/bj\/de\/home\/staat\/datenschutz\/internationales\/anerkennung-staaten.html<\/a>), we take alternative security measures.<\/p>\r\n<p>For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognised as a secure legal framework by a Swiss adequacy decision of 07.06.2024. Additionally, we have concluded standard data protection clauses with the respective providers, which have been approved by the Federal Data Protection and Information Commissioner (FDPIC) and establish contractual obligations for the protection of your data.<\/p>\r\n<p>This dual safeguard ensures comprehensive protection of your data: the DPF forms the primary layer of protection, while the Standard Contractual Clauses serve as an additional security measure. Should any changes occur within the framework of the DPF, the Standard Contractual Clauses come into play as a reliable fallback option. This ensures that your data remains adequately protected at all times, even in the event of political or legal changes.<\/p>\r\n<p>With individual service providers, we will inform you whether they are DPF certified and whether standard data protection clauses are in place. The list of certified companies and further information about the DPF can be found on the website of the US Department of Commerce at <a href=\"https:\/\/www.dataprivacyframework.gov\/\" target=\"_blank\">https:\/\/www.dataprivacyframework.gov\/<\/a> (in English).<\/p>\r\n<p>For data transfers to other third countries, appropriate safeguards apply, including international agreements, specific guarantees, standard data protection clauses approved by the FDPIC, or binding corporate rules previously recognised by the FDPIC or a competent supervisory authority in another country.<\/p>\r\n\r\n<h6 id=\"m12\">General information on data storage and deletion<\/h6><p>We delete personal data that we process in accordance with legal regulations as soon as the underlying consents are revoked or no further legal grounds for processing exist. This concerns cases where the original purpose of processing ceases to apply or the data is no longer needed. Exceptions to this rule exist if legal obligations or special interests require longer retention or archiving of the data.<\/p>\r\n<p>In particular, data that must be retained for commercial or tax reasons, or whose storage is necessary for legal prosecution or for the protection of the rights of other natural or legal persons, must be archived accordingly.<\/p>\r\n<p>Our privacy notice contains further information on data retention and erasure that applies to specific processing activities.<\/p>\r\n<p>Where there are multiple specifications for the retention period or deletion deadlines for data, the longest period shall always apply. Data that is no longer kept for the original intended purpose but is retained due to legal requirements or other reasons is processed by us exclusively for the reasons that justify its retention.<\/p>\r\n<p>Storage and Deletion of Data: The following general deadlines apply to retention and archiving under Swiss law:<\/p><ul> <li>10 years - Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, booking vouchers and invoices, as well as all required operating instructions and other organisational documents (Art. 958f of the Swiss Code of Obligations (CO)).<\/li><li>10 years - Data necessary for the consideration of potential claims for damages or similar contractual claims and rights, as well as for processing associated enquiries, based on previous business experience and standard industry practice, shall be stored for the statutory limitation period of ten years, unless a shorter period of five years applies, which is relevant in specific cases (Art. 127, 130 OR). After five years, claims for rent, lease and capital interest, as well as other periodic payments, for the supply of food, for board and lodging and innkeeper's debts, as well as for artisanal work, retail sale of goods, medical services, professional work of lawyers, legal agents, procurators and notaries, and for employment relationships of employees expire (Art. 128 OR).<\/li> <\/ul>\r\n<p>Commencement of a period of limitation at the end of the year: Unless a period of limitation expressly commences on a specific date and lasts for at least one year, it automatically begins at the end of the calendar year in which the event triggering the period of limitation occurred. In the case of ongoing contractual relationships in which data is stored, the event triggering the period of limitation is the time at which the termination or other ending of the legal relationship becomes effective.<\/p>\r\n\r\n<h6 id=\"m10\">Rights of data subjects<\/h6><p>Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, particularly arising from Art. 15 to 21 GDPR:<\/p><ul><li><strong>Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling in so far as it is connected with such direct marketing.<\/strong><\/li><li><strong>Right of withdrawal for consents:<\/strong> You have the right to withdraw consent given at any time.<\/li><li><strong>Right to information<\/strong> You have the right to request confirmation of whether relevant data is being processed and to access information about this data, as well as further information and a copy of the data in accordance with the legal requirements.<\/li><li><strong>Right to rectification<\/strong> In accordance with legal requirements, you have the right to request the completion of data concerning you or the correction of inaccurate data concerning you.<\/li><li><strong>Right to erasure and restriction of processing:<\/strong> In accordance with legal requirements, you have the right to demand that data concerning you be deleted immediately, or alternatively, in accordance with legal requirements, to demand a restriction on the processing of the data.<\/li><li><strong>Right to data portability<\/strong> You have the right, in accordance with the legal requirements, to receive data concerning you which you have provided to us in a structured, common and machine-readable format, or to request its transmission to another controller.<\/li><li><strong>Complaint to supervisory authority<\/strong> In accordance with the statutory provisions and without prejudice to any other administrative or judicial remedy, you further have the right to lodge a complaint with a supervisory authority, in particular a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.<\/li><\/ul><\/br>\r\n<p>Rights of Data Subjects under the Swiss Data Protection Act: As a data subject, you have the following rights in accordance with the provisions of the Swiss Data Protection Act:<\/p><ul><li><strong>Right to information <\/strong>You have the right to request confirmation as to whether personal data concerning you is being processed, and to receive the information necessary for you to exercise your rights under this Act and to ensure transparent data processing.<\/li><li><strong>Right to data portability: <\/strong>You have the right to request the handover of your personal data, which you have provided to us, in a commonly used electronic format.<\/li><li><strong>Right to rectification<\/strong> You have the right to request the rectification of inaccurate personal data concerning you.<\/li><li><strong>Right to object, erasure and destruction: <\/strong>You have the right to object to the processing of your data, as well as to request that your personal data be deleted or destroyed.<\/li><\/ul>\r\n\r\n<h6 id=\"m317\">Business Services<\/h6><p>We process data from our contractual and business partners, e.g. customers and prospects (collectively referred to as \u201econtractual partners\"), in the context of contractual and comparable legal relationships as well as related measures and with regard to communication with the contractual partners (or pre-contractually), for example, to respond to inquiries.<\/p>\r\n<p>We use this data to fulfil our contractual obligations. This includes in particular obligations for the provision of agreed services, any update obligations, and remedies for warranty claims and other performance disruptions. Furthermore, we use the data to safeguard our rights and for the purposes of administrative tasks associated with these obligations, as well as for company organisation. In addition, we process the data based on our legitimate interests in both proper and business-economic management and in security measures to protect our contractual partners and our business operations from misuse, the endangerment of their data, secrets, information and rights (e.g. for the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or financial authorities). Within the scope of applicable law, we only pass on the data of contractual partners to third parties insofar as this is necessary for the aforementioned purposes or for the fulfilment of legal obligations. Contractual partners will be informed about further forms of processing, such as for marketing purposes, within the scope of this data protection declaration.<\/p>\r\n<p>We will inform contracting parties about the data required for the aforementioned purposes before or during data collection, for example, in online forms, by special marking (e.g. colours) or symbols (e.g. asterisks or similar), or in person.<\/p>\r\n<p>We delete data after the expiry of statutory warranty and comparable obligations, i.e. generally after four years, unless the data is stored in a customer account, for example, for as long as it must be retained for statutory archiving purposes (e.g. for tax purposes, generally ten years). Data disclosed to us by the contractual partner in the course of an order will be deleted according to the specifications and generally after the end of the order.<\/p>\r\n<ul class=\"m-elements\"><li><strong>Processed data types:<\/strong> File data (e.g., full name, residential address, contact information, customer number, etc.); Payment data (e.g., bank details, invoices, payment history); Contact details (e.g., postal and email addresses or telephone numbers); Contract data (e.g., subject matter of the contract, duration, customer category); Usage data (e.g., page views and duration, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).<\/li><li><strong>Affected persons:<\/strong> Beneficiaries and clients; interested parties. Business and contract partners.<\/li><li><strong>Purposes of processing:<\/strong> Provision of contractual services and fulfilment of contractual obligations; security measures; communication; office and organisational procedures; organisational and administrative procedures. Business processes and business management procedures.<\/li><li><strong>Storage and Deletion<\/strong> Deletion in accordance with the information in the \"General Information on Data Storage and Deletion\" section.<\/li><li class=\"\"><strong>Legal basis:<\/strong> Contract fulfilment and pre-contractual inquiries (Art. 6(1)(b) GDPR); Legal obligation (Art. 6(1)(c) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).<\/li><\/ul>\r\n<\/br>\r\n<p><strong>Further information on processing operations, procedures and services:<\/strong><\/p><ul class=\"m-elements\"><li><strong>Online shops, order forms, e-commerce and fulfilment: <\/strong>We process our customers' data to enable them to select, purchase, or order the chosen products, goods, and associated services, as well as their payment and provision or delivery, or execution. Where necessary for the fulfilment of an order, we engage service providers, particularly postal, freight forwarding, and shipping companies, to carry out the delivery or execution to our customers. For the processing of payment transactions, we use the services of banks and payment service providers. The required information is marked as such during the ordering or comparable purchase process and includes the details needed for delivery, provision, and billing, as well as contact information for any necessary consultations; <span class=\"\"><strong>Legal basis:<\/strong> Contract fulfilment and pre-contractual inquiries (Art. 6(1)(b) GDPR).<\/span><\/li><li><strong>Coaching: <\/strong>We process the data of our clients, prospective clients, and other principals or contractual partners (collectively referred to as \"clients\") in order to provide our services to them. The procedures carried out within the scope and for the purposes of coaching include: establishing contact and communicating with clients, needs analysis to determine suitable coaching measures, planning and conducting coaching sessions, documenting coaching progress, recording and managing client-specific information and data, scheduling and organising appointments, providing coaching materials and resources, billing and payment management, follow-up and follow-through of coaching sessions, quality assurance and feedback processes.<br>The processed data, its nature, scope, purpose and necessity of its processing are determined by the underlying contractual and client relationship.<br>We will disclose or transmit client data to third parties or agents, such as authorities, billing centres, or those providing IT, office, or similar services, if it is necessary for the performance of our contract, to protect vital interests, or if required by law, or if the client has given their consent, in compliance with professional regulations.; <span class=\"\"><strong>Legal basis:<\/strong> Contract fulfilment and pre-contractual inquiries (Art. 6(1)(b) GDPR).<\/span><\/li><li><strong>Consulting <\/strong>We process the data of our clients, prospective clients, and other principals or contractual partners (collectively referred to as \"Clients\") in order to provide our services to them. The procedures included within the scope and purposes of our consulting services are: contacting and communicating with Clients, conducting needs and requirements analyses, planning and implementing consulting projects, documenting project progress and results, capturing and managing client-specific information and data, scheduling and organising appointments, providing consulting resources and materials, billing and payment management, post-processing and follow-up of consulting projects, and quality assurance and feedback processes. The data processed, the nature, scope, purpose, and necessity of its processing are determined by the underlying contractual and client relationship.<br><br>We disclose or transmit client data to third parties or processors, such as authorities, subcontractors, or those in IT, office, or similar service sectors, if it is necessary for fulfilling our contract, protecting vital interests, or required by law, or if we have the clients' consent, in compliance with professional regulations.; <span class=\"\"><strong>Legal basis:<\/strong> Contract fulfilment and pre-contractual inquiries (Art. 6(1)(b) GDPR).<\/span><\/li><\/ul>\r\n<h6 id=\"m13\">Business processes and procedures<\/h6><p>Personal data of service recipients and clients \u2013 including customers, clients, or in special cases counsel, patients, or business partners, as well as other third parties \u2013 is processed within the scope of contractual and comparable legal relationships and pre-contractual measures, such as the initiation of business relationships. This data processing supports and facilitates business operations in areas such as customer management, sales, payment transactions, accounting, and project management.<\/p>\r\n<p>The data collected is used to fulfil contractual obligations and to efficiently organise operational processes. This includes the processing of business transactions, the management of customer relationships, the optimisation of sales strategies, and the safeguarding of internal accounting and financial processes. In addition, the data supports the assertion of the controller's rights and promotes administrative tasks as well as the organisation of the company.<\/p>\r\n<p>Personal data may be passed on to third parties if this is necessary for the fulfilment of the stated purposes or for statutory obligations. After the expiry of statutory retention periods or when the purpose of processing ceases to apply, the data will be deleted. This also includes data that must be stored for longer due to tax law and statutory proof obligations.<\/p>\r\n<ul class=\"m-elements\"><li><strong>Processed data types:<\/strong> File data (e.g. full name, home address, contact information, customer number, etc.); Payment data (e.g. bank details, invoices, payment history); Contact details (e.g. postal and email addresses or telephone numbers); Content data (e.g. text or image messages and posts, and information relating to them, such as authorship or creation date); Contract data (e.g. subject of contract, duration, customer category); Log data (e.g. log files concerning logins or data retrieval or access times); Usage data (e.g. page views and duration of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, persons involved).<\/li><li><strong>Affected persons:<\/strong> Beneficiaries and clients; Interested parties; Communication partners; Business and contractual partners; Third parties; Users (e.g. website visitors, users of online services). Employees (e.g. employees, applicants, temporary staff and other personnel).<\/li><li><strong>Purposes of processing:<\/strong> Provision of contractual services and fulfilment of contractual obligations; office and organisational procedures; business processes and commercial procedures; communication; marketing; sales promotion; public relations; financial and payment management. Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers etc.)).<\/li><li><strong>Storage and Deletion<\/strong> Deletion in accordance with the information in the \"General Information on Data Storage and Deletion\" section.<\/li><li class=\"\"><strong>Legal basis:<\/strong> Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); Legitimate interests (Art. 6(1)(f) GDPR). Legal obligation (Art. 6(1)(c) GDPR).<\/li><\/ul><p><strong>Further information on processing operations, procedures and services:<\/strong><\/p><ul class=\"m-elements\"><li><strong>Contact management and relationship maintenance <\/strong>Procedures required for the organisation, maintenance and security of contact information (e.g., establishing and maintaining a central contact database, regular updates to contact information, monitoring data integrity, implementing data protection measures, ensuring access controls, performing backups and recoveries of contact data, training employees on effective use of contact management software, regularly reviewing communication history and adjusting contact strategies); <span class=\"\"><strong>Legal basis:<\/strong> Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).<\/span><\/li><li><strong>General Payment Transactions <\/strong>Procedures required for carrying out payment transactions, monitoring bank accounts, and controlling payment flows (e.g. creation and checking of transfers, processing of direct debits, checking of bank statements, monitoring of incoming and outgoing payments, direct debit reversal management, account reconciliation, cash management); <span class=\"\"><strong>Legal basis:<\/strong> Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).<\/span><\/li><li><strong>Accounting, Accounts Payable, Accounts Receivable <\/strong>Procedures required for the recording, processing, and control of business transactions in accounts payable and accounts receivable (e.g., creation and checking of incoming and outgoing invoices, monitoring and management of open items, execution of payment transactions, handling of dunning processes, account reconciliation within the scope of receivables and liabilities, accounts payable accounting, and accounts receivable accounting); <span class=\"\"><strong>Legal basis:<\/strong> Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legal obligation (Art. 6(1)(c) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).<\/span><\/li><li><strong>Financial accounting and taxes <\/strong>Processes required for the recording, management and control of finance-relevant business transactions, as well as for the calculation, reporting and payment of taxes (e.g. account assignment and booking of business transactions, preparation of quarterly and annual financial statements, execution of payment transactions, handling of dunning procedures, account reconciliation, tax advice, preparation and submission of tax returns, handling of tax affairs); <span class=\"\"><strong>Legal basis:<\/strong> Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legal obligation (Art. 6(1)(c) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).<\/span><\/li><li><strong>Marketing, Advertising and Sales Promotion <\/strong>Procedures required within marketing, advertising, and sales promotion (e.g., market analysis and target group definition, development of marketing strategies, planning and execution of advertising campaigns, design and production of advertising materials, online marketing including SEO and social media campaigns, event marketing and trade fair participation, customer loyalty programmes, sales promotion measures, performance measurement and optimisation of marketing activities, budget management, and cost control); <span class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR).<\/span><\/li><li><strong>Public relations <\/strong>Procedures required within the scope of public relations (e.g., development and implementation of communication strategies, planning and execution of PR campaigns, creation and distribution of press releases, maintenance of media contacts, monitoring and analysis of media coverage, organisation of press conferences and public events, crisis communication, content creation for social media and company websites, corporate branding management); <span class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR).<\/span><\/li><\/ul>\r\n<h6 id=\"m605\">Use of online platforms for offering and sales purposes<\/h6><p>We offer our services on online platforms operated by other service providers. In this context, in addition to our data protection notices, the data protection notices of the respective platforms apply. This applies in particular with regard to the execution of the payment process and the procedures used on the platforms for reach measurement and interest-based marketing.<\/p>\r\n<ul class=\"m-elements\"><li><strong>Processed data types:<\/strong> File data (e.g., full name, residential address, contact information, customer number, etc.); Payment data (e.g., bank details, invoices, payment history); Contact details (e.g., postal and email addresses or telephone numbers); Contract data (e.g., subject matter of the contract, duration, customer category); Usage data (e.g., page views and duration, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).<\/li><li><strong>Affected persons:<\/strong> Beneficiaries and clients. Business and contractual partners.<\/li><li><strong>Purposes of processing:<\/strong> Provision of contractual services and fulfilment of contractual obligations; Marketing. Business processes and business management procedures.<\/li><li><strong>Storage and Deletion<\/strong> Deletion in accordance with the information in the \"General Information on Data Storage and Deletion\" section.<\/li><li class=\"\"><strong>Legal basis:<\/strong> Contract performance and pre-contractual enquiries (Art. 6(1)(b) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).<\/li><\/ul><p><strong>Further information on processing operations, procedures and services:<\/strong><\/p><ul class=\"m-elements\"><li><strong>Teachable <\/strong>Online platform for offering online courses, coaching, and teaching services, as well as concluding, carrying out, and managing participant contracts.; <strong>Service provider:<\/strong> Teachable, Inc., 470 Park Avenue South, 6th Floor, New York, New York 10016 USA; <span class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR); <\/span><strong>Website<\/strong> <a href=\"https:\/\/teachable.com\/\" target=\"_blank\">https:\/\/teachable.com\/<\/a>; <strong>Privacy Policy<\/strong> <a href=\"https:\/\/teachable.com\/privacy-policy\" target=\"_blank\">https:\/\/teachable.com\/privacy-policy<\/a>; <strong>Data processing agreement<\/strong> <a href=\"https:\/\/teachable.com\/dpa\" target=\"_blank\">https:\/\/teachable.com\/dpa<\/a>. <strong>Basis for third-country transfers:<\/strong> EU\/EEA - Standard Contractual Clauses<a href=\"https:\/\/teachable.com\/dpa\" target=\"_blank\">https:\/\/teachable.com\/dpa<\/a>), Switzerland - Standard Contractual Clauses<a href=\"https:\/\/teachable.com\/dpa\" target=\"_blank\">https:\/\/teachable.com\/dpa<\/a>).<\/li><li><strong>CoachHub <\/strong>Online platform for offering online courses, coaching, and teaching services, as well as concluding, executing, and managing participant contracts; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR);; <strong>Service provider:<\/strong> CoachHub GmbH<br>Alexanderstra\u00dfe 36, <br>10179 Berlin<br>Germany<br>+49 30 23321151<br><br><a href=\"mailto:privacy@coachhub.com\">privacy@coachhub.com<\/a>; <strong>Website<\/strong> <a href=\"https:\/\/www.coachhub.com\/\" target=\"_blank\">https:\/\/www.coachhub.com\/<\/a>. <strong>Privacy Policy<\/strong> <a href=\"https:\/\/www.coachhub.com\/de\/privacy-notice\" target=\"_blank\">https:\/\/www.coachhub.com\/de\/privacy-notice<\/a>.<\/li><li><strong>Sharpist: <\/strong>Online platform for offering online courses, coaching, and teaching services, as well as concluding, executing, and managing participant contracts; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR);; <strong>Service provider:<\/strong> Sharpist GmbH<br>Karl-Marx-Street 58<br>12043 Berlin<br>Germany<br><br><a href=\"mailto:mail@sharpist.com\">mail@sharpist.com<\/a>; <strong>Website<\/strong> <a href=\"https:\/\/www.sharpist.com\/\" target=\"_blank\">https:\/\/www.sharpist.com\/<\/a>. <strong>Privacy Policy<\/strong> <a href=\"https:\/\/www.sharpist.com\/de\/legals\/privacy-policy\" target=\"_blank\">https:\/\/www.sharpist.com\/de\/legals\/privacy-policy<\/a>.<\/li><\/ul>\r\n<h6 id=\"m326\">Payment methods<\/h6><p>In the context of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and, in addition to banks and credit institutions, use other service providers for this purpose (collectively, \"payment service providers\"). The payment transactions are carried out exclusively via encrypted connections in accordance with the state of the art, so that the entered data is protected from unauthorised access during transmission.<\/p>\r\n<p>The data processed by payment service providers includes inventory data, such as name and address, bank details, such as account numbers or credit card numbers, passwords, TANs and check digits, as well as contract, amount and recipient-related details. The details are required to carry out the transactions. However, the entered data is only processed and stored by the payment service providers. This means we do not receive any account or credit card-related information, but merely information confirming or denying the payment. In certain circumstances, the data may be transmitted by the payment service providers to credit reporting agencies. This transmission is for the purpose of identity and credit checks. For this purpose, we refer to the terms and conditions and data protection information of the payment service providers. <\/p>\r\n<p>The terms and conditions and data protection notices of the respective payment service providers, which can be accessed within the respective websites or transaction applications, apply to the payment transactions. We also refer to these for further information and the assertion of rights of withdrawal, access, and other data subject rights.<\/p>\r\n<ul class=\"m-elements\"><li><strong>Processed data types:<\/strong> File data (e.g. full name, home address, contact information, customer number, etc.); Payment data (e.g. bank details, invoices, payment history); Contract data (e.g. subject matter of contract, duration, customer category); Usage data (e.g. page views and duration of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, persons involved).<\/li><li><strong>Affected persons:<\/strong> Beneficiaries and clients; business and contract partners. Interested parties.<\/li><li><strong>Purposes of processing:<\/strong> Provision of contractual services and fulfilment of contractual obligations. Business processes and business management procedures.<\/li><li><strong>Storage and Deletion<\/strong> Deletion in accordance with the information in the \"General Information on Data Storage and Deletion\" section.<\/li><li class=\"\"><strong>Legal basis:<\/strong> Contract performance and pre-contractual enquiries (Art. 6(1)(b) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).<\/li><\/ul><p><strong>Further information on processing operations, procedures and services:<\/strong><\/p><ul class=\"m-elements\"><li><strong>Mastercard <\/strong>Payment services (technical integration of online payment methods); <strong>Service provider:<\/strong> Mastercard Europe SA, Chauss\u00e9e de Tervuren 198A, B-1410 Waterloo, Belgium; <span class=\"\"><strong>Legal basis:<\/strong> Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); <\/span><strong>Website<\/strong> <a href=\"https:\/\/www.mastercard.de\/de-de.html\" target=\"_blank\">https:\/\/www.mastercard.de\/de-de.html<\/a>. <strong>Privacy Policy<\/strong> <a href=\"https:\/\/www.mastercard.de\/de-de\/datenschutz.html\" target=\"_blank\">https:\/\/www.mastercard.de\/de-de\/datenschutz.html<\/a>.<\/li><li><strong>PayPal: <\/strong>Payment services (technical integration of online payment methods) (e.g. PayPal, PayPal Plus, Braintree); <strong>Service provider:<\/strong> PayPal (Europe) S.\u00e0 r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; <span class=\"\"><strong>Legal basis:<\/strong> Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); <\/span><strong>Website<\/strong> <a href=\"https:\/\/www.paypal.com\/de\" target=\"_blank\">https:\/\/www.paypal.com\/de<\/a>. <strong>Privacy Policy<\/strong> <a href=\"https:\/\/www.paypal.com\/de\/legalhub\/paypal\/privacy-full\" target=\"_blank\">https:\/\/www.paypal.com\/de\/legalhub\/paypal\/privacy-full<\/a>.<\/li><li><strong>Stripe: <\/strong>Payment services (technical integration of online payment methods); <strong>Service provider:<\/strong> Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; <span class=\"\"><strong>Legal basis:<\/strong> Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); <\/span><strong>Website<\/strong> <a href=\"https:\/\/stripe.com\" target=\"_blank\">https:\/\/stripe.com<\/a>; <strong>Privacy Policy<\/strong> <a href=\"https:\/\/stripe.com\/de\/privacy\" target=\"_blank\">https:\/\/stripe.com\/de\/privacy<\/a>. <strong>Basis for third-country transfers:<\/strong> EU\/EEA - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF).<\/li><li><strong>Visa <\/strong>Payment services (technical integration of online payment methods); <strong>Service provider:<\/strong> Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, GB; <span class=\"\"><strong>Legal basis:<\/strong> Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); <\/span><strong>Website<\/strong> <a href=\"https:\/\/www.visa.de\" target=\"_blank\">https:\/\/www.visa.de<\/a>. <strong>Privacy Policy<\/strong> <a href=\"https:\/\/www.visa.de\/nutzungsbedingungen\/visa-privacy-center.html\" target=\"_blank\">https:\/\/www.visa.de\/nutzungsbedingungen\/visa-privacy-center.html<\/a>.<\/li><\/ul>\r\n<h6 id=\"m225\">Provision of online services and web hosting<\/h6><p>We process user data to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or end device.<\/p>\r\n<ul class=\"m-elements\"><li><strong>Processed data types:<\/strong> Usage data (e.g. page views and duration of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); Meta, communication and procedural data (e.g. IP addresses, time stamps, identification numbers, persons involved); Log data (e.g. logfiles concerning logins or the retrieval of data or access times); Content data (e.g. textual or image-based messages and contributions as well as information relating to them, such as authorship or creation date); Inventory data (e.g. full name, residential address, contact information, customer number, etc.); Payment data (e.g. bank details, invoices, payment history); Contact data (e.g. postal and email addresses or telephone numbers). Contract data (e.g. subject matter of the contract, term, customer category).<\/li><li><strong>Affected persons:<\/strong> Users (e.g. website visitors, users of online services); beneficiaries and contractors; interested parties. Business and contractual partners.<\/li><li><strong>Purposes of processing:<\/strong> Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)); Security measures; Content Delivery Network (CDN); Provision of contractual services and fulfillment of contractual obligations; Conversion measurement (measurement of the effectiveness of marketing measures). Marketing.<\/li><li><strong>Storage and Deletion<\/strong> Deletion in accordance with the information in the \"General Information on Data Storage and Deletion\" section.<\/li><li class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR).<\/li><\/ul><p><strong>Further information on processing operations, procedures and services:<\/strong><\/p><ul class=\"m-elements\"><li><strong>Provision of online offering on rented storage space: <\/strong>To provide our online services, we use storage space, computing capacity and software that we rent or otherwise obtain from a relevant server provider (also known as a \"web host\"); <span class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR).<\/span><\/li><li><strong>Collection of access data and log files: <\/strong>Access to our online offering is logged in the form of so-called \"server log files\". Server log files may include the address and name of the retrieved web pages and files, date and time of retrieval, amount of data transferred, a message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. Server log files can be used for security purposes, e.g., to prevent server overload (especially in the case of malicious attacks, so-called DDoS attacks), and on the other hand, to ensure server utilisation and stability.; <span class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR). <\/span><strong>Data deletion<\/strong> Logfile information is stored for a maximum of 30 days and then deleted or anonymised. Data which requires further retention for evidential purposes is exempt from deletion until the respective incident has been finally clarified.<\/li><li><strong>1&amp;1 IONOS <\/strong>Services in the field of IT infrastructure provision and associated services (e.g. storage space and\/or computing capacity); <strong>Service provider:<\/strong> 1&amp;1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; <span class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR); <\/span><strong>Website<\/strong> <a href=\"https:\/\/www.ionos.de\" target=\"_blank\">https:\/\/www.ionos.de<\/a>; <strong>Privacy Policy<\/strong> <a href=\"https:\/\/www.ionos.de\/terms-gtc\/terms-privacy\" target=\"_blank\">https:\/\/www.ionos.de\/terms-gtc\/terms-privacy<\/a>. <strong>Data processing agreement<\/strong> <a href=\"https:\/\/www.ionos.de\/hilfe\/datenschutz\/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo\/vereinbarung-zur-auftragsverarbeitung-avv-mit-ionos-abschliessen\/\" target=\"_blank\">https:\/\/www.ionos.de\/hilfe\/datenschutz\/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo\/vereinbarung-zur-auftragsverarbeitung-avv-mit-ionos-abschliessen\/<\/a>.<\/li><li><strong>Cloudflare: <\/strong>Content Delivery Network (CDN) \u2013 a service that enables the content of a website, particularly large media files such as graphics or programme scripts, to be delivered more quickly and securely via a network of servers distributed across different regions and connected via the internet; <strong>Service provider:<\/strong> Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA; <span class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR); <\/span><strong>Website<\/strong> <a href=\"https:\/\/www.cloudflare.com\" target=\"_blank\">https:\/\/www.cloudflare.com<\/a>; <strong>Privacy Policy<\/strong> <a href=\"https:\/\/www.cloudflare.com\/privacypolicy\/\" target=\"_blank\">https:\/\/www.cloudflare.com\/privacypolicy\/<\/a>; <strong>Data processing agreement<\/strong> <a href=\"https:\/\/www.cloudflare.com\/cloudflare-customer-dpa\/\" target=\"_blank\">https:\/\/www.cloudflare.com\/cloudflare-customer-dpa\/<\/a>. <strong>Basis for third-country transfers:<\/strong> EU\/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses<a href=\"https:\/\/www.cloudflare.com\/cloudflare-customer-scc\/\" target=\"_blank\">https:\/\/www.cloudflare.com\/cloudflare-customer-scc\/<\/a>), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (<a href=\"https:\/\/www.cloudflare.com\/cloudflare-customer-scc\/\" target=\"_blank\">https:\/\/www.cloudflare.com\/cloudflare-customer-scc\/<\/a>).<\/li><li><strong>WooCommerce: <\/strong>E-commerce software for operating online shops, processing payments and customer management processes.; <strong>Service provider:<\/strong> Execution on servers and\/or computers under your own data protection responsibility; <span class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR); <\/span><strong>Website<\/strong> <a href=\"https:\/\/woocommerce.com\/\" target=\"_blank\">https:\/\/woocommerce.com\/<\/a>. <strong>Privacy Policy<\/strong> <a href=\"https:\/\/automattic.com\/privacy\/\" target=\"_blank\">https:\/\/automattic.com\/privacy\/<\/a>.<\/li><li><strong>gstatic.com: <\/strong>Content Delivery Network (CDN) \u2013 a service that enables the content of a website, particularly large media files such as graphics or programme scripts, to be delivered more quickly and securely via a network of servers distributed across different regions and connected via the internet; <strong>Service provider:<\/strong> Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; <span class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR); <\/span><strong>Website<\/strong> <a href=\"https:\/\/www.google.de\/\" target=\"_blank\">https:\/\/www.google.de\/<\/a>. <strong>Privacy Policy<\/strong> <a href=\"https:\/\/policies.google.com\/privacy\" target=\"_blank\">https:\/\/policies.google.com\/privacy<\/a>.<\/li><li><strong>Google Workspace: <\/strong>Cloud-based application software (e.g., word processing, spreadsheets, scheduling and contact management), cloud storage, and cloud infrastructure services; <strong>Service provider:<\/strong> Google Cloud EMEA Limited, 70 Sir John Rogerson\u2019s Quay, Dublin 2, Ireland; <span class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR); <\/span><strong>Website<\/strong> <a href=\"https:\/\/workspace.google.com\/\" target=\"_blank\">https:\/\/workspace.google.com\/<\/a>; <strong>Privacy Policy<\/strong> <a href=\"https:\/\/policies.google.com\/privacy\" target=\"_blank\">https:\/\/policies.google.com\/privacy<\/a>; <strong>Data processing agreement<\/strong> <a href=\"https:\/\/cloud.google.com\/terms\/data-processing-addendum\" target=\"_blank\">https:\/\/cloud.google.com\/terms\/data-processing-addendum<\/a>; <strong>Basis for third-country transfers:<\/strong> EU\/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses<a href=\"https:\/\/cloud.google.com\/terms\/eu-model-contract-clause\" target=\"_blank\">https:\/\/cloud.google.com\/terms\/eu-model-contract-clause<\/a>), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (<a href=\"https:\/\/cloud.google.com\/terms\/eu-model-contract-clause\" target=\"_blank\">https:\/\/cloud.google.com\/terms\/eu-model-contract-clause<\/a>). <strong>Further information:<\/strong> <a href=\"https:\/\/cloud.google.com\/privacy\" target=\"_blank\">https:\/\/cloud.google.com\/privacy<\/a>.<\/li><\/ul>\r\n<h6 id=\"m134\">Use of Cookies<\/h6><p>The term \u201ecookies\" refers to functions that store and retrieve information on users' terminal devices. Cookies can also be used for various purposes, for example, for the functionality, security and convenience of online services, as well as for analysing visitor traffic. We use cookies in accordance with legal regulations. To do this, we obtain users' consent in advance if necessary. If consent is not required, we rely on our legitimate interests. This applies when storing and retrieving information is essential to provide expressly requested content and functions. This includes, for example, storing settings and ensuring the functionality and security of our online services. Consent can be withdrawn at any time. We provide clear information about their scope and which cookies are used.<\/p>\r\n<p><strong>Notes on data protection legal bases: <\/strong>Whether we process personal data using cookies depends on consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and processes.<\/p>\r\n<p><strong>Storage period: <\/strong>With regard to storage duration, the following types of cookies are distinguished:<\/p><ul><li><strong>Temporary cookies (also known as session cookies):<\/strong> Temporary cookies are deleted at the latest when a user leaves an online service and closes their device (e.g. browser or mobile application).<\/li><li><strong>Persistent Cookies<\/strong> Persistent cookies remain stored even after the end device is closed. This allows, for example, the login status to be saved and preferred content to be displayed directly when the user revisits a website. Similarly, user data collected using cookies can be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., when obtaining consent), they should assume that they are permanent and the storage duration can be up to two years.<\/li><\/ul><p><strong>General information on revocation and objection (opt-out): <\/strong>Users can revoke their consent at any time and also object to the processing in accordance with the statutory provisions, including via their browser's privacy settings.<\/p>\r\n<ul class=\"m-elements\"><li><strong>Processed data types:<\/strong> Meta-, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, persons involved). Usage data (e.g. page views and dwell times, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).<\/li><li><strong>Affected persons:<\/strong> Users (e.g. website visitors, users of online services).<\/li><li><strong>Purposes of processing:<\/strong> Provision of our online offering and user-friendliness.<\/li><li class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR). Consent (Art. 6(1)(a) GDPR).<\/li><\/ul><p><strong>Further information on processing operations, procedures and services:<\/strong><\/p><ul class=\"m-elements\"><li><strong>Processing of cookie data based on consent: <\/strong>We use a consent management solution, where user consent is obtained for the use of cookies or for the procedures and providers mentioned within the scope of the consent management solution. This procedure is used to obtain, log, manage, and withdraw consents, particularly with regard to the use of cookies and comparable technologies, which are used to store, read, and process information on users' end devices. Within the scope of this procedure, user consents are obtained for the use of cookies and the associated processing of information, including the specific processing activities and providers mentioned in the consent management procedure. Users also have the option to manage and withdraw their consents. Consent declarations are stored to avoid repeated queries and to be able to provide proof of consent in accordance with legal requirements. Storage is done server-side and\/or in a cookie (so-called opt-in cookie) or using comparable technologies in order to be able to assign the consent to a specific user or their device. If no specific information is provided for the providers of consent management services, the following general information applies: The duration of consent storage is up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, details of the scope of consent (e.g., relevant categories of cookies and\/or service providers), and information about the browser, system, and device used.; <span class=\"\"><strong>Legal basis:<\/strong> Consent (Art. 6(1)(a) GDPR).<\/span><\/li><li><strong>Cookie Opt-Out <\/strong>At the bottom of our website, you will find a link that allows you to change your cookie settings and withdraw your consent accordingly.<\/li><li><strong>Complianz: <\/strong>Storage and management of consents (agreement to cookies and data processing), logging of user decisions, display of notices on data protection and cookies, enabling users to withdraw or adjust consents; <strong>Service provider:<\/strong> Execution on servers and\/or computers under your own data protection responsibility; <strong>Website<\/strong> <a href=\"https:\/\/complianz.io\/\" target=\"_blank\">https:\/\/complianz.io\/<\/a>; <strong>Privacy Policy<\/strong> <a href=\"https:\/\/complianz.io\/legal\/\" target=\"_blank\">https:\/\/complianz.io\/legal\/<\/a>. <strong>Further information:<\/strong> An individual user ID, language, and types of consents together with the time of their submission are stored server-side and in a cookie on the user's device.<\/li><\/ul>\r\n<h6 id=\"m104\">Blogs and publishing media<\/h6><p>We use blogs or comparable means of online communication and publication (hereinafter referred to as \"publication medium\"). The data of readers will only be processed for the purposes of the publication medium to the extent necessary for its presentation and communication between authors and readers, or for security reasons. Otherwise, we refer to the information on the processing of visitors to our publication medium within the scope of this privacy notice.<\/p>\r\n<ul class=\"m-elements\"><li><strong>Processed data types:<\/strong> File data (e.g. full name, residential address, contact information, customer number, etc.); contact details (e.g. postal and email addresses, or telephone numbers); content data (e.g. textual or pictorial messages and posts, as well as information relating to them, such as authorship or creation time); usage data (e.g. page views and dwell times, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, persons involved).<\/li><li><strong>Affected persons:<\/strong> Users (e.g. website visitors, users of online services).<\/li><li><strong>Purposes of processing:<\/strong> Feedback (e.g. collecting feedback via online form); provision of our online services and user-friendliness. Security measures.<\/li><li><strong>Storage and Deletion<\/strong> Deletion in accordance with the information in the \"General Information on Data Storage and Deletion\" section.<\/li><li class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR).<\/li><\/ul><p><strong>Further information on processing operations, procedures and services:<\/strong><\/p><ul class=\"m-elements\"><li><strong>UpdraftPlus: <\/strong>Backup software and backup storage; <strong>Service provider:<\/strong> Simba Hosting Ltd, 11 Barringer Way, St Neots, Cambs, PE19 1LW, GB; <span class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR); <\/span><strong>Website<\/strong> <a href=\"https:\/\/updraftplus.com\/\" target=\"_blank\">https:\/\/updraftplus.com\/<\/a>. <strong>Privacy Policy<\/strong> <a href=\"https:\/\/updraftplus.com\/data-protection-and-privacy-centre\/\" target=\"_blank\">https:\/\/updraftplus.com\/data-protection-and-privacy-centre\/<\/a>.<\/li><\/ul>\r\n<h6 id=\"m182\">Contact and Enquiry Management<\/h6><p>When you contact us (e.g. by post, contact form, email, telephone or via social media), and in the context of existing user and business relationships, the details of the enquirers are processed, insofar as this is necessary to answer contact requests and any requested actions.<\/p>\r\n<ul class=\"m-elements\"><li><strong>Processed data types:<\/strong> File data (e.g. full name, residential address, contact information, customer number, etc.); contact details (e.g. postal and email addresses, or telephone numbers); content data (e.g. textual or pictorial messages and posts, as well as information relating to them, such as authorship or creation time); usage data (e.g. page views and dwell times, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, persons involved).<\/li><li><strong>Affected persons:<\/strong> Communication partners; Beneficiaries and clients. Users (e.g. website visitors, users of online services).<\/li><li><strong>Purposes of processing:<\/strong> Communication; Organisational and administrative procedures; Feedback (e.g. collecting feedback via online form). Provision of our online offering and user-friendliness.<\/li><li><strong>Storage and Deletion<\/strong> Deletion in accordance with the information in the \"General Information on Data Storage and Deletion\" section.<\/li><li class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR). Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).<\/li><\/ul><p><strong>Further information on processing operations, procedures and services:<\/strong><\/p><ul class=\"m-elements\"><li><strong>Contact Form <\/strong>When you contact us via our contact form, email, or other communication channels, we process the personal data transmitted to us in order to respond to and process your respective enquiry. This typically includes details such as your name, contact information, and any other information you provide that is necessary for proper processing. We use this data solely for the stated purpose of contact and communication.; <span class=\"\"><strong>Legal basis:<\/strong> Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).<\/span><\/li><li><strong>Elementor: <\/strong>Creation of online forms, capture and storage of associated user input; <strong>Service provider:<\/strong> Elementor Ltd., Tuval St 40, Ramat Gan, Israel; <span class=\"\"><strong>Legal basis:<\/strong> Contract fulfilment and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR); <\/span><strong>Website<\/strong> <a href=\"https:\/\/elementor.com\/features\/form-builder\/\" target=\"_blank\">https:\/\/elementor.com\/features\/form-builder\/<\/a>; <strong>Privacy Policy<\/strong> <a href=\"https:\/\/elementor.com\/about\/privacy\/\" target=\"_blank\">https:\/\/elementor.com\/about\/privacy\/<\/a>; <strong>Data processing agreement<\/strong> <a href=\"https:\/\/elementor.com\/terms\/cloud-toc\/elementor-data-processing-agreement\/\" target=\"_blank\">https:\/\/elementor.com\/terms\/cloud-toc\/elementor-data-processing-agreement\/<\/a>; <strong>Basis for third-country transfers:<\/strong> EU\/EEA - Standard Contractual Clauses<a href=\"https:\/\/elementor.com\/terms\/cloud-toc\/elementor-data-processing-agreement\/\" target=\"_blank\">https:\/\/elementor.com\/terms\/cloud-toc\/elementor-data-processing-agreement\/<\/a>), Switzerland - Standard Contractual Clauses<a href=\"https:\/\/elementor.com\/terms\/cloud-toc\/elementor-data-processing-agreement\/\" target=\"_blank\">https:\/\/elementor.com\/terms\/cloud-toc\/elementor-data-processing-agreement\/<\/a>). <strong>Further information:<\/strong> <a href=\"https:\/\/elementor.com\/trust\/\" target=\"_blank\">https:\/\/elementor.com\/trust\/<\/a>.<\/li><\/ul>\r\n<h6 id=\"m735\">Video conferences, online meetings, webinars, and screen sharing<\/h6><p>We use platforms and applications from third-party providers (hereinafter referred to as \"conference platforms\") for the purpose of conducting video and audio conferences, webinars, and other types of video and audio meetings (hereinafter referred to collectively as \"conferences\"). We observe statutory requirements when selecting conference platforms and their services. <\/p>\r\n<p><strong>Data processed by conference platforms:<\/strong> As part of participation in a conference, the conference platforms process the personal data of participants listed below. The scope of processing depends, on the one hand, on which data is requested in the context of a specific conference (e.g., provision of access details or full names) and which optional information is provided by the participants. In addition to processing for the purpose of conducting the conference, participant data may also be processed by the conference platforms for security purposes or service optimisation. The processed data includes personal data (first name, last name), contact information (email address, phone number), access details (access codes or passwords), profile pictures, details on professional position\/function, the IP address of internet access, details on participants' end devices, their operating system, the browser and its technical and language settings, information on content communication processes, i.e., entries in chats as well as audio and video data, and the use of other available functions (e.g., polls). The content of communications is encrypted to the extent technically provided by the conference providers. If participants are registered users with the conference platforms, further data may be processed in accordance with the agreement with the respective conference provider.<\/p>\r\n<p><strong>Logging and recordings:<\/strong> Where text inputs, participation results (e.g. from surveys), and video or audio recordings are logged, participants will be informed upfront in a transparent manner and asked for their consent where necessary.<\/p>\r\n<p><strong>Data protection measures of participants:<\/strong> Please refer to the privacy notices of the conference platforms regarding the processing of your data and select the optimal security and data protection settings for you within the conference platform settings. Furthermore, during a video conference, please ensure data and personal privacy in the background of your recording (e.g. by informing housemates, closing doors and, where technically possible, using the background blurring function). Links to the conference rooms and access data must not be passed on to unauthorised third parties.<\/p>\r\n<p><strong>Notes on Legal Basis:<\/strong> So long as we process user data in addition to the conference platforms, and ask users for their consent for the use of the conference platforms or specific functions (e.g. consent to a recording of conferences), the legal basis for the processing is this consent. Furthermore, our processing may be necessary for the performance of our contractual obligations (e.g. in participant lists, in the case of processing of discussion results, etc.). Otherwise, user data will be processed on the basis of our legitimate interests in efficient and secure communication with our communication partners.<\/p>\r\n<ul class=\"m-elements\"><li><strong>Processed data types:<\/strong> File data (e.g., full name, residential address, contact information, customer number, etc.); contact details (e.g., postal and email addresses or phone numbers); content data (e.g., text or image messages and posts, as well as information appertaining to them, such as authorship or creation time); usage data (e.g., page views and duration of visits, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); image and\/or video recordings (e.g., photographs or video recordings of a person); audio recordings. Log data (e.g., log files concerning logins or the retrieval of data or access times).<\/li><li><strong>Affected persons:<\/strong> Communication partner; User (e.g. website visitor, online service user). Depicted persons.<\/li><li><strong>Purposes of processing:<\/strong> Provision of contractual services and fulfilment of contractual obligations; communication. Office and organisational procedures.<\/li><li><strong>Storage and Deletion<\/strong> Deletion in accordance with the information in the \"General Information on Data Storage and Deletion\" section.<\/li><li class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR).<\/li><\/ul><p><strong>Further information on processing operations, procedures and services:<\/strong><\/p><ul class=\"m-elements\"><li><strong>Microsoft Teams: <\/strong>Use for conducting online events, conferences, and communication with internal and external participants. Voice transmission, direct messages, group communication, and collaboration features are used; name, business contact details, work profile, participation, and content (audio\/video, voice, chat, files, voice transcription) are processed for the purposes of and out of interest in efficiency and productivity increases, cost-effectiveness, flexibility, mobility, improved communication, IT security, use of a central platform, and Microsoft business operations. Audio signals are generally not stored, except when recording is activated. Meeting and conference recordings are stored for 90 days by default, unless a different duration is specified. Chat and file content is stored according to guidelines set by the administrator or user; no automatic deletion is preset. Channels must be renewed every 180 days, otherwise content will be deleted. Additionally, system-generated log, diagnostic, and metadata are processed, and diagnostic data is collected for product stability, security, and improvement.; <strong>Service provider:<\/strong> Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; <span class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR); <\/span><strong>Website<\/strong> <a href=\"https:\/\/www.microsoft.com\/de-de\/microsoft-teams\/\" target=\"_blank\">https:\/\/www.microsoft.com\/de-de\/microsoft-teams\/<\/a>; <strong>Privacy Policy<\/strong> <a href=\"https:\/\/privacy.microsoft.com\/de-de\/privacystatement\" target=\"_blank\">https:\/\/privacy.microsoft.com\/de-de\/privacystatement<\/a>, Safety instructions <a href=\"https:\/\/www.microsoft.com\/de-de\/trustcenter\" target=\"_blank\">https:\/\/www.microsoft.com\/de-de\/trustcenter<\/a>. <strong>Basis for third-country transfers:<\/strong> EU\/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses<a href=\"https:\/\/www.microsoft.com\/licensing\/docs\/view\/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA\" target=\"_blank\">https:\/\/www.microsoft.com\/licensing\/docs\/view\/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA<\/a>), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (<a href=\"https:\/\/www.microsoft.com\/licensing\/docs\/view\/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA\" target=\"_blank\">https:\/\/www.microsoft.com\/licensing\/docs\/view\/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA<\/a>).<\/li><li><strong>Zoom <\/strong>Video conferencing, online meetings, webinars, screen sharing, optional session recording, chat function, integration with calendars and other apps; <strong>Service provider:<\/strong> Zoom Video Communications, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA; <span class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR); <\/span><strong>Website<\/strong> <a href=\"https:\/\/zoom.us\" target=\"_blank\">https:\/\/zoom.us<\/a>; <strong>Privacy Policy<\/strong> <a href=\"https:\/\/explore.zoom.us\/de\/privacy\/\" target=\"_blank\">https:\/\/explore.zoom.us\/de\/privacy\/<\/a>; <strong>Data processing agreement<\/strong> <a href=\"https:\/\/explore.zoom.us\/docs\/doc\/Zoom_GLOBAL_DPA.pdf\" target=\"_blank\">https:\/\/explore.zoom.us\/docs\/doc\/Zoom_GLOBAL_DPA.pdf<\/a>. <strong>Basis for third-country transfers:<\/strong> EU\/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses<a href=\"https:\/\/explore.zoom.us\/docs\/doc\/Zoom_GLOBAL_DPA.pdf\" target=\"_blank\">https:\/\/explore.zoom.us\/docs\/doc\/Zoom_GLOBAL_DPA.pdf<\/a>), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (<a href=\"https:\/\/explore.zoom.us\/docs\/doc\/Zoom_GLOBAL_DPA.pdf\" target=\"_blank\">https:\/\/explore.zoom.us\/docs\/doc\/Zoom_GLOBAL_DPA.pdf<\/a>).<\/li><\/ul>\r\n<h6 id=\"m29\">Cloud services<\/h6><p>We use software services accessible via the internet and run on their providers\" servers (so-called \"cloud services\", also referred to as \"software as a service\") for the storage and management of content (e.g. document storage and management, exchange of documents, content and information with specific recipients, or publication of content and information).<\/p>\r\n<p>Within this framework, personal data may be processed and stored on the providers' servers to the extent that they are part of communication processes with us or are otherwise processed by us as outlined in this privacy policy. These data may include, in particular, master data and contact details of users, data on processes, contracts, other transactions and their content. The providers of cloud services also process usage data and metadata, which they use for security purposes and service optimisation.<\/p>\r\n<p>If we provide forms or other documents and content to other users or publicly accessible websites using cloud services, providers may store cookies on users' devices for web analysis purposes or to remember user settings (e.g., in the case of media control).<\/p>\r\n<ul class=\"m-elements\"><li><strong>Processed data types:<\/strong> File data (e.g., full name, residential address, contact information, customer number, etc.); Contact details (e.g., postal and email addresses or telephone numbers); Content data (e.g., text or image messages and posts and information relating to them, such as authorship or creation time). Usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).<\/li><li><strong>Affected persons:<\/strong> Interested parties; Communication partners; Business and contract partners. Users (e.g. website visitors, users of online services).<\/li><li><strong>Purposes of processing:<\/strong> Office and organisational procedures. IT infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)).<\/li><li><strong>Storage and Deletion<\/strong> Deletion in accordance with the information in the \"General Information on Data Storage and Deletion\" section.<\/li><li class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR).<\/li><\/ul><p><strong>Further information on processing operations, procedures and services:<\/strong><\/p><ul class=\"m-elements\"><li><strong>Google Workspace: <\/strong>Cloud-based application software (e.g., word processing, spreadsheets, scheduling and contact management), cloud storage, and cloud infrastructure services; <strong>Service provider:<\/strong> Google Cloud EMEA Limited, 70 Sir John Rogerson\u2019s Quay, Dublin 2, Ireland; <span class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR); <\/span><strong>Website<\/strong> <a href=\"https:\/\/workspace.google.com\/\" target=\"_blank\">https:\/\/workspace.google.com\/<\/a>; <strong>Privacy Policy<\/strong> <a href=\"https:\/\/policies.google.com\/privacy\" target=\"_blank\">https:\/\/policies.google.com\/privacy<\/a>; <strong>Data processing agreement<\/strong> <a href=\"https:\/\/cloud.google.com\/terms\/data-processing-addendum\" target=\"_blank\">https:\/\/cloud.google.com\/terms\/data-processing-addendum<\/a>; <strong>Basis for third-country transfers:<\/strong> EU\/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses<a href=\"https:\/\/cloud.google.com\/terms\/eu-model-contract-clause\" target=\"_blank\">https:\/\/cloud.google.com\/terms\/eu-model-contract-clause<\/a>), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (<a href=\"https:\/\/cloud.google.com\/terms\/eu-model-contract-clause\" target=\"_blank\">https:\/\/cloud.google.com\/terms\/eu-model-contract-clause<\/a>). <strong>Further information:<\/strong> <a href=\"https:\/\/cloud.google.com\/privacy\" target=\"_blank\">https:\/\/cloud.google.com\/privacy<\/a>.<\/li><\/ul>\r\n<h6 id=\"m263\">Web analysis, monitoring and optimisation<\/h6><p>Web analytics (also referred to as \u201ereach measurement\") is used to evaluate visitor traffic to our online offering and can include pseudonymous data on visitor behaviour, interests or demographics, such as age or gender. Reach analysis allows us, for example, to identify when our online offering or its functions\/content are used most frequently, or invite reuse. It also enables us to understand which areas require optimisation. <\/p>\r\n<p>In addition to web analytics, we can also use testing methods to test and optimise different versions of our website or its components.<\/p>\r\n<p>Unless otherwise specified below, profiles, i.e. data aggregated from usage activity, may be created for these purposes, and information may be stored in and then read from a browser or end device. The data collected includes, in particular, visited websites and elements used on them, as well as technical information such as the browser used, the computer system used, and information about usage times. If users have consented to the collection of their location data, either to us or to the providers of the services we use, the processing of location data is also possible.<\/p>\r\n<p>Furthermore, users' IP addresses are stored. However, we use an IP masking procedure (i.e., pseudonymisation by shortening the IP address) to protect users. Generally, no clear user data (such as email addresses or names) is stored as part of web analysis, A\/B testing, and optimisation; instead, pseudonyms are used. This means that neither we nor the providers of the software used know the actual identity of the users, but only the details stored in their profiles for the purpose of the respective procedures.<\/p>\r\n<p>Notes on Legal Basis: If we ask users for their consent to use third-party providers, the legal basis for data processing is consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economically viable, and user-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.<\/p>\r\n<ul class=\"m-elements\"><li><strong>Processed data types:<\/strong> Usage data (e.g. page views and duration of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, times, identification numbers, persons involved).<\/li><li><strong>Affected persons:<\/strong> Users (e.g. website visitors, users of online services).<\/li><li><strong>Purposes of processing:<\/strong> Reach measurement (e.g. access statistics, detection of returning visitors); profiles with user-related information (creation of user profiles); tracking (e.g. interest\/behaviour-related profiling, use of cookies); conversion measurement (measurement of the effectiveness of marketing measures); audience segmentation; marketing. Provision of our online offering and user-friendliness.<\/li><li><strong>Storage and Deletion<\/strong> Deletion in accordance with the information in the section \"General Information on Data Storage and Deletion\". Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).<\/li><li><strong>Safety measures<\/strong> IP Masking (Pseudonymisation of the IP Address).<\/li><li class=\"\"><strong>Legal basis:<\/strong> Consent (Art. 6(1)(a) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).<\/li><\/ul><p><strong>Further information on processing operations, procedures and services:<\/strong><\/p><ul class=\"m-elements\"><li><strong>1&amp;1 IONOS WebAnalytics: <\/strong>Reach measurement and web analytics; <strong>Service provider:<\/strong> 1&amp;1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; <span class=\"\"><strong>Legal basis:<\/strong> Consent (Article 6(1)(a) GDPR); <\/span><strong>Website<\/strong> <a href=\"https:\/\/www.ionos.de\" target=\"_blank\">https:\/\/www.ionos.de<\/a>; <strong>Privacy Policy<\/strong> <a href=\"https:\/\/www.ionos.de\/terms-gtc\/datenschutzerklaerung\/\" target=\"_blank\">https:\/\/www.ionos.de\/terms-gtc\/datenschutzerklaerung\/<\/a>; <strong>Data processing agreement<\/strong> <a href=\"https:\/\/www.ionos.de\/hilfe\/datenschutz\/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo\/vereinbarung-zur-auftragsverarbeitung-avv-mit-ionos-abschliessen\/\" target=\"_blank\">https:\/\/www.ionos.de\/hilfe\/datenschutz\/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo\/vereinbarung-zur-auftragsverarbeitung-avv-mit-ionos-abschliessen\/<\/a>; <strong>Further information:<\/strong> The data is collected either via a pixel or a log file, without the use of cookies; visitors' IP addresses are transmitted upon request for a page, are anonymised immediately after transmission, and processed further without personal reference. The data is processed based on a contract processing agreement.<\/li><li><strong>Jetpack (WordPress Stats): <\/strong>Jetpack offers analytics features for WordPress software.; <strong>Service provider:<\/strong> Aut O\u2019Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; <span class=\"\"><strong>Legal basis:<\/strong> Consent (Article 6(1)(a) GDPR); <\/span><strong>Website<\/strong> <a href=\"https:\/\/automattic.com\" target=\"_blank\">https:\/\/automattic.com<\/a>; <strong>Privacy Policy<\/strong> <a href=\"https:\/\/automattic.com\/privacy\" target=\"_blank\">https:\/\/automattic.com\/privacy<\/a>; <strong>Data processing agreement<\/strong> Provided by the service provider. <strong>Basis for third-country transfers:<\/strong> EU\/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses (Provided by the service provider), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (Provided by the service provider).<\/li><\/ul>\r\n<h6 id=\"m136\">Social media presence<\/h6><p>We maintain online presences on social networks and process user data within this framework to communicate with active users there or to offer information about us.<\/p>\r\n<p>We wish to point out that user data may be processed outside the European Union. This may pose risks for users, as it could, for example, make it more difficult to enforce user rights.<\/p>\r\n<p>Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles can be created based on user behaviour and resulting interests. These, in turn, may be used to display advertisements within and outside the networks that are presumed to match the user's interests. Therefore, cookies are generally stored on users' computers, which store the users' usage behaviour and interests. In addition, data independent of the devices used by the users can also be stored in the usage profiles (especially if they are members of the respective platforms and logged in there).<\/p>\r\n<p>For a detailed explanation of the respective processing methods and the possibilities of objection (opt-out), please refer to the privacy policies and information provided by the operators of the respective networks.<\/p>\r\n<p>Even in the case of information requests and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers. Only the latter have access to the user data and can take appropriate measures and provide information directly. Should you still require assistance, you can contact us.<\/p>\r\n<ul class=\"m-elements\"><li><strong>Processed data types:<\/strong> Contact details (e.g. postal and e-mail addresses or telephone numbers); Content data (e.g. text or image messages and posts, and information relating to them, such as authorship details or creation date). Usage data (e.g. page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features).<\/li><li><strong>Affected persons:<\/strong> Users (e.g. website visitors, users of online services).<\/li><li><strong>Purposes of processing:<\/strong> Communication; Feedback (e.g. collecting feedback via online form). Public relations.<\/li><li><strong>Storage and Deletion<\/strong> Deletion in accordance with the information in the \"General Information on Data Storage and Deletion\" section.<\/li><li class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR).<\/li><\/ul><p><strong>Further information on processing operations, procedures and services:<\/strong><\/p><ul class=\"m-elements\"><li><strong>Instagram <\/strong>Social network, enabling the sharing of photos and videos, commenting on and favouriting posts, sending messages, subscribing to profiles and pages; <strong>Service provider:<\/strong> Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; <span class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR); <\/span><strong>Website<\/strong> <a href=\"https:\/\/www.instagram.com\" target=\"_blank\">https:\/\/www.instagram.com<\/a>; <strong>Privacy Policy<\/strong> <a href=\"https:\/\/privacycenter.instagram.com\/policy\/\" target=\"_blank\">https:\/\/privacycenter.instagram.com\/policy\/<\/a>. <strong>Basis for third-country transfers:<\/strong> EU\/EEA - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF).<\/li><li><strong>LinkedIn: <\/strong>Social Network - We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not further processing) of visitor data used to create the \u201ePage Insights\" for our LinkedIn profiles. This data includes information about the types of content users view or interact with, and the actions they take. Details about the devices used are also recorded, such as IP addresses, operating systems, browser types, language preferences, and cookie data, as well as information from user profiles, such as job function, country, industry, seniority level, company size, and employment status. Data protection information on the processing of user data by LinkedIn can be found in LinkedIn's privacy notices: <a href=\"https:\/\/www.linkedin.com\/legal\/privacy-policy\" target=\"_blank\">https:\/\/www.linkedin.com\/legal\/privacy-policy.<\/a><br>We have entered into a special agreement with LinkedIn Ireland (\u201ePage Insights Joint Controller Addendum\", <a href=\"https:\/\/legal.linkedin.com\/pages-joint-controller-addendum\" target=\"_blank\">https:\/\/legal.linkedin.com\/pages-joint-controller-addendum<\/a>), which in particular lays down the security measures LinkedIn must observe and in which LinkedIn has agreed to comply with the rights of data subjects (i.e. users can, for example, send requests for information or deletion directly to LinkedIn). The rights of users (in particular the right to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with LinkedIn. The joint responsibility is limited to the collection and transmission of data to LinkedIn Ireland Unlimited Company, an EU-based company. The further processing of the data is exclusively the responsibility of LinkedIn Ireland Unlimited Company, particularly with regard to the transmission of data to the parent company LinkedIn Corporation in the USA.; <strong>Service provider:<\/strong> LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; <span class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR); <\/span><strong>Website<\/strong> <a href=\"https:\/\/www.linkedin.com\" target=\"_blank\">https:\/\/www.linkedin.com<\/a>; <strong>Privacy Policy<\/strong> <a href=\"https:\/\/www.linkedin.com\/legal\/privacy-policy\" target=\"_blank\">https:\/\/www.linkedin.com\/legal\/privacy-policy<\/a>; <strong>Basis for third-country transfers:<\/strong> EU\/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses<a href=\"https:\/\/legal.linkedin.com\/dpa\" target=\"_blank\">https:\/\/legal.linkedin.com\/dpa<\/a>), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (<a href=\"https:\/\/legal.linkedin.com\/dpa\" target=\"_blank\">https:\/\/legal.linkedin.com\/dpa<\/a>). <strong>Possibility of objection (Opt-out):<\/strong> <a href=\"https:\/\/www.linkedin.com\/psettings\/guest-controls\/retargeting-opt-out\" target=\"_blank\">https:\/\/www.linkedin.com\/psettings\/guest-controls\/retargeting-opt-out<\/a>.<\/li><\/ul>\r\n<h6 id=\"m328\">Plug-ins, embedded features and content<\/h6><p>We incorporate functional and content elements into our online offering that are sourced from the servers of their respective providers (hereinafter referred to as \u201ethird-party providers\"). These may include, for example, graphics, videos, or maps (hereinafter collectively referred to as \u201econtent\").<\/p>\r\n<p>Embedding always requires that the third-party providers of this content process the user's IP address, as they cannot send the content to their browser without an IP address. The IP address is therefore necessary for the display of this content or functions. We endeavour to use only content whose respective providers merely use the IP address for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as \u201eweb beacons\") for statistical or marketing purposes. \u201ePixel tags\" can be used to evaluate information such as visitor traffic to the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and may include technical information on the browser and operating system, referring websites, visiting time, and further details on the use of our online services, but can also be linked with such information from other sources.<\/p>\r\n<p><strong>Notes on Legal Basis:<\/strong> If we ask users for their consent to use third-party providers, the legal basis for data processing is the permission granted. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., an interest in efficient, economical, and user-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.<\/p>\r\n<ul class=\"m-elements\"><li><strong>Processed data types:<\/strong> Usage data (e.g. page views and duration of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, times, identification numbers, persons involved).<\/li><li><strong>Affected persons:<\/strong> Users (e.g. website visitors, users of online services).<\/li><li><strong>Purposes of processing:<\/strong> Provision of our online offering and user-friendliness. Performance of contractual services and fulfilment of contractual obligations.<\/li><li><strong>Storage and Deletion<\/strong> Deletion in accordance with the information in the section \"General Information on Data Storage and Deletion\". Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).<\/li><li class=\"\"><strong>Legal basis:<\/strong> Consent (Art. 6(1)(a) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).<\/li><\/ul><p><strong>Further information on processing operations, procedures and services:<\/strong><\/p><ul class=\"m-elements\"><li><strong>reCAPTCHA: <\/strong>We integrate the \"reCAPTCHA\" function to detect whether inputs (e.g. in online forms) are made by humans and not by automated machines (so-called \"bots\"). The data processed may include IP addresses, information about operating systems, devices or browsers used, language settings, location, mouse movements, keystrokes, time spent on websites, previously visited websites, interactions with reCAPTCHA on other websites, under certain circumstances cookies, as well as results of manual detection processes (e.g. answering questions or selecting objects in images). Data processing is based on our legitimate interest in protecting our online offering from abusive automated crawling and spam.; <strong>Service provider:<\/strong> Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; <span class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR); <\/span><strong>Website<\/strong> <a href=\"https:\/\/www.google.com\/recaptcha\/\" target=\"_blank\">https:\/\/www.google.com\/recaptcha\/<\/a>; <strong>Privacy Policy<\/strong> <a href=\"https:\/\/policies.google.com\/privacy\" target=\"_blank\">https:\/\/policies.google.com\/privacy<\/a>; <strong>Basis for third-country transfers:<\/strong> EU\/EEA - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF). <strong>Possibility of objection (Opt-out):<\/strong> Opt-Out Plugin <a href=\"https:\/\/tools.google.com\/dlpage\/gaoptout?hl=de\" target=\"_blank\">https:\/\/tools.google.com\/dlpage\/gaoptout?hl=de<\/a>, Ad display settings: <a href=\"https:\/\/myadcenter.google.com\/personalizationoff\" target=\"_blank\">https:\/\/myadcenter.google.com\/personalizationoff<\/a>.<\/li><\/ul>\r\n<h6 id=\"m723\">Management, Organisation and Auxiliary Tools<\/h6><p>We use the services, platforms, and software of other providers (hereinafter referred to as \"third-party providers\") for the purposes of organising, managing, planning, and delivering our services. We observe the statutory requirements when selecting third-party providers and their services. <\/p>\r\n<p>Within this framework, personal data can be processed and stored on the servers of third-party providers. This can affect various types of data that we process in accordance with this privacy policy. This data may include, in particular, master data and contact details of users, data relating to transactions, contracts, other processes, and their contents.<\/p>\r\n<p>Should users be referred to third parties or their software or platforms within the scope of communication, business or other relationships with us, the third parties may process usage data and metadata for security purposes, service optimisation or marketing purposes. We therefore ask that you observe the data protection notices of the respective third parties.<\/p>\r\n<ul class=\"m-elements\"><li><strong>Processed data types:<\/strong> Content data (e.g. textual or pictorial messages and posts, as well as information relating to them, such as details of authorship or time of creation); Usage data (e.g. page views and duration of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, persons involved); Contact data (e.g. postal and email addresses or telephone numbers). Inventory data (e.g. full name, residential address, contact information, customer number, etc.).<\/li><li><strong>Affected persons:<\/strong> Communication partners; Users (e.g. website visitors, users of online services); Business and contractual partners. Third parties.<\/li><li><strong>Purposes of processing:<\/strong> Provision of contractual services and fulfilment of contractual duties; Office and organisational procedures; Organisational and administrative procedures; Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)). Business processes and business management procedures.<\/li><li><strong>Storage and Deletion<\/strong> Deletion in accordance with the information in the \"General Information on Data Storage and Deletion\" section.<\/li><li class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR).<\/li><\/ul><p><strong>Further information on processing operations, procedures and services:<\/strong><\/p><ul class=\"m-elements\"><li><strong>Calendly: <\/strong>Online appointment scheduling and management; <strong>Service provider:<\/strong> Calendly LLC., 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA.; <span class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR); <\/span><strong>Website<\/strong> <a href=\"https:\/\/calendly.com\/de\" target=\"_blank\">https:\/\/calendly.com\/de<\/a>; <strong>Privacy Policy<\/strong> <a href=\"https:\/\/calendly.com\/privacy\" target=\"_blank\">https:\/\/calendly.com\/privacy<\/a>; <strong>Data processing agreement<\/strong> <a href=\"https:\/\/calendly.com\/dpa\" target=\"_blank\">https:\/\/calendly.com\/dpa<\/a>. <strong>Basis for third-country transfers:<\/strong> EU\/EEA - Standard Contractual Clauses<a href=\"https:\/\/calendly.com\/dpa\" target=\"_blank\">https:\/\/calendly.com\/dpa<\/a>), Switzerland - Standard Contractual Clauses<a href=\"https:\/\/calendly.com\/dpa\" target=\"_blank\">https:\/\/calendly.com\/dpa<\/a>).<\/li><li><strong>Google Workspace: <\/strong>Cloud-based application software (e.g., word processing, spreadsheets, scheduling and contact management), cloud storage, and cloud infrastructure services; <strong>Service provider:<\/strong> Google Cloud EMEA Limited, 70 Sir John Rogerson\u2019s Quay, Dublin 2, Ireland; <span class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR); <\/span><strong>Website<\/strong> <a href=\"https:\/\/workspace.google.com\/\" target=\"_blank\">https:\/\/workspace.google.com\/<\/a>; <strong>Privacy Policy<\/strong> <a href=\"https:\/\/policies.google.com\/privacy\" target=\"_blank\">https:\/\/policies.google.com\/privacy<\/a>; <strong>Data processing agreement<\/strong> <a href=\"https:\/\/cloud.google.com\/terms\/data-processing-addendum\" target=\"_blank\">https:\/\/cloud.google.com\/terms\/data-processing-addendum<\/a>; <strong>Basis for third-country transfers:<\/strong> EU\/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses<a href=\"https:\/\/cloud.google.com\/terms\/eu-model-contract-clause\" target=\"_blank\">https:\/\/cloud.google.com\/terms\/eu-model-contract-clause<\/a>), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (<a href=\"https:\/\/cloud.google.com\/terms\/eu-model-contract-clause\" target=\"_blank\">https:\/\/cloud.google.com\/terms\/eu-model-contract-clause<\/a>). <strong>Further information:<\/strong> <a href=\"https:\/\/cloud.google.com\/privacy\" target=\"_blank\">https:\/\/cloud.google.com\/privacy<\/a>.<\/li><li><strong>Microsoft 365 Outlook: <\/strong>Use of e-mail and calendar functions for communication and organisation of meetings. Contact data (name, e-mail address), content data (messages, attachments, meeting contents) and metadata are processed for the purposes and interest in efficiency and productivity increases, cost-effectiveness, flexibility, mobility, improved communication and integration with M365. Storage of e-mails and calendar entries is governed by policies set by the administrator or user; by default, no automatic deletion occurs. Mailboxes and calendars are typically removed 30 days after departure. Additionally, diagnostic data is collected for product stability and improvement.; <strong>Service provider:<\/strong> Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; <span class=\"\"><strong>Legal basis:<\/strong> Legitimate interests (Art. 6(1)(f) GDPR); <\/span><strong>Website<\/strong> <a href=\"https:\/\/www.microsoft.com\/\" target=\"_blank\">https:\/\/www.microsoft.com\/<\/a>; <strong>Privacy Policy<\/strong> <a href=\"https:\/\/privacy.microsoft.com\/de-de\/privacystatement\" target=\"_blank\">https:\/\/privacy.microsoft.com\/de-de\/privacystatement<\/a>, Safety instructions <a href=\"https:\/\/www.microsoft.com\/de-de\/trustcenter\" target=\"_blank\">https:\/\/www.microsoft.com\/de-de\/trustcenter<\/a>; <strong>Data processing agreement<\/strong> <a href=\"https:\/\/www.microsoft.com\/licensing\/docs\/view\/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA\" target=\"_blank\">https:\/\/www.microsoft.com\/licensing\/docs\/view\/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA<\/a>. <strong>Basis for third-country transfers:<\/strong> EU\/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses<a href=\"https:\/\/www.microsoft.com\/licensing\/docs\/view\/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA\" target=\"_blank\">https:\/\/www.microsoft.com\/licensing\/docs\/view\/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA<\/a>), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (<a href=\"https:\/\/www.microsoft.com\/licensing\/docs\/view\/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA\" target=\"_blank\">https:\/\/www.microsoft.com\/licensing\/docs\/view\/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA<\/a>).<\/li><\/ul>\r\n<h6 id=\"m15\">Change and update<\/h6><p>We ask you to inform yourself regularly about the content of our Data Protection Statement. We adjust the Data Protection Statement as soon as changes in the data processing we carry out make this necessary. We will inform you as soon as further action is required on your part (e.g. consent) or any other individual notification becomes necessary due to the changes.<\/p>\r\n<p>Should we provide addresses and contact details of companies and organisations in this privacy policy, please note that addresses may change over time and we kindly request you to verify the details before making contact.<\/p>\r\n\r\n<h6 id=\"m42\">Definitions of terms<\/h6><p>In this section, you will receive an overview of the terminology used in this privacy policy. Where the terms are legally defined, their legal definitions shall apply. The following explanations, on the other hand, are primarily intended to aid understanding.<\/p>\r\n <ul class=\"glossary\"><li><strong>Employees<\/strong> Employees are individuals who are in an employment relationship, whether as staff, salaried employees, or in similar positions. An employment relationship is a legal connection between an employer and an employee, established by an employment contract or agreement. It includes the employer's obligation to pay remuneration to the employee in exchange for the employee performing their work. The employment relationship encompasses various stages, including its inception, when the employment contract is concluded; its execution, when the employee carries out their work activities; and its termination, when the employment relationship ends, whether through dismissal, mutual agreement, or otherwise. Employee data refers to all information relating to these individuals within the context of their employment. This includes aspects such as personal identification details, identification numbers, salary and banking information, working hours, holiday entitlements, health data, and performance appraisals. <\/li><li><strong>File data<\/strong> Inventory data encompasses essential information necessary for the identification and management of contractual partners, user accounts, profiles, and similar associations. This data may include personal and demographic details such as names, contact information (addresses, phone numbers, email addresses), dates of birth, and specific identifiers (user IDs), among others. Inventory data forms the basis for all formal interactions between individuals and services, facilities, or systems by enabling unambiguous assignment and communication. <\/li><li><strong>Content Delivery Network (CDN):<\/strong> A \"Content Delivery Network\" (CDN) is a service that uses regionally distributed servers connected via the internet to deliver the content of an online offering, particularly large media files such as graphics or program scripts, more quickly and securely. <\/li><li><strong>Contents data<\/strong> Content data includes information generated during the creation, editing, and publishing of all types of content. This category of data can include text, images, videos, audio files, and other multimedia content published across various platforms and media. Content data is not limited to the actual content itself, but also includes metadata that provides information about the content, such as tags, descriptions, author information, and publication dates. <\/li><li><strong>Contact details:<\/strong> Contact details are essential information that enable communication with individuals or organisations. They include, among other things, telephone numbers, postal addresses, and email addresses, as well as communication methods such as social media handles and instant messaging identifiers. <\/li><li><strong>Conversion measurement<\/strong> Conversion tracking (also known as \"visit action evaluation\") is a method for determining the effectiveness of marketing measures. As a general rule, this involves storing a cookie on users' devices within the websites where the marketing measures are implemented and then retrieving it again on the target website. For example, this allows us to ascertain whether advertisements placed by us on other websites have been successful. <\/li><li><strong>Meta, communication and processing data:<\/strong> Meta-, communication and process data are categories that contain information about how data is processed, transmitted and managed. Meta-data, also known as data about data, include information that describes the context, origin and structure of other data. They can include details about file size, creation date, document author and revision histories. Communication data capture the exchange of information between users via various channels, such as email traffic, call logs, social media messages and chat histories, including the individuals involved, timestamps and transmission paths. Process data describe the processes and workflows within systems or organisations, including workflow documentation, transaction and activity logs, as well as audit logs used for tracking and reviewing operations. <\/li><li><strong>Usage data<\/strong> Usage data refers to information that captures how users interact with digital products, services, or platforms. This data encompasses a wide range of information, illustrating how users engage with applications, which features they prefer, how long they spend on specific pages, and the paths they navigate through an application. Usage data can also include frequency of use, timestamps of activities, IP addresses, device information, and location data. It is particularly valuable for analysing user behaviour, optimising user experiences, personalising content, and improving products or services. Furthermore, usage data plays a crucial role in identifying trends, preferences, and potential problem areas within digital offerings. <\/li><li><strong>Personal data<\/strong> \"Personal data\" means any information relating to an identified or identifiable natural person (hereinafter referred to as the \"data subject\"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. <\/li><li><strong>Profiles with user-related information:<\/strong> The processing of \"profiles with user-related information\", or \"profiles\" for short, includes any form of automated processing of personal data which consists of using such personal data to analyse, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this can include various information concerning demographics, behaviour and interests, such as interaction with websites and their content, etc.) (e.g. interests in specific content or products, click behaviour on a website or location). Cookies and web beacons are frequently used for profiling purposes. <\/li><li><strong>Log data:<\/strong> Log data is information about events or activities that have been recorded in a system or network. This data typically contains information such as timestamps, IP addresses, user actions, error messages, and other details about the usage or operation of a system. Log data is often used for analysing system problems, security monitoring, or for generating performance reports. <\/li><li><strong>Reach measurement<\/strong> Reach measurement (also known as web analytics) is used to evaluate visitor traffic to an online offering and can include the behaviour or interests of visitors in specific information, such as website content. With the help of reach analysis, operators of online offerings can, for example, recognise at what times users visit their websites and what content they are interested in. This allows them, for example, to better adapt the content of the websites to the needs of their visitors. Pseudonymous cookies and web beacons are often used for reach analysis purposes to recognise repeat visitors and thus obtain more accurate analyses of the use of an online offering. <\/li><li><strong>Tracking<\/strong> \"Tracking\" refers to the ability to follow user behaviour across multiple online services. Typically, when it comes to the online services used, behavioural and interest information is stored in cookies or on the servers of the providers of the tracking technologies (so-called profiling). This information can then be used, for example, to show users advertisements that are likely to match their interests. <\/li><li><strong>Person in charge<\/strong> The \"controller\" is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. <\/li><li><strong>Processing<\/strong> \"Processing\" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term covers a wide range and includes practically any handling of data, be it the collection, evaluation, storage, transmission, or deletion. <\/li><li><strong>Contract details<\/strong> Contract data consists of specific details pertaining to the formalisation of an agreement between two or more parties. They document the terms and conditions under which services or products are provided, exchanged, or sold. This category of data is essential for managing and fulfilling contractual obligations and includes both the identification of the contracting parties and the specific terms and conditions of the agreement. Contract data can include the start and end dates of the contract, the type of services or products agreed upon, pricing arrangements, payment terms, termination rights, renewal options, and special conditions or clauses. They serve as the legal basis for the relationship between the parties and are crucial for clarifying rights and responsibilities, enforcing claims, and resolving disputes. <\/li><li><strong>Payment details<\/strong> Payment data includes all information required to process payment transactions between buyers and sellers. This data is of crucial importance for e-commerce, online banking, and any other form of financial transaction. It comprises details such as credit card numbers, bank details, payment amounts, transaction dates, verification numbers, and billing information. Payment data can also include information on payment status, chargebacks, authorisations, and fees. <\/li><li><strong>Target group formation<\/strong> Target audiences (English \"Custom Audiences\") are formed when target groups are identified for advertising purposes, e.g., for displaying advertisements. For example, a user's interest in certain products or topics on the internet can be used to infer that this user is interested in advertisements for similar products or for the online shop where they viewed the products. \"Lookalike Audiences\" (or similar target audiences) are formed when content deemed suitable is shown to users whose profiles or interests presumably correspond to the users for whom the profiles were created. Cookies and web beacons are generally used for the purpose of creating Custom Audiences and Lookalike Audiences. <\/li><\/ul><p class=\"seal\"><a href=\"https:\/\/datenschutz-generator.de\/\" title=\"Legal text from Dr. Schwenke - please click for further information.\" target=\"_blank\" rel=\"noopener noreferrer nofollow\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/datenschutz-generator.de\/wp-content\/plugins\/ts-dsg\/images\/dsg-seal\/dsg-seal-doc-de.png\" alt=\"Rechtstext von Dr. Schwenke - f\u00fcr weitere Informationen bitte anklicken.\" width=\"100\" height=\"100\"><\/a><\/p>\r\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>Datenschutzerkl\u00e4rung Pr\u00e4ambel Mit der folgenden Datenschutzerkl\u00e4rung m\u00f6chten wir Sie dar\u00fcber aufkl\u00e4ren, welche Arten Ihrer personenbezogenen Daten (nachfolgend auch kurz als &#8222;Daten&#8220; bezeichnet) wir zu welchen Zwecken und in welchem Umfang verarbeiten. Die Datenschutzerkl\u00e4rung gilt f\u00fcr alle von uns durchgef\u00fchrten Verarbeitungen personenbezogener Daten, sowohl im Rahmen der Erbringung unserer Leistungen als auch insbesondere auf unseren Webseiten, in mobilen Applikationen sowie innerhalb externer Onlinepr\u00e4senzen, wie z. B. unserer Social-Media-Profile (nachfolgend zusammenfassend bezeichnet als &#8222;Onlineangebot&#8220;). Die verwendeten Begriffe sind nicht geschlechtsspezifisch. Stand: 10. Dezember 2025 Inhalts\u00fcbersicht Pr\u00e4ambel Verantwortlicher \u00dcbersicht der Verarbeitungen Ma\u00dfgebliche Rechtsgrundlagen Sicherheitsma\u00dfnahmen \u00dcbermittlung von personenbezogenen Daten Internationale Datentransfers Allgemeine Informationen zur Datenspeicherung und L\u00f6schung Rechte der betroffenen Personen Gesch\u00e4ftliche Leistungen Gesch\u00e4ftsprozesse und -verfahren Einsatz von Online-Plattformen zu Angebots- und Vertriebszwecken Zahlungsverfahren Bereitstellung des Onlineangebots und Webhosting Einsatz von Cookies Blogs und Publikationsmedien Kontakt- und Anfrageverwaltung Videokonferenzen, Onlinemeetings, Webinare und Bildschirm-Sharing Cloud-Dienste Webanalyse, Monitoring und Optimierung Pr\u00e4senzen in sozialen Netzwerken (Social Media) Plug-ins und eingebettete Funktionen sowie Inhalte Management, Organisation und Hilfswerkzeuge \u00c4nderung und Aktualisierung Begriffsdefinitionen Verantwortlicher KOCH Consulting &#038; CoachingAlbina KochWeitegasse 69320 Arbon E-Mail-Adresse: office@albinakoch.com Impressum: albinakoch.com\/impressum \u00dcbersicht der Verarbeitungen Die nachfolgende \u00dcbersicht fasst die Arten der verarbeiteten Daten und die Zwecke ihrer Verarbeitung zusammen und verweist auf die betroffenen Personen. Arten der verarbeiteten Daten Bestandsdaten. Zahlungsdaten. Kontaktdaten. Inhaltsdaten. Vertragsdaten. Nutzungsdaten. Meta-, Kommunikations- und Verfahrensdaten. Bild- und\/ oder Videoaufnahmen. Tonaufnahmen. Protokolldaten. Kategorien betroffener Personen Leistungsempf\u00e4nger und Auftraggeber. Besch\u00e4ftigte. Interessenten. Kommunikationspartner. Nutzer. Gesch\u00e4fts- und Vertragspartner. Abgebildete Personen. Dritte Personen. Zwecke der Verarbeitung Erbringung vertraglicher Leistungen und Erf\u00fcllung vertraglicher Pflichten. Kommunikation. Sicherheitsma\u00dfnahmen. Reichweitenmessung. Tracking. B\u00fcro- und Organisationsverfahren. Konversionsmessung. Zielgruppenbildung. Organisations- und Verwaltungsverfahren. Content Delivery Network (CDN). Feedback. Marketing. Profile mit nutzerbezogenen Informationen. Bereitstellung unseres Onlineangebotes und Nutzerfreundlichkeit. Informationstechnische Infrastruktur. Finanz- und Zahlungsmanagement. \u00d6ffentlichkeitsarbeit. Absatzf\u00f6rderung. Gesch\u00e4ftsprozesse und betriebswirtschaftliche Verfahren. Ma\u00dfgebliche Rechtsgrundlagen Ma\u00dfgebliche Rechtsgrundlagen nach der DSGVO: Im Folgenden erhalten Sie eine \u00dcbersicht der Rechtsgrundlagen der DSGVO, auf deren Basis wir personenbezogene Daten verarbeiten. Bitte nehmen Sie zur Kenntnis, dass neben den Regelungen der DSGVO nationale Datenschutzvorgaben in Ihrem bzw. unserem Wohn- oder Sitzland gelten k\u00f6nnen. Sollten ferner im Einzelfall speziellere Rechtsgrundlagen ma\u00dfgeblich sein, teilen wir Ihnen diese in der Datenschutzerkl\u00e4rung mit. Einwilligung (Art. 6 Abs. 1 S. 1 lit. a) DSGVO) &#8211; Die betroffene Person hat ihre Einwilligung in die Verarbeitung der sie betreffenden personenbezogenen Daten f\u00fcr einen spezifischen Zweck oder mehrere bestimmte Zwecke gegeben. Vertragserf\u00fcllung und vorvertragliche Anfragen (Art. 6 Abs. 1 S. 1 lit. b) DSGVO) &#8211; Die Verarbeitung ist f\u00fcr die Erf\u00fcllung eines Vertrags, dessen Vertragspartei die betroffene Person ist, oder zur Durchf\u00fchrung vorvertraglicher Ma\u00dfnahmen erforderlich, die auf Anfrage der betroffenen Person erfolgen. Rechtliche Verpflichtung (Art. 6 Abs. 1 S. 1 lit. c) DSGVO) &#8211; Die Verarbeitung ist zur Erf\u00fcllung einer rechtlichen Verpflichtung erforderlich, der der Verantwortliche unterliegt. Berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f) DSGVO) &#8211; die Verarbeitung ist zur Wahrung der berechtigten Interessen des Verantwortlichen oder eines Dritten notwendig, vorausgesetzt, dass die Interessen, Grundrechte und Grundfreiheiten der betroffenen Person, die den Schutz personenbezogener Daten verlangen, nicht \u00fcberwiegen. Ma\u00dfgebliche Rechtsgrundlagen nach dem Schweizer Datenschutzgesetz: Wenn Sie sich in der Schweiz befinden, bearbeiten wir Ihre Daten auf Grundlage des Bundesgesetzes \u00fcber den Datenschutz (kurz \u201eSchweizer DSG&#8220;). Anders als beispielsweise die DSGVO sieht das Schweizer DSG grunds\u00e4tzlich nicht vor, dass eine Rechtsgrundlage f\u00fcr die Bearbeitung der Personendaten genannt werden muss und die Bearbeitung von Personendaten nach Treu und Glauben durchgef\u00fchrt wird, rechtm\u00e4\u00dfig und verh\u00e4ltnism\u00e4\u00dfig ist (Art. 6 Abs. 1 und 2 des Schweizer DSG). Zudem werden Personendaten von uns nur zu einem bestimmten, f\u00fcr die betroffene Person erkennbaren Zweck beschafft und nur so bearbeitet, wie es mit diesem Zweck vereinbar ist (Art. 6 Abs. 3 des Schweizer DSG). Hinweis auf Geltung DSGVO und Schweizer DSG: Diese Datenschutzhinweise dienen sowohl der Informationserteilung nach dem Schweizer DSG als auch nach der Datenschutzgrundverordnung (DSGVO). Aus diesem Grund bitten wir Sie zu beachten, dass aufgrund der breiteren r\u00e4umlichen Anwendung und Verst\u00e4ndlichkeit die Begriffe der DSGVO verwendet werden. Insbesondere statt der im Schweizer DSG verwendeten Begriffe \u201eBearbeitung&#8220; von \u201ePersonendaten&#8220;, &#8222;\u00fcberwiegendes Interesse&#8220; und &#8222;besonders sch\u00fctzenswerte Personendaten&#8220; werden die in der DSGVO verwendeten Begriffe \u201eVerarbeitung&#8220; von \u201epersonenbezogenen Daten&#8220; sowie &#8222;berechtigtes Interesse&#8220; und &#8222;besondere Kategorien von Daten&#8220; verwendet. Die gesetzliche Bedeutung der Begriffe wird jedoch im Rahmen der Geltung des Schweizer DSG weiterhin nach dem Schweizer DSG bestimmt. Sicherheitsma\u00dfnahmen Wir treffen nach Ma\u00dfgabe der gesetzlichen Vorgaben unter Ber\u00fccksichtigung des Stands der Technik, der Implementierungskosten und der Art, des Umfangs, der Umst\u00e4nde und der Zwecke der Verarbeitung sowie der unterschiedlichen Eintrittswahrscheinlichkeiten und des Ausma\u00dfes der Bedrohung der Rechte und Freiheiten nat\u00fcrlicher Personen geeignete technische und organisatorische Ma\u00dfnahmen, um ein dem Risiko angemessenes Schutzniveau zu gew\u00e4hrleisten. Zu den Ma\u00dfnahmen geh\u00f6ren insbesondere die Sicherung der Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit von Daten durch Kontrolle des physischen und elektronischen Zugangs zu den Daten als auch des sie betreffenden Zugriffs, der Eingabe, der Weitergabe, der Sicherung der Verf\u00fcgbarkeit und ihrer Trennung. Des Weiteren haben wir Verfahren eingerichtet, die eine Wahrnehmung von Betroffenenrechten, die L\u00f6schung von Daten und Reaktionen auf die Gef\u00e4hrdung der Daten gew\u00e4hrleisten. Ferner ber\u00fccksichtigen wir den Schutz personenbezogener Daten bereits bei der Entwicklung bzw. Auswahl von Hardware, Software sowie Verfahren entsprechend dem Prinzip des Datenschutzes, durch Technikgestaltung und durch datenschutzfreundliche Voreinstellungen. Sicherung von Online-Verbindungen durch TLS-\/SSL-Verschl\u00fcsselungstechnologie (HTTPS): Um die Daten der Nutzer, die \u00fcber unsere Online-Dienste \u00fcbertragen werden, vor unerlaubten Zugriffen zu sch\u00fctzen, setzen wir auf die TLS-\/SSL-Verschl\u00fcsselungstechnologie. Secure Sockets Layer (SSL) und Transport Layer Security (TLS) sind die Eckpfeiler der sicheren Daten\u00fcbertragung im Internet. Diese Technologien verschl\u00fcsseln die Informationen, die zwischen der Website oder App und dem Browser des Nutzers (oder zwischen zwei Servern) \u00fcbertragen werden, wodurch die Daten vor unbefugtem Zugriff gesch\u00fctzt sind. TLS, als die weiterentwickelte und sicherere Version von SSL, gew\u00e4hrleistet, dass alle Daten\u00fcbertragungen den h\u00f6chsten Sicherheitsstandards entsprechen. Wenn eine Website durch ein SSL-\/TLS-Zertifikat gesichert ist, wird dies durch die Anzeige von HTTPS in der URL signalisiert. Dies dient als ein Indikator f\u00fcr die Nutzer, dass ihre Daten sicher und verschl\u00fcsselt \u00fcbertragen werden. \u00dcbermittlung von personenbezogenen Daten Im Rahmen unserer Verarbeitung von personenbezogenen Daten kommt es vor, dass diese an andere Stellen, Unternehmen, rechtlich selbstst\u00e4ndige Organisationseinheiten<\/p>","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-6074","page","type-page","status-publish","hentry"],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/albinakoch.com\/en\/wp-json\/wp\/v2\/pages\/6074","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/albinakoch.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/albinakoch.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/albinakoch.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/albinakoch.com\/en\/wp-json\/wp\/v2\/comments?post=6074"}],"version-history":[{"count":19,"href":"https:\/\/albinakoch.com\/en\/wp-json\/wp\/v2\/pages\/6074\/revisions"}],"predecessor-version":[{"id":6392,"href":"https:\/\/albinakoch.com\/en\/wp-json\/wp\/v2\/pages\/6074\/revisions\/6392"}],"wp:attachment":[{"href":"https:\/\/albinakoch.com\/en\/wp-json\/wp\/v2\/media?parent=6074"}],"curies":[{"name":"WP","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}