Privacy Policy
Privacy Policy
Preamble
With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter referred to as “data”) that we process for which purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and particularly on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as “Online Offering”).
The terms used are not gender-specific.
As of: November 9, 2023
Table of Contents
- Preamble
- Responsible Party
- Overview of Processing
- Relevant Legal Foundations
- Security Measures
- Transmission of Personal Data
- Deletion of Data
- Rights of Affected Persons
- Use of Cookies
- Provision of the Online Offering and Web Hosting
- Blogs and Publication Media
- Contact and Inquiry Management
- Newsletters and Electronic Notifications
- Promotional Communication via Email, Mail, Fax, or Phone
- Web Analysis, Monitoring, and Optimization
- Plugins and Embedded Functions as well as Content
- Modification and Updating of the Privacy Policy
Responsible Party
Marion Massafra-Schneider
Bergstraße 19
85414 Kirchdorf
Email Address:
info@hccacademy.de
Imprint:
https://hccacademy.de/impressum
Overview of Processing
The following overview summarizes the types of processed data and the purposes of their processing and refers to the affected persons.
Types of Processed Data
- Inventory Data.
- Location Data.
- Contact Data.
- Content Data.
- Usage Data.
- Meta-, Communication-, and Procedure Data.
Categories of Affected Persons
- Communication Partners.
- Users.
Purposes of Processing
- Provision of contractual services and fulfillment of contractual obligations.
- Contact inquiries and communication.
- Security measures.
- Direct marketing.
- Measurement of reach.
- Management and response to inquiries.
- Firewall.
- Feedback.
- Profiles with user-related information.
- Provision of our online offering and user-friendliness.
- Information technology infrastructure.
Relevant Legal Foundations
Relevant Legal Foundations under the GDPR: Below is an overview of the legal foundations of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. If more specific legal foundations are relevant in individual cases, we will inform you of these in the privacy policy.
- Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR) – The affected person has given their consent to the processing of their personal data for a specific purpose or purposes.
- Contract Fulfillment and Pre-contractual Inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR) – The processing is necessary for the performance of a contract to which the affected person is a party or for the performance of pre-contractual measures taken at the request of the affected person.
- Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f) GDPR) – The processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, unless the interests or fundamental rights and freedoms of the affected person that require the protection of personal data override those interests.
National Data Protection Regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes in particular the Federal Data Protection Act (BDSG), which contains special provisions on the right of access, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and data transfer as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of individual federal states may apply.
Note on the Applicability of the GDPR and Swiss Data Protection Act: This privacy notice serves both as information pursuant to the Swiss Federal Act on Data Protection (Swiss DPA) and the General Data Protection Regulation (GDPR). Therefore, we ask you to note that, due to the broader geographical application and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms used in the Swiss DPA such as “processing” of “personal data,” “legitimate interest,” and “particularly sensitive personal data,” the terms used in the GDPR such as “processing” of “personal data” as well as “legitimate interest” and “special categories of data” are used. However, the legal meaning of the terms will still be determined under the applicability of the Swiss DPA.
Security Measures
We take adequate technical and organizational measures, taking into account the legal requirements, the current state of technology, the implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying probabilities of occurrence and the degree of threat to the rights and freedoms of natural persons, to ensure an appropriate level of protection.
Measures include ensuring the confidentiality, integrity, and availability of data through controlling physical and electronic access to the data and the related access, input, transfer, securing availability, and separation of those data. Furthermore, we have established procedures that enable the exercise of the rights of affected persons, the deletion of data, and responses to data breaches. Additionally, we take into account the protection of personal data already during the development or selection of hardware, software, and procedures in accordance with the principle of data protection through technology design and by default data protection settings.
TLS/SSL Encryption (https): To protect user data transmitted over our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting the data transferred between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured by an SSL/TLS certificate.
Transfer of Personal Data
In the course of our processing of personal data, it may occur that data is transferred to or disclosed to other entities, companies, legally independent organizational units, or persons. Recipients of this data may include, for example, service providers or providers of services and content that are integrated into a website and are engaged in IT tasks. In such cases, we observe the legal provisions and, in particular, conclude corresponding contracts or agreements that serve to protect your data with the recipients of your data.
Data transmission within the organization: We may transfer personal data to other units within our organization or grant them access to such data. If this transfer occurs for administrative purposes, the data transfer is based on our legitimate business interests or is necessary for fulfilling our contractual obligations or occurs when there is consent from the affected persons or a legal permission.
Deletion of Data
The data we process will be deleted in accordance with statutory requirements as soon as the consents for their processing are revoked or other permissions expire (e.g., when the purpose for processing such data no longer exists or they are no longer needed for the purpose). If data are not deleted because they are necessary for other and legally permissible purposes, their processing will be restricted to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or if their storage is required for the assertion, exercise, or defense of legal claims or to protect the rights of another natural or legal person. Our privacy notices may also contain further information regarding the retention and deletion of data that is primarily applicable to the respective processing activities.
Rights of Affected Persons
Rights of affected persons under the GDPR: As affected individuals, you have various rights under the GDPR, particularly arising from Articles 15 to 21 GDPR:
- Right to Object: You have the right to object at any time to the processing of your personal data based on your particular situation, which is carried out under Article 6 (1) lit. e or f GDPR; this also applies to profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct advertising.
- Right of Withdrawal of Consent: You have the right to withdraw consents given at any time.
- Right of Information: You have the right to request confirmation as to whether personal data concerning you is being processed and to request information about this data, as well as further details and a copy of the data in accordance with statutory provisions.
- Right to Rectification: You have the right to request the completion of your personal data or the rectification of incorrect personal data in accordance with statutory provisions.
- Right to Deletion and Restriction of Processing: You have the right to request the immediate deletion of your personal data, or alternatively, to request a restriction of the processing of your data in accordance with statutory provisions.
- Right to Data Portability: You have the right to receive personal data concerning you that you have provided to us, in a structured, commonly used, and machine-readable format, or to request the transmission to another controller in accordance with statutory provisions.
- Right to lodge a Complaint with a Supervisory Authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your usual residence, your workplace, or the place of the alleged infringement if you believe that the processing of personal data concerning you violates the provisions of the GDPR.
Use of Cookies
Cookies are small text files or other storage markers that store information on end devices and read information from the end devices. For example, to store the login status in a user account, the contents of a shopping cart in an online shop, the accessed contents, or functions used in an online offering. Cookies can also be used for various purposes, e.g., to ensure functionality, security, and convenience of online offerings as well as to create visitor stream analyses.
Consent Information: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users unless it is not legally required. Consent is particularly not necessary if the storage and reading of information, including cookies, is absolutely necessary to provide users with a telemedia service (i.e., our online offering) that they have explicitly requested. Cookies that are absolutely necessary usually include those with functions serving the display and operability of the online offering, load balancing, security, and the storage of user preferences and options or similar purposes related to providing the main and secondary functions of the online offering requested by users. The revocable consent is clearly communicated to users and includes information on the respective cookie usage.
Information on Data Protection Legal Bases: The legal basis for processing users’ personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the provided consent. Otherwise, the data processed by cookies is based on our legitimate interests (e.g., in the economic operation of our online offering and improving its usability) or, when this occurs within the scope of fulfilling our contractual obligations, when the use of cookies is necessary to fulfill our contractual obligations. We clarify the purposes for which cookies are processed within this privacy policy or as part of our consent and processing procedures.
Storage Duration: Regarding storage duration, the following types of cookies are differentiated:
- Temporary Cookies (also: Session or Temporary Cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their device (e.g., browser or mobile application).
- Permanent Cookies: Permanent cookies remain stored even after the end device is closed. For example, login status can be stored or preferred content displayed directly when users visit a website again. Additionally, data collected through cookies may be used for reach measurement. If we do not provide users with explicit information regarding the type and storage duration of cookies (e.g., during the consent request), users should assume that cookies are permanent and that the storage duration can be up to two years.
General Information on Withdrawal and Objection (so-called “Opt-Out”): Users can revoke their consents at any time and object to processing in accordance with statutory provisions. To do so, users can limit the use of cookies in their browser settings (whereby this may also limit the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be made via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.
- Legal Bases: Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) GDPR). Consent (Art. 6 Abs. 1 S. 1 lit. a) GDPR).
Further Information on Processing Procedures, Methods, and Services:
- Processing of Cookie Data Based on Consent: We use a cookie consent management procedure, in which user consents to the use of cookies, or the processing and providers mentioned in the cookie consent management procedure, are obtained, managed, and can be revoked by users. In this context, the consent declaration is stored to avoid having to repeat the query and to be able to demonstrate the consent in accordance with legal obligations. Storage can take place server-side and/or in a cookie (so-called opt-in cookie, or using comparable technologies) to associate the consent with a user or their device. Subject to individual specifications regarding the providers of cookie management services, the following information applies: The duration of storage of consent can be up to two years. In this context, a pseudonymous user identifier is created and stored together with the time of consent, information about the scope of consent (e.g., which categories of cookies and/or service providers) as well as the browser, system, and used device;Legal Bases: Consent (Art. 6 Abs. 1 S. 1 lit. a) GDPR).
- Complianz: Cookie consent management; Service Provider: Provided on servers and/or computers under their own data protection responsibility; Website: https://complianz.io/; Privacy Policy: https://complianz.io/legal/. Further Information: An individual user ID, language, types of consents, and the timing of the consents are stored server-side and in the cookie on the users’ device.
Provision of the Online Offering and Web Hosting
We process users’ data to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the contents and functions of our online services to the user’s browser or device.
- Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta-, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status); Content data (e.g., inputs in online forms).
- Affected Persons: Users (e.g., website visitors, users of online services).
- Purposes of Processing: Provision of our online offering and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); security measures. Firewall.
- Legal Bases: Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) GDPR).
Further information on processing processes, procedures, and services:
- Collection of access data and log files: Access to our online services is logged in the form of so-called “server log files.” Server log files may include the address and name of the accessed web pages and files, date and time of access, transferred data volumes, notification of successful retrieval, browser type and version, user’s operating system, referring URL (the previously visited page), and in most cases IP addresses along with the requesting provider. Server log files can be used for security purposes, such as avoiding server overload (especially in the event of abusive attacks, known as DDoS attacks), and to ensure server load and stability; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Data deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that is necessary for evidentiary purposes will be exempt from deletion until the resolution of the respective incident.
- STRATO: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacities); Service provider: STRATO AG, Pascalstraße 10, 10587 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.strato.de; Privacy policy: https://www.strato.de/datenschutz. Contract processing agreement: Provided by the service provider.
- WordPress.com: Hosting and software for creating, providing, and operating websites, blogs, and other online offers; Service provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://wordpress.com; Privacy policy: https://automattic.com/de/privacy/; Contract processing agreement: https://wordpress.com/support/data-processing-agreements/. Basis for third-country transfer: EU-US Data Privacy Framework (DPF).
- Sucuri: Firewall and security functions as well as error detection functions to identify and prevent unauthorized access attempts and technical vulnerabilities that could enable such access. For these purposes, cookies and similar necessary storage procedures may be employed, and security logs may be generated during inspections, especially in the event of unauthorized access. In this context, user IP addresses, a user identification number, and their activities including the time of access are processed and stored, as well as compared to and transmitted to data provided by the supplier of the firewall and security function; Service provider: Sucuri LLC., parent company: GoDaddy Media Temple, Inc. d/b/a Sucuri, 6060 Center Dr. Suite 500, Los Angeles CA 90045, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy policy: https://sucuri.net/privacy; Contract processing agreement: https://sucuri.net/dpa/; Basis for third-country transfer: Standard contractual clauses (https://sucuri.net/dpa/). Further information: https://sucuri.net/dpa/.
Blogs and Publishing Media
We use blogs or comparable means of online communication and publication (hereinafter “publishing medium”). The data of readers are processed for the purposes of the publishing medium only to the extent necessary for its representation and the communication between authors and readers, or for security reasons. Otherwise, we refer to the information regarding the processing of visitors to our publishing medium within this privacy notice.
- Processed data types: Inventory data (e.g., names, addresses); contact data (e.g., email, phone numbers); content data (e.g., entries in online forms); usage data (e.g., visited web pages, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, consent status).
- Affected persons: Users (e.g., website visitors, users of online services).
- Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; feedback (e.g., collecting feedback via online forms); provision of our online services and user-friendliness. Security measures.
- Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing processes, procedures, and services:
- UpdraftPlus: Backup software and backup storage; Service provider: Simba Hosting Ltd., 11, Barringer Way, St. Neots, Cambs., PE19 1LW, GB; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://updraftplus.com/. Privacy policy: https://updraftplus.com/data-protection-and-privacy-centre/.
Contact and Inquiry Management
When contacting us (e.g., via post, contact form, email, phone, or through social media), as well as in the context of existing user and business relationships, the information provided by the inquiring parties will be processed to the extent necessary to respond to inquiries and any requested actions
- Processed Data Types: Contact data (e.g., email, phone numbers); Content data (e.g., inputs in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
- Persons Affected: Communication partners.
- Purposes of Processing: Inquiries and communication; Management and response to inquiries; Feedback (e.g., collecting feedback via online form). Provision of our online offerings and user-friendliness.
- Legal Bases: Legitimate interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR). Fulfillment of contracts and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 lit. b) GDPR).
Additional Notes on Processing Processes, Procedures, and Services:
- Contact Form: When users contact us via our contact form, email, or other communication channels, we process the data provided to handle the stated concern; Legal Bases: Fulfillment of contracts and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR).
Newsletter and Electronic Notifications
We send newsletters, emails, and other electronic notifications (hereinafter “Newsletters”) only with the consent of the recipients or a legal permission. If the contents of a newsletter are specifically described during the subscription, they are decisive for the users’ consent. Otherwise, our newsletters contain information about our services and us.
To subscribe to our newsletters, generally it suffices to provide your email address. However, we may request a name for personalized addressing in the newsletter, or further information if necessary for the newsletter’s purposes.
Double Opt-In Procedure: Subscription to our newsletter generally occurs through a Double Opt-In procedure. That is, after subscribing, you will receive an email asking you to confirm your subscription. This confirmation is necessary to ensure that no one can register with someone else’s email address. Subscriptions to the newsletter are logged to document the subscription process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored with the email service provider are also logged.
Deletion and Restriction of Processing: We may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to verify any previously granted consent. The processing of this data is limited to the purpose of potentially defending against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed. In case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a suppression list (so-called “Blocklist”).
The logging of the registration process is based on our legitimate interests for the purpose of proving its proper conduct. If we engage a service provider for email distribution, this is based on our legitimate interests in an efficient and secure distribution system.
Contents:
Information about us, our services, promotions, and offers.
- Processed Data Types: Master data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status); Usage data (e.g., visited websites, interest in content, access times).
- Persons Affected: Communication partners.
- Purposes of Processing: Direct marketing (e.g., via email or postal mail).
- Legal Bases: Consent (Art. 6 Para. 1 Sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR).
- Right to Object (Opt-Out): You can unsubscribe from our newsletter at any time, i.e., withdraw your consent or oppose further receipt. A link to unsubscribe from the newsletter can be found either at the end of each newsletter or you can use one of the contact options provided above, preferably email, for this purpose
Further information on processing procedures, methods, and services:
- Measurement of open and click rates: The newsletters contain a so-called “web beacon”, i.e., a pixel-sized file that is retrieved from our server when the newsletter is opened, or, if we use a mailing service provider, from their server. During this retrieval, technical information, such as details about the browser and your system, your IP address, and the time of retrieval, is collected.
This information is used for the technical enhancement of our newsletters based on technical data or using audience insights and their reading behavior relative to their points of access (which can be determined using the IP address) or access times. This analysis also includes determining whether newsletters are opened, when they are opened, and which links are clicked. This information is assigned to individual newsletter recipients and stored in their profiles until deleted. The evaluations allow us to recognize the reading habits of our users and tailor our content or send different content according to the interests of our users.
The measurement of open and click rates as well as the storage of measurement results in users’ profiles – This text area must be unlocked with a premium license.
Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). - Mailchimp: Email sending and automation services; Service provider: Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://mailchimp.com; Privacy policy: https://mailchimp.com/legal/; Data processing agreement: https://mailchimp.com/legal/; Basis for third country transmission: EU-US Data Privacy Framework (DPF), Standard contractual clauses (Provided by the service provider). Further information: Special security measures: https://mailchimp.com/help/Mailchimp-european-data-transfers/.
Advertising communication via email, post, fax, or telephone
We process personal data for the purposes of advertising communication, which can occur through various channels, such as email, telephone, post, or fax, in accordance with legal requirements.
Recipients have the right to revoke any consent given at any time or to object to advertising communication at any time.
After revocation or objection, we store the data necessary to prove the previous entitlement to contact or send until three years after the end of the year of the revocation or objection based on our legitimate interests. The processing of this data is limited to the purpose of potentially defending against claims. Based on the legitimate interest in permanently considering the users’ revocations or objections, we also store the necessary data to avoid repeated contact (e.g., depending on the communication channel, the email address, telephone number, name).
- Processed data types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers).
- Affected persons: Communication partners.
- Purpose of processing: Direct marketing (e.g., via email or mail).
- Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Web analysis, monitoring, and optimization
Web analysis (also referred to as “reach measurement”) serves to evaluate the visitor flows of our online services and may encompass behaviors, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, identify when our online offerings or their functionalities or content are most frequently used or invite reuse. We can also track which areas require optimization.
In addition to web analysis, we may also use testing procedures to, for example, test and optimize different versions of our online offerings or their components.
Unless stated otherwise below, profiles may be created for these purposes, i.e., data summarized for a usage process may be recorded and stored in a browser or on a device and retrieved from it. The collected data includes particularly visited websites and used elements as well as technical information, such as the browser used, the computer system used, and usage times. If users have consented to the collection of their location data towards us or the providers of the services we use, location data may also be processed.
The IP addresses of users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by truncating the IP address) to protect users. Generally, no clear user data (such as email addresses or names) are stored within the framework of web analysis, A/B testing, and optimization, but rather pseudonymous data. This means we as well as the providers of the software used do not know the actual identity of users, but only the data stored for the purposes of the respective procedures in their profiles.
- Processed data types: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
- Affected persons: Users (e.g., website visitors, users of online services).
- Purpose of processing: Reach measurement (e.g., access statistics, recognition of returning visitors). Profiles with user-related information (Creating user profiles).
- Security measures: IP masking (pseudonymization of the IP address).
- Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
Further information about processing procedures, methods, and services:
- Google Optimize: Software for analyzing and optimizing online offerings based on feedback features, as well as pseudonymously conducted measurements and analyses of user behavior, which may include A/B tests (measuring the popularity and usability of different content and features), measuring click paths, and interactions with the content and features of the online offering; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: https://optimize.google.com; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms; Basis for third-country transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms). Further information: https://business.safety.google/adsservices/ (Types of processing and data processed).
Plugins and embedded features as well as content
We integrate functional and content elements into our online offerings that are obtained from the servers of their respective providers (hereinafter referred to as “third parties”). These may include, for example, graphics, videos, or maps (hereinafter collectively referred to as “content”).
The integration always requires that the third parties of these contents process the IP address of the users, as they could not send the contents to their browsers without the IP address. The IP address is therefore necessary for displaying these contents or functions. We strive to use only such contents whose respective providers use the IP address solely for delivering the contents. Third parties may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may further be stored in cookies on the users’ devices and contain technical information about the browser and operating system, referring websites, visit time, and other details regarding the use of our online offerings and can also be connected with such information from other sources.
- Types of processed data: Usage data (e.g., visited websites, interest in content, access times); Meta-, communication-, and procedural data (e.g., IP addresses, time stamps, identification numbers, consent status); Location data (information about the geographical position of a device or person); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms).
- Affected individuals: Users (e.g., website visitors, users of online services).
- Purposes of processing: Provision of our online offering and user-friendliness. Profiles with user-related information (creating user profiles).
- Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
Further information about processing procedures, methods, and services:
- Google Fonts (Hosted on Own Server): Provision of font files for user-friendly display of our online offerings; Service provider: Google Fonts are hosted on our server, no data is transmitted to Google; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
- Font Awesome (Hosted on Own Server): Display of fonts and symbols; Service provider: Font Awesome icons are hosted on our server, no data is transmitted to the Font Awesome provider; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
- Google Maps: We embed the maps from the “Google Maps” service by the provider Google. Processed data may include in particular users’ IP addresses and location data; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://mapsplatform.google.com/; Privacy Policy: https://policies.google.com/privacy. Basis for third-country transfer: EU-US Data Privacy Framework (DPF).
- Vimeo Video Player: Integration of a video player; Service provider: Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://vimeo.com; Privacy Policy: https://vimeo.com/privacy; Data Processing Agreement: https://vimeo.com/enterpriseterms/dpa. Basis for third-country transfer: Standard Contractual Clauses (https://vimeo.com/enterpriseterms/dpa).
Modification and Update of the Privacy Policy
We ask you to regularly inform yourself about the content of our privacy policy. We will adjust the privacy policy as soon as changes to our data processing make this necessary. We will inform you as soon as changes require an action on your part (e.g., consent) or any other individual notification.
If we provide addresses and contact information for companies and organizations in this privacy policy, please note that the addresses may change over time and we ask you to check the details before contacting.
Created with free Datenschutz-Generator.de by Dr. Thomas Schwenke