Privacy policy

1. Definitions

‍

The data protection declaration of Picture Framing GmbH is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance. We use the following terms, among others, in this privacy policy

‍

Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be directly or indirectly be identified by a paticular reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

‍

Data Subject

The data subject is any identified or identifiable natural person whose personal data is processed by the controller.

‍

Processing

Processing means any operation or set of operations which are performed upon personal data, whether or not by automatic means, such as collecting, recording, organizing, filing, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing or destructing.

‍

Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

‍

Consent

Consent shall mean any freely given indication of the data subject's wishes for the specific case in an informed and unambiguous manner in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

‍

Profiling

Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects related to a natural person, particularly to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

‍

Pseudonymization

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

‍

Controller or person responsible for the processing

The controller or person responsible for processing is the natural or legal person, public authority, agency or other which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

‍

Processor

Processor means a natural or legal person, public authority, agency or other that processes personal data on behalf of the Controller.

‍

Recipient

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

‍

Third Party

Third party means a natural or legal person, public authority, agency or other, other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

‍

2. Name and address of the controller

The responsible party within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature, is:

‍

Picture Framing GmbH
Managing Directors: Neele de Vries and David Knöbl
Eichenstraße 15
87648 Aitrang

‍

3. Contacting the person in charge  

If you have any questions regarding the collection and use of your personal data, or if you wish to request information, correction, blocking or deletion of data, please contact us in writing:

‍

Picture Framing GmbH
Managing Director: Neele de Vries or David Knöbl
Eichenstraße 15
87648 Aitrang

Phone: +49 8343 7859994
E-mail: datenschutz@mozaik-app.com

‍

4. Data protection officer

We have appointed a data protection officer for our company. Any data subject may also contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

‍

cona consulting GmbH
Hirschdorfer Str. 27a
87493 Lauben
Germany

Phone: +49 831 52389797
E-mail: johannes.landerer@cona-consulting.com

‍

5. Description and scope of data processing

On the one hand, your data is collected when you provide it to us. Other data is collected automatically or with your consent by our IT systems when you visit the website. This is mainly technical data. This data is collected automatically as soon as you enter this website. We process the following types of data:

‍

• General personal data and contact details such as e-mail, title, surname, first name, company name, position, industry, address, telephone number and similar data
• Company data for planning, control, processing, billing and verification
• Software and website usage data such as data on software usage, websites visited, interest in content, access times, IP addresses, device information, entries for testing the software, image files, video recordings, sound recordings, texts and similar data
  • This data can be added by users and included in the videos. It cannot be ruled out that personal data will be entered here

Data processing is carried out for the following purposes:

• Error-free provision of the website and the online offer, the respective functions and contents
• Responding to contact requests and communicating with users
• Security measures
• User behavior analysis/reach measurement/marketing
• Operation and maintenance purposes
• Collection, storage, transmission, sorting, blocking and deletion within the systems used
• Provision of software services, which is guaranteed as long as a user account exists. This includes the planning, creation, editing, storage and hosting of self-created videos

6. Legal basis of the processing

If the legal basis is not stated in our privacy policy, the following applies: Art. 6 I lit. a GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service or consideration, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. The processing would then be based on Art. 6 I lit. d GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 Sentence 2 GDPR).

‍

7. Cooperation with processors and third parties

If we disclose data to other persons and companies (processors and/or third parties) in the course of our processing, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

‍

If we commission third parties with the processing of data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 GDPR.

‍

8. Storage period

Unless a more specific storage period was specified within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in which case the data will be deleted once these reasons no longer apply.

‍

9. Data transfer to third countries

Among other things, tools from companies based in the USA or other third countries that are not secure under data protection law are integrated on our website. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.
‍

If we ourselves process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only take place if it is done to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR, i.e. the processing is carried out, for example, on the basis of special guarantees or in compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

‍

10. Hosting and content delivery networks (CDN)

This website and the services we offer are hosted by external service providers (hosters). The personal data collected on this website or through our services is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website or app access and other data generated via our website or one of our services.

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).

‍

Our hosters will only process your data to the extent that this is necessary to fulfill their service obligations and follow our instructions with regard to this data.

‍

We use the following hosts:

• 1&1 Internet SE, Eigendorferstr. 57, 86410 Montabaur, Germany
• IONOS SE, Eigendorferstr. 57, 86410 Montabaur, Germany
• Strato AG, Pascalstraße 10, 10587 Berlin, Germany
• Contabo GmbH, Aschauer Straße 31a, 81549 Munich, Germany
• marbis GmbH, Griesbachstraße 10, 76185 Karlsruhe, Germany
• Telekom Deutschland GmbH, Landgrabenweg 151, 53227 Bonn, Germany
• Hetzner Online GmbH, Industriestrasse 25, 91710 Gunzenhausen, Germany
• IBM Corporation, 1 New Orchard Road Armonk, New York 10504-1722 United States (Server location: Nuremberg/Frankfurt a. Main, Germany, alternative server within the EU)
• AZURE, Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052-6399 USA (server location: Frankfurt a. Main, Germany, alternative server within the EU)
• Kinsta Inc, 8605 Santa Monica Blvd #92581, West Hollywood, CA 90069, USA (server location: Frankfurt a. Main, Germany, alternative server within the EU)

To ensure data protection-compliant processing, we have concluded an order processing agreement with our hosts.

‍

Content Delivery Network (CDN) Fastly

Our website and certain services of Picture Framing GmbH use the Content Delivery Network (CDN) Fastly to deliver content. The type and scope of use can be set in the cookie settings. The CDN Fastly is operated by Fastly Inc, General Counsel 475 Brannan St, Suite 300 San Francisco, CA 94107. Fastly makes the content of our website available on various globally distributed servers, which shortens the loading time, increases reliability and improves protection against data loss. Content such as images and videos are partly obtained from the Fastly CDN. Information about your use of our website may be transferred to Fastly servers outside the EU and stored there. When transferring data to the USA or other third countries outside the EU that do not have an equivalent level of data protection to the GDPR, we conclude standard contractual clauses with Fastly and take other necessary measures to ensure an adequate level of data protection.

‍

Data processing by Fastly is carried out in the interest of greater reliability, increased protection against data loss and improved loading speed of the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. You can find Fastly's current privacy policy here: https://www.fastly.com/privacy

‍

Content Delivery Network (CDN) jsDelivr

Our website uses the Content Delivery Network (CDN) jsDelivr to deliver content. The type and scope can be set in the cookie settings. A CDN is a service used to deliver the content of our online offering, in particular large media files such as graphics or scripts, more quickly with the help of regionally distributed servers connected via the Internet. User data is processed solely for the aforementioned purposes and to maintain the security and functionality of the CDN. For this purpose, the browser you use can connect to the CDN servers. As a result, the CDN becomes aware that our website has been accessed via your IP address.

‍

Data processing by CDN jsDelivr already takes place when the website is used with the corresponding content. The use of the CDN jsDelivr is in the interest of higher reliability, increased protection against data loss and better loading speed of the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Further information can be found in the privacy policy of jsDelivr: https://www.jsdelivr.com/terms/privacy-policy

‍

11. SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us, as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

‍

If SSL or TLS encryption is activated, your transmitted data cannot be read by third parties.

‍

12. Cookies

Our website uses cookies. ''Cookies" are small files that are stored on users' computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his visit within an online offer. Temporary cookies, ("session cookies" or "transient cookies") are cookies that are deleted after a user leaves an online offer and closes his browser. Such a cookie may store the contents of a shopping cart in an online store or a login status. Cookies that remain stored even after the browser is closed are referred to as "permanent" or "persistent". For example, the login status can be stored if users visit after several days. Likewise, the interests of users can be stored in a cookie, which is then used for range measurement or marketing purposes. In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

‍

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising.

‍

Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the cookies in question are stored exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR); consent can be revoked at any time.

‍

If you do not want cookies to be stored on your computer, you can disable the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this website and/or our online offer.

‍

A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices or the EU website http://www.youronlinechoices.com. Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that you may then not be able to use all the functions of this website and/or our online offering.

‍

If cookies are used by third-party companies or for analysing purposes, we will inform you separately within the framework of this data protection declaration and, if necessary, request your consent.

‍

Cookiebot from Usercentrics GmbH

We use the consent management service Usercentrics, of Usercentrics GmbH, SendlingerStr. 7, 80331 Munich, Germany. (hereinafter: cookiebot). We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to cookiebot. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the error-free functioning of our website.

‍

You can prevent the collection as well as the processing of your data by cookiebot by disabling the execution of script code in your browser or by installing a script blocker in your browser.

‍

Further information on the handling of the transferred data can be found in cookiebot's privacy policy: https://usercentrics.com/de/datenschutzerklaerung

‍

Webflow

Webflow is a tool for creating and hosting websites. Webflow stores cookies or other recognition technologies that are required to display the page, to provide certain website functions and to ensure security (necessary cookies). Details can be found in Webflow's privacy policy: https://webflow.com/legal/eu-privacy-policy

The provider is Webflow, Inc, 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter referred to as Webflow). When you visit our website, Webflow collects various log files including your IP addresses.

The use of Webflow is based on Art. 6 para. 1 lit.f GDPR. We have a legitimate interest in displaying our website as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://webflow.com/legal/eu-privacy-policy

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/list

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

‍

13. Server log files

We, or our hosting providers, collect on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR, we collect data about every access to the server on which our services are located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

‍

This data is not merged with other data sources. This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - for this purpose, the server log files must be recorded. Log file information is stored for security reasons (e.g. to investigate misuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

‍

‍

14. Newsletter subscription

We only send you newsletters, e-mails and other electronic notifications with promotional information (hereinafter referred to as "newsletter") with your consent or legal permission. If the contents of a newsletter are specifically described in the registration, they are decisive for the consent. Otherwise, our newsletters contain information about our services and us.

‍

To subscribe to the newsletter, it is sufficient to enter your e-mail address. Optionally, we ask you to provide a name, for the purpose of personal address in the newsletter.

‍

Registration for our newsletter takes place in a so-called double opt-in process, i.e. after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other email addresses. The registrations for the newsletter are recorded, in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Likewise, the changes to your data stored with the shipping service provider are recorded.

‍

The newsletter and the performance measurement associated with it are sent on the basis of the consent of the recipients pursuant to Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with Section 7 para. 2 no. 3 UWG or on the basis of the legal permission pursuant to Section 7 para. 3 UWG.

‍

The registration process is logged on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. We are interested in using a user-friendly and secure newsletter system that serves both our business interests and the expectations of users and also allows us to provide proof of consent.

‍

You can unsubscribe from our newsletter at any time, i.e. revoke your consent. You will find a link to unsubscribe from the newsletter at the end of each newsletter. We may store the unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them for the purposes of sending the newsletter in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the event of obligations to permanently observe objections, we reserve the right to store the e-mail address in a block list solely for this purpose.

‍

The newsletters are sent by the mailing service providers "Hubspot" and "Sinch". Details can be found under point 16 "Contact".

‍

The dispatch service provider may use the data of the recipients in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. to technically optimize the dispatch and presentation of the newsletters or to use them for statistical purposes. However, the dispatch service provider does not use our newsletter recipients data to write to them or to pass the data on to third parties.

‍

15. Contact form

If you send us inquiries via the contact form, your data from the inquiry form including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

‍

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if this has been requested.

‍

The data you enter into the contact form will remain with us until you request its deletion, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.

‍

16. contact

by e-mail, telephone or fax, audio and video conferencing, help center and chat function

If you contact us by e-mail, chat function, telephone or fax, your request including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent. The data may be stored in a customer relationship management system ("CRM system") or an comparable inquiry organization.

‍

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if this has been requested.

‍

The data you send to us via contact requests will remain with us until you request its deletion, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g., after we have completed processing your request). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

‍

Audio and video conferencing, automated chatbot

To communicate with our customers, we use online conferencing tools and an automated chatbot, among other tools. The tools we use in detail are listed below. If you communicate with us via video or audio conference or chatbot via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.

‍

The conference tools thereby collect all data that you provide/enter to use the tools (e-mail address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other "context information" related to the communication process (metadata).

‍

Furthermore, the provider of the tool processes all technical data required to handle online communication. This particularly includes IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.

‍

If content is exchanged, uploaded or otherwise made available within the tool, it is also stored on the servers of the tool providers. Such content particularly includes cloud recordings, chat/ instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared during the use of the service.

‍

Please note that we do not have full influence on the data processing operations of the tools used. Our options are largely determined by the corporate policy of the respective provider. For further information on data processing by the conference tools, please refer to the data protection statements of the respective tools used, which we have listed below this text.

‍

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 sentence 1 lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). If consent has been requested, the tools in question are used on the basis of this consent; consent can be withdrawn at any time with effect for the future.

‍

The data collected directly by us via the video and conference tools is deleted from our systems as soon as you request its deletion, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal retention periods remain unaffected.

‍

We have no influence on the storage period of your data, stored by the conference tool operators, for their own purposes. For details, please contact the operators of the conference tools directly.

‍

We use the following tools:

‍

Google Meet

We use Google Meet. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on data processing can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de

‍

We have concluded an order processing agreement with the Google Meet provider and fully implement the strict requirements of the German data protection authorities when using Google Meet.

‍

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in making appointments with interested parties and customers as uncomplicated as possible. If consent has been requested, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; consent can be withdrawn at any time.

‍

Microsoft Teams

We use the Microsoft Teams tool to conduct telephone conferences, online meetings, video conferences and/or webinars. Microsoft Teams is a service of Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052-6399, USA. Various types of data are processed when using Microsoft Teams. The scope of the data also depends on the data you provide before or when participating in an online conference.

‍

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in conducting online conferences with interested parties and customers as easily as possible. If consent has been requested, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; consent can be withdrawn at any time.

‍

Details can be found in Microsoft's privacy policy: https://privacy.microsoft.com/de-de/privacystatement
‍

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

‍

We have concluded an order processing contract with Microsoft. This is a contract required by data protection law, which ensures that Microsoft only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

‍

Zoom

We use the Zoom tool at the customer's request to conduct telephone conferences, online meetings, video conferences and/or webinars. Zoom is a service of ZoomVideo Communications, Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA. Various types of data are processed when using Zoom. The processing also depends on how much and what information the participants of online conferences provide themselves.

‍

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in conducting online conferences with interested parties and customers as easily as possible. If consent has been requested, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; consent can be withdrawn at any time.

‍

Details can be found in Zoom's privacy policy: https://explore.zoom.us/de/privacy

‍

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

We have concluded an order processing contract with Zoom. This is a contract required by data protection law, which ensures that Zoom processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

‍

Other tools in this context

In addition to the conference tools, we also used other solutions:

‍

VYTE

We use the Vyte tool for scheduling and making appointments. Vyte is a service of 33 Av. du Maine, 75015 Paris, France.

‍

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in making appointments with interested parties and customers as uncomplicated as possible. If consent has been requested, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; consent can be withdrawn at any time.

‍

Details can be found in Vyte's privacy policy: https://blog.vyte.in/privacy-policy

‍

Hubspot CRM

We use Hubspot CRM on this website, among others. The provider is Hubspot Germany GmbH, Am Postbahnhof 17, 10243 Berlin, Germany (hereinafter Hubspot CRM).

‍

Among other things, Hubspot CRM enables us to manage existing and potential customers and customer contacts. With the help of Hubspot CRM, we are able to send, record, sort and analyze customer interactions and newsletters (comparison: point 14 of the privacy policy) via e-mail, chat, social media or telephone across various channels. The personal data collected in this way can be evaluated and used for communication with the potential customer or for marketing measures (e.g. newsletter mailings). With Hubspot CRM, we are also able to record and analyze the user behavior of our contacts on our website. Hubspot also offers the chat tool, which can be used for support and questions (cookie consent required).

‍

The use of Hubspot CRM is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the most efficient customer management and customer communication possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time. Details can be found in Hubspot's privacy policy: https://legal.hubspot.com/de/privacy-policy

‍

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.hubspot.de/data-privacy/privacy-shield

‍

We have concluded an order processing contract with Hubspot CRM. This is a contract required by data protection law, which ensures that Hubspot CRM only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

‍

The server location for Hubspot's data processing is always within the EU.

‍

The newsletter and the performance measurement associated with it are sent on the basis of the consent of the recipients pursuant to Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 UWG or on the basis of the legal permission pursuant to § 7 para. 3 UWG.

‍

The mailing service provider may use the data of the recipients in pseudonymous form, i.e. without allocation to a user, to optimize or improve its own services, e.g. for the technical optimization of the mailing and presentation of the newsletter or for statistical purposes. However, the mailing service provider does not use the data of our newsletter recipients to write to them itself or pass it on to third parties.

‍

Sinch Sweden AB

In addition to HubSpot CRM, the newsletter is also sent via the mailing service provider 'MailJet', a newsletter mailing platform of the Swedish provider SinchSweden AB, 112 18 Stockholm, Sweden. The privacy policy of the mailing service provider can be viewed here: https://www.mailjet.com/legal/privacy-policy

‍

The newsletter and the performance measurement associated with it are sent on the basis of the consent of the recipients pursuant to Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 UWG or on the basis of the legal permission pursuant to § 7 para. 3 UWG.

‍

The mailing service provider may use the data of the recipients in pseudonymous form, i.e. without allocation to a user, to optimize or improve its own services, e.g. for the technical optimization of the mailing and presentation of the newsletter or for statistical purposes. However, the mailing service provider does not use the data of our newsletter recipients to write to them itself or pass it on to third parties.

‍

Vitas

We use the telephone assistant from Vitas. The provider is VITAS GmbH, Zollhof 7, 90443 Nuremberg.

‍

Vitas' telephone assistant allows us to answer your telephone inquiries in an automated manner by automatically requesting initial information or forwarding it internally to ensure a quick turnaround.

‍

The use of Vita's telephone assistant is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in providing the most efficient customer service possible and answering customer inquiries by telephone. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

‍

For details, see Vitas' privacy policy: https://www.vitas.ai/datenschutz

‍

Stonly

We use Stonly for the support system and our help center. The provider is Stonly SAS 43 Rue du Président Wilson 92300 Levallois Perret, France Website: https://stonly.com

‍

The use of Stonly is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in providing the most efficient customer service and support and help overviews possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

‍

Information on the handling of user data can be found in the corresponding privacy policy: https://stonly.com/privacy

‍

17. Registration on this website

You can register on this website to use additional functions on the site. We only use the entered data for purposes of use regarding the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will reject the registration.

‍

For important changes, for example in the scope of the offer or in the case of technically necessary changes, we use the e-mail address provided during registration to inform you.

‍

The data entered during registration is processed for the purpose of implementing the user relationship established by the registration and, if necessary, for the initiation of further contracts (Art. 6 para. 1 lit. b GDPR).

‍

The data collected during registration will be stored by us as long as you are registered on this website and will then be deleted. Legal retention periods remain unaffected.

‍

18. Social media

We use social plug-ins on our website and in our other services on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. These enable interaction with social networks or other external platforms directly via our website or the other service. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for data protection-compliant operation must be guaranteed by the respective provider. We integrate these plug-ins using the so-called two-click method in order to provide you with the best possible protection. The interaction and the information collected via this application are always subject to the privacy settings made by the users for the respective social network.

‍

Social plug-ins may continue to collect web traffic data for the services from which they originate, even if users do not use those services.

‍

It is recommended to log out of the respective services to ensure that the processed data is not reconnected to the user's profile through this application.

‍

ShareThis

This website has its own social media pages that can be accessed via links from this website. Using the links will take you to the respective websites of the third-party providers (e.g. Facebook, X, Instagram) and you can also share the content of this website. No data is transferred when you access our website. As soon as you have accessed the third-party provider's website, you are in the area of responsibility of the respective third-party provider, so that their privacy policy or their declarations on data use also apply. We have no influence on this, but we recommend that you log out of the respective third-party provider before using a link in order to avoid unnecessary data transfer, so that usage profiles cannot be created by the third-party provider simply by using the link.

‍

Our website uses so-called social plugins ("plugins") of the social network ShareThis, which is operated by ShareThis, Inc, 4005 Miranda Avenue Suite 100, PaloAlto, CA 94304-1227 USA ("ShareThis"). An overview of the ShareThis plugins and their appearance can be found here: http://www.sharethis.com/get-sharing-tools

‍

When you access a page on our website that contains such a plugin, your browser establishes a direct connection to the ShareThis servers. The content of the plugin is transmitted by ShareThis directly to your browser and integrated into the page. Through the integration, ShareThis receives the information that your browser has accessed the corresponding page of our website and stores a cookie on your end device to identify your browser. This information (including your IP address) is transmitted directly from your browser to a ShareThis server in the USA and stored there. ShareThis uses the data to create anonymized user profiles, which serve as the basis for a personalized and interest-based advertising approach to visitors to websites with StareThis plugins.

‍

For the purpose and scope of data collection and the further processing and use of data by ShareThis, please refer to the StareThis privacy policy: http://www.sharethis.com/privacy

‍

You can also completely prevent the loading of the ShareThis plugins with add-ons for your browser, e.g. with the script blocker "NoScript " http://noscript.net

‍

Facebook Plugins (Like & Share Button)

Plugins from the social network Facebook are integrated on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries. You can recognize the Facebook plugins by the Facebook logo or the "Like" button on this website. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/?locale=de_DE

‍

When you visit this website, a direct connection is established between your browser and the Facebook server via the plugin. Facebook receives the information that you have visited this website with your IP address. If you click on the Facebook "Like" button while you are logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. You can find more information on this in Facebook's privacy policy at: https://de-de.facebook.com/privacy/explanation

If you do not want Facebook to be able to associate your visit to this website with your Facebook user account, please log out of your Facebook user account.

‍

The Facebook plugins are used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the widest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

‍

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. You can find the wording of the agreement at: https://www.facebook.com/legal/controller_addendum

‍

According to this agreement, we are responsible for providing privacy information regarding Facebook, when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of the Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

‍

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php

‍

X Plugin

Our website uses plugins from the social network x.com formerly twitter.com ("X"). X is offered by XCorp. based in San Francisco (USA); Twitter International Unlimited Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07, IRELAND, is responsible for data protection issues in the European Union. Only when you activate the respective plugin by clicking on the corresponding button will a direct connection to the provider's server be established (consent). Simply visiting our website does not trigger any data transmission.

‍

We would like to point out that, as the site operator, we have no knowledge of the content of the transmitted data or its use by X. You can change your data protection settings with X in the account settings. Further information on this can be found in X's privacy policy at https://x.com/de/privacy

‍

Instagram Plugin

Functions of the Instagram service are integrated on this website. These functions are offered by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.

‍

The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the widest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

‍

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.

You can find more information on this in Instagram's privacy policy: https://instagram.com/about/legal/privacy

‍

LinkedIn Plugin

This website uses functions of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. Each time you access a page on this website that contains LinkedIn functions, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited this website with your IP address. If you click on the LinkedIn "Recommend" button and are logged into your LinkedIn account, LinkedIn will be able to associate your visit to this website with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn.

‍

The LinkedIn plugin is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the widest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

‍

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de Further information can be found in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy

‍

Xing Plugin

Our website uses functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time one of our pages containing XING functions is accessed, a connection to XING servers is established. To the best of our knowledge, no personal data is stored in the process. In particular, no IP addresses are stored or usage behavior evaluated.

‍

The XING plugin is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the widest possible visibility in social media.

‍

Further information on data protection and the XING Share button can be found in XING's privacy policy at: https://www.xing.com/app/share?op=data_protection

‍

Pinterest Plugin

On our website, we use social plugins from the social network Pinterest, which is operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA ("Pinterest"). When you visit a page that contains such a plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits log data to the Pinterest server in the USA. This log data may contain your IP address, the address of the websites visited that also contain Pinterest functions, the type and settings of the browser, the date and time of the request, your use of Pinterest and cookies.

‍

The Pinterest plugin is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the widest possible visibility in social media.

‍

Further information on the purpose, scope and further processing and use of the data by Pinterest as well as your rights and options for protecting your privacy in this regard can be found in Pinterest's privacy policy: https://about.pinterest.com/de/privacy-policy

‍

19. Analysis tools and advertising

Segment

This website uses the software of Segment, a service of Twilio Germany GmbH (Rosenheimer Str. 143C, 81671 Munich, Germany and Segment.io Inc, 101 Spear Street, Fl. 1San Francisco, CA 94105-1580, USA (hereinafter "Segment"). Segment helps us to manage the data collected by the third-party providers using the tools described below and stores data in pseudonymous usage profiles. These usage profiles are used to analyze visitor behavior and are evaluated to improve our offering. Cookies can be used for this purpose, which enable us to recognize you when you visit our website again. The pseudonymized user profiles are not merged with personal data about the bearer of the pseudonym without separate, express consent.

‍

The legal basis for the use of Segment is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the evaluation of the use of our website.

‍

To object to the cookie-based processing of the use of Segment, you can suppress the storage of cookies via your browser settings. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find more information in Segment.io's privacy policy and data protection guidelines: https://segment.com/docs/legal/privacy

‍

Mixpanel

This website uses the software of Mixpanel, provider is Mixpanel Inc, One Front Street, 28th Floor, San Francisco, CA 94111, USA. Mixpanel is a business analytics service provider. We use Mixpanel's software to track user interactions on our web and mobile applications.

‍

The legal basis for the use of Segment is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the evaluation of the use of our website.

‍

Further information on data collection and processing by Mixpanel can be found in the privacy policy: https://mixpanel.com/legal/privacy-policy

‍

Google Tag Manager

We use the Google Tag Manager, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

‍

The Google Tag Manager is a tool that allows us to embed tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, store cookies or perform any independent analyses. It only serves to manage and play out the tools integrated through it. However, the Google Tag Manager collects your IP address, which may also be transferred to Google's parent company in the United States.

‍

The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

‍

Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

‍

Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, duration of visits, operating systems used and origin of the user. This data may be summarized by Google in a profile that is assigned to the respective user or their end device.

‍

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

‍

This analysis tool is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

‍

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs

‍

We have activated the IP anonymization function on this website. That means that your IP address is shortened by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area, before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

‍

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

‍Wehave entered into a contract data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

‍

Google Analytics E-commerce Tracking

This website uses the "e-commerce tracking" function of Google Analytics. With the help of e-commerce tracking, the website operator can analyze the purchasing behavior of website visitors to improve its online marketing campaigns. This involves recording information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product. This data can be summarized by Google under a transaction ID, which is assigned to the respective user or his device.

‍

Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized or deleted after 14 months. For details, please see the following link: https://support.google.com/analytics/answer/7667196?hl=de

‍

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. With the help of Google conversion tracking, Google and we can recognize whether the user has performed certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We find out the total number of users who have clicked on our ads and what actions they have taken. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.

‍

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time. You can find more information about Google Conversion Tracking in Google's privacy policy: https://policies.google.com/privacy?hl=de

‍

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780

‍

Google Ads

The website operator uses Google Ads, which is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

‍

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be played on the basis of user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms have led to the display of our advertisements and how many ads have resulted in corresponding clicks.

‍

The use of Google Ads is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in marketing its products and services as effectively as possible.

‍

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs

‍

IONOS WebAnalytics

‍

This website uses the analysis services of IONOS WebAnalytics (hereinafter: IONOS). The provider is 1&1 IONOS SE, Elgendorfer Straße 57, D - 56410 Montabaur.

‍

As part of the analyses with IONOS, visitor numbers and behavior (e.g. number of page views, duration of a website visit, bounce rates), visitor sources (i.e. which page the visitor comes from), visitor locations and technical data (browser and operating system versions) can be analyzed.

‍

For this purpose, IONOS stores the following data in particular:

• Referrer (previously visited website)
• Requested web page or file
• Browser type and version
• Operating system used
• Device type used
• Time of access
• IP address in anonymized form (used only to determine the location of access)

According to IONOS, the data collection is completely anonymized, so that it cannot be traced back to individual persons. Cookies are not stored by IONOS WebAnalytics.

‍

The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the statistical analysis of user behaviour in order to optimize both its website and its advertising. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

‍

Further information on data collection and processing by IONOS WebAnalytics can be found in the IONOS privacy policy at the following link: https://www.ionos.de/terms-gtc/index.php?id=6

‍

We have concluded an order processing contract with IONOS. This contract is intended to ensure data protection-compliant handling of your personal data by IONOS.

‍

Microsoft BingAds

The website uses the remarketing function "Bing Ads" of Microsoft Corporation One Microsoft Way, Redmond, WA 98052-6399, USA. ("Microsoft Advertising"). Microsoft Bing Ads stores a cookie on your computer if you have reached our website via a Microsoft Bing ad. In this way, Microsoft Bing and we can recognize that someone has clicked on an ad, has been redirected to our website and has reached a predetermined target page (conversion page). We only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the identity of the user is disclosed.

‍

If you do not want information about your behavior to be used by Microsoft as explained above, you can refuse the setting of a cookie required for this - for example, by using a browser setting that generally deactivates the automatic setting of cookies. You can also prevent the collection of data generated by the cookie and related to your use of the website and the processing of this data by Microsoft by clicking on the following link: http://choice.microsoft.com/de-DE/opt-out to declare your objection. Further information on data protection and the cookies used by Microsoft and Bing Ads can be found on the Microsoft website at https://privacy.microsoft.com/de-de/privacystatement

‍

Meta pixel

This website uses the visitor action pixel from Meta to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

‍

This allows the behavior of page visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

‍

The data collected is anonymous for us as the operator of this website; we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy (https://de-de.facebook.com/privacy/policy). This allows Facebook to place advertisements on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.

‍

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

‍

We use the advanced matching function within the meta pixel. Advanced matching enables us to transmit various types of data (e.g. place of residence, state, zip code, hashed email addresses, name, gender, date of birth or telephone number) of our customers and prospects that we collect via our website to Meta (Facebook). This activation allows us to tailor our advertising campaigns on Facebook even more precisely to people who are interested in our offers. In addition, the extended matching improves the allocation of website conversions and expands Custom Audiences.

‍

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. You can find the wording of the agreement at: https://www.facebook.com/legal/controller_addendum

‍

According to this agreement, we are responsible for providing privacy information regarding Facebook, when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of the Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

‍

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum and here: https://de-de.facebook.com/help/566994660333381

‍

You can find further information on protecting your privacy in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/

‍

You can also deactivate the remarketing function "Custom Audiences" in the settings for advertisements at https://www.facebook.com/adpreferences/?entry_product=ad_preferences_delegation. You must be logged in to Facebook to do this.

‍

If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: https://www.youronlinechoices.com/de/praferenzmanagement‍

‍

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/list

‍

LinkedIn Insight Tag

This website uses the Insight tag from LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. With the help of the LinkedIn Insight Tag, we receive information about visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyze the key professional data (e.g. career level, company size, country, location, industry and job title) of our website visitors and thus better tailor our site to the respective target groups. We can also use LinkedIn Insight Tags to measure whether visitors to our websites make a purchase or take another action (conversion measurement). Conversion measurement can also be carried out across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting function that allows us to display targeted advertising to visitors to our website outside the website, whereby, according to LinkedIn, no identification of the advertising addressee takes place.

‍

LinkedIn itself also collects log files (URL, referrer URL, IP address, device and browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days and the data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the personal data collected from website visitors on its servers in the USA and use it for its own advertising purposes. Details can be found in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy#choices-oblig

‍

The use of LinkedInInsight is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in effective advertising measures, including social media. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

‍

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. details can be found here: https://www.linkedin.com/legal/l/dpa and here: https://www.linkedin.com/legal/l/eu-sccs

‍

You can object to the analysis of usage behavior and targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

‍

Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in the account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

‍

We have concluded an order processing contract with LinkedIn.

‍

Analysis and optimization service Hotjar

We use Hotjar, an analysis software of Hotjar Ltd, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta ("Hotjar"). With the help of the information obtained thanks to Hotjar, we can analyze and improve the use of our online offer.

‍

The data of the users of our online offering is stored and analyzed solely for this purpose. We use Hotjar to analyze our online offer and not the individual users. User data is therefore pseudonymized and processed within the European Union and on the basis of the order processing contract offered by Hotjar. User entries, e.g. in forms or keystrokes, are not processed, i.e. neither stored by Hotjar nor transmitted to Hotjar (unless these entries are recognizably intended for users for evaluation purposes, e.g. in feedback forms).

‍

For the before purposes, Hotjar stores cookies with a pseudonymous identification number on users' devices and evaluates them. The cookies that Hotjar uses have different "lifetimes"; some remain valid for up to 365 days, and some only remain valid for the current visit.

‍

The processed data of the users in particular include:

• Devices and metadata: IP address of the terminal device (it is collected and stored in anonymized format form), resolution of the screen/displays of the terminal device screen, type of terminal device (individual terminal device identifiers), operating system, and browser type, referring URL and domain;
• geographic location (country only);
• Usage data and log data: Date and time when the online offer was accessed, preferred language, user interactions such as mouse events (movements, position and clicks), keystrokes, web pages accessed and interactions with their content and functions.
• Content data: Submissions in the context of surveys and feedback forms.If we ask users for consent (e.g. in the context of cookie consent), the legal basis for this processing is Art. 6 para. 1 lit. a. GDPR. Otherwise, users' personal data is processed on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR). GDPR).

Users can prevent the collection of data by Hotjar by using the Do-Not-Track settings of their browser or by clicking on the following link and following the instructions there: https://www.hotjar.com/legal/compliance/opt-out

‍

You can find more information in Hotjar's privacy policy and cookie policy: https://www.hotjar.com/legal/policies/privacyand https://www.hotjar.com/legal/policies/cookie-information

‍

20. Other plugins and tools

‍

YouTube with enhanced privacy

This website integrates videos from YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

‍

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells YouTube's server which of our pages you visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

‍

Furthermore, after starting a video, YouTube may store various cookies on your end device or use comparable recognition technologies (e.g. device fingerprinting). That way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and to prevent fraud attempts.

‍

If necessary, further data processing operations may be triggered after the start of a YouTube video, which we have no control over.

‍

The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

‍

You can find more information about data protection at YouTube in their privacy policy at: https://policies.google.com/privacy?hl=de

‍

Vimeo without tracking (Do-Not-Track)

This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA. When you visit one of our pages equipped with Vimeo videos, a connection to the Vimeo servers is established. This tells the Vimeo server which of our pages you have visited. Vimeo also obtains your IP address. However, we have configured Vimeo so that Vimeo does not track your user activities and does not set any cookies.

‍

The use of Vimeo is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

‍

The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on "legitimate business interests". You can find details here: https://vimeo.com/privacy

‍

Further information on the handling of user data can be found in Vimeo's privacy policy at: https://vimeo.com/privacy

‍

Google Fonts

This site uses so-called web fonts for the uniform display of fonts, which are provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. When access a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

‍

For this purpose, the browser you are using must connect to Google's servers. This informs Google that this website has been accessed via your IP address. The use of Google WebFonts is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

‍

If your browser does not support web fonts, a default font is used by your computer.

‍

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy. Opt-Out: https://adssettings.google.com/authenticated  

‍

Adobe Fonts

This website uses web fonts from Adobe for the uniform display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).

‍

Once you call up this website, your browser directly loads the required fonts from Adobe so that they can be displayed correctly on your terminal device. In doing so, your browser establishes a connection to Adobe's servers in the USA. This enables Adobe to know that your IP address has been used to access this website. According to Adobe, no cookies are stored when the fonts are provided.

‍

The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

‍

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.adobe.com/de/privacy/eudatatransfers.html

‍

You can find more information about Adobe Fonts at: https://www.adobe.com/de/privacy/policies/adobe-fonts.html

‍

Adobe's privacy policy can be found at: https://www.adobe.com/de/privacy/policy.html

‍

Font Awesome

This site uses Font Awesome for a uniform display of fonts and symbols. Provider is Fonticons, Inc, 6 Porter Road Apartment 3R, Cambridge, Massachusetts, USA.

‍

When you call up a page, your browser loads the required fonts into your browser cache in order to display texts, fonts and symbols correctly. For this purpose, the browser you are using must connect to Font Awesome's servers. This gives Font Awesome knowledge that this website has been accessed via your IP address. The use of Font Awesome is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the uniform presentation of the typeface on our website. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

‍

If your browser does not support Font Awesome, a default font is used by your computer.

‍

For more information about Font Awesome, please see Font Awesome's privacy policy at: https://fontawesome.com/privacy.  

‍

Google Maps

This site uses the map service Google Maps. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

‍

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.

‍

The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

‍

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/gdprcontrollerterms and here: https://privacy.google.com/businesses/gdprcontrollerterms/sccs‍

You can find more information on the handling of user data in Google's privacy policy: https://www.google.com/policies/privacy

‍

Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

‍

The purpose of reCAPTCHA is to check whether the data input on this website (e.g. in a contact form) was made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis automatically starts as soon as the website visitor opens the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

‍

The reCAPTCHA analyses run completely in the background. Website visitors are not notified that an analysis is taking place.

‍

The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

‍

For more information about Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Use at the following links: https://www.google.com/policies/privacy and https://policies.google.com/terms?hl=de Opt-Out: https://adssettings.google.com/authenticated

‍

AECH CO (Mindstamp)

We use Mindstamp services to create interactive video experiences. Mindstamp is a service of AECH CO, 303 Miami Avenue, Indialantic, Florida, 32903 for the creation and provision of interactive video experiences. We use Mindstamp to better explain our services and company to you and to make the content of our work easy to understand.

‍

As part of the service, Mindstamp only processes timestamps of the visit and anonymized session cookies are created, which collect the visitor's interactions in the video as data points. In addition, the session duration and information about the browser type and IP address are stored. Please note that Mindstamp also operates servers located in the USA, from which video experiences can be provided.

‍

The use of Mindstamp is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Further information can be found at https://mindstamp.io/legal/privacy-policy

‍

Typeform

We use the Typeform service on our website. The provider of the service is TYPEFORM SL, Carrer Bac de Roda, 163, local, 08018 Barcelona, Spain.

‍

The use of the service may result in data being transferred to a third country (USA). The provider is certified in accordance with the EU-U.S. Data Privacy Framework and therefore offers an appropriate level of data protection.

‍

Further information can be found in the provider's data protection information at the following URL: https://admin.typeform.com/to/dwk6gt

‍

Api.video

This website and other Picture Framing GmbH services are provided by the video provider Api.Video. The provider is API.VIDEO SAS, 13 rue Boudet 33000 Bordeaux, France.

‍

When you visit one of our pages equipped with a video, a connection to the Api.Video servers can be established. The Api.Video server is informed which of our pages you have visited. Api.Video also obtains your IP address. If the Mozaik application is used, further personal data and other data will also be sent to Api.Video, provided that you have given your consent. Api.Video uses cookies or comparable recognition technologies (e.g. device fingerprinting) to recognize website visitors.

‍

The use of Api.Video is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

‍

Further information on the handling of user data can be found in API.VIDEO's privacy policy at: https://api.video/privacy-policy

‍

jQuery

Software frameworks facilitate interaction with a platform by creating a standardized interface to it. Frameworks are used to reduce the development effort for recurring software requirements and to ensure the reusability of code and functions. Some software frameworks implement security features to prevent improper use of the website. Software frameworks can increase functionality, accessibility, security and performance with little effort. Other areas of application can also be covered with software frameworks. We use the jQuery service on our website. The provider of the service is the OpenJS Foundation, 1 Letterman Dr, Ste D4700, San Francisco, California, 94129, USA.

‍

Processing will only take place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data will not be processed in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will terminate this data processing. This does not affect the legality of the processing carried out up to the point of withdrawal.

‍

Further information can be found in the provider's data protection information at the following URL: https://openjsf.org/wp-content/uploads/sites/84/2021/04/OpenJS-Foundation-Privacy-Policy-2019-11-15.pdf

‍

Weglot

‍

Functions of the Weglot translation service are integrated on this website. The provider is Weglot SAS, 138, rue Pierre Joigneaux in Bois-Colombes 92270 France. Weglot is loaded when you access the website so that you can change the language to a language other than German using the language icon on the website. This allows a direct connection to be established between your browser and the Weglot server when you visit this website. Weglot then receives the information that you have visited this website with your IP address.

‍

The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. A corresponding consent is requested via the cookie and data protection settings of the website. The processing then takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR.

‍

Consent can be revoked at any time via the data protection settings. Further information on this can be found in Weglot's privacy policy: https://weglot.com/privacy/

‍

21. Routine deletion and blocking of personal data

The person responsible only processes and stores the data subject's personal data for the amount of time necessary, to achieve the purpose of storage or as stated by the European Directive and Regulation or other legislator in laws or regulations to which the controller is subject.

‍

If the purpose of storage no longer applies or if a storage period prescribed by the European Directive and Regulation or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

‍

‍

22. Rights of the data subject

According to applicable laws, you have various rights regarding your personal data. If you wish to exercise these rights, please send your request, clearly identifying yourself, to the address mentioned under "Contact the responsible person". Below you will find an overview of your rights:

‍

Right to confirmation

Every data subject has been granted the right by the European Directive and Regulation, to obtain confirmation from the data controller as to whether personal data concerning him or her are being processed, or not.  

‍

Right to information

Any person affected by the processing of personal data has been granted the right by the European Directive and Regulation, to obtain information about the personal data stored about him or her and a copy of that information free of charge at any time from the controller. Furthermore, the European Directive and Regulation has granted the data subject access to the following information:

• the processing purposes
• the categories of personal data that are processed
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations
• if possible, the planned storage duration of the personal data or, if not possible, the criteria for determining this duration
• the existence of a right to obtain the rectification or erasure of personal data concerning him or her, or the restriction of processing the personal data by the controller, or a right to object to such processing
• the existence of a right of appeal to a supervisory authority
• if the personal data are not collected from the data subject: All available information about the origin of the data
• the existence of automated decision-making, including profiling, pursuant to Article 22 (1) and (4) of the GDPR and - at least in these cases - meaningful information about the logic involved, the scope and intended effects of such processing for the data subject

Furthermore, the data subject shall have the right to obtain information as to whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.

‍

Right to rectification

Any person affected by the processing of personal data has been granted the right to request the immediate rectification of inaccurate personal data concerning him or her by the European Directive and Regulation. Furthermore, the data subject has the right to request the completion of incomplete personal data - also by means of a supplementary declaration - taking into account the purposes of the processing.

‍

Right to erasure (right to be forgotten)

Any person affected by the processing of personal data has been granted the right by the European Directive and Regulation, to demand  the immediate erasure of their personal data, if one of the following reasons applies and insofar as the processing is not necessary:

• The personal data was collected or processed for purposes it is no longer necessary for.
• The data subject revokes the consent on which the processing was based pursuant to Art. 6(1) a. GDPR or Art. 9(2) a. GDPR and there is no other legal basis for the processing.
• The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
• The personal data was unlawfully processed.
• The deletion of the personal data is necessary for complying with a legal obligation under Union or Member State law to which the controller is subject.
• The personal data was collected in relation to offered information society services pursuant to Art. 8 (1) GDPR.

If the personal data has been made public by the Picture Framing GmbH and our company as the responsible party is obliged to delete the personal data pursuant to Art. 17 Para. 1 GDPR, Picture Framing GmbH shall implement reasonable measures, taking into account the available technology and the cost of implementation, in order to inform other data controllers, that process the personal data published, that the data subject has requested for them to erase all links to the personal data or copies or replications of the personal data, unless the processing is necessary.  

‍

Right to restriction of processing

Any person affected by the processing of personal data has been granted the right by the European Directive and Regulation, to demand the restriction of processing from the responsible person if one of the following conditions is met:

• The accuracy of the personal data is contested by the person responsible for a time period that enables the data controller to verify the accuracy of the personal data.
• The processing is unlawful, the data subject objects to the erasure of the personal data and instead requests the restriction of its use.
• The data controller no longer needs the personal data for the purposes of processing, but the data subject needs it for the assertion, exercise or defense of legal claims.
• The data subject has objected to the processing pursuant to Article 21(1) of the GDPR and it is not clear yet whether the legitimate grounds of the data controller override those of the data subject.

‍

Right to data portability

Any person affected by the processing of personal data has been granted the right by the European Directive and Regulation, to receive the personal data they provided to the person responsible, in a structured, commonly used and machine-readable format. He or she also has the right to transmit this data to another person responsible without hindrance from the person responsible to whom the personal data have been provided, given that the processing is based on consent pursuant to Article 6(1) a. of the GDPR or Article 9(2) a. of the GDPR or on a contract pursuant to Article 6(1) b. of the GDPR and the processing is carried out by automated means and the processing is unnecessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the person resposible.

Furthermore, when exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to obtain that the personal data be transferred directly from one data controller to another data controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.

‍

Right to object

Any person affected by the processing of personal data has been granted the right by the European Directive and Regulation to object to the processing of personal data concerning him or her carried out on the basis of Article 6(1) e. or f. of the GDPR, at any time on grounds relating to his or her particular situation. This also applies to profiling based on these provisions.

The Picture Framing GmbH shall no longer process the personal data in the event of the objection, unless we can prove to have compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing is required for the assertion, exercise or defense of legal claims.

If the Picture Framing GmbH processes personal data for the purpose of direct advertising, the data subject shall have the right to object to the processing of their personal data for such marketing at any time. This also applies to profiling, as far as it is related to such direct advertising. If the data subject objects to the processing for direct advertising purposes by the Picture Framing GmbH, the Picture Framing GmbH will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of their personal data, carried out by the Picture Framing GmbH for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the General Data Protection Regulation, unless such processing is necessary for the performance of a task carried out in the public interest.

The legality of the data processing carried out until the revocation remains unaffected by the revocation.

‍

Automated decisions in individual cases including profiling

Any data subject affected by the processing of personal data shall have the right, granted by the European Directive and the Regulation, to not be subjected to a decision based solely on automated processing, including profiling, which creates legal effects concerning him or her or similarly significantly affects him or her, as long as the decision (1) is not necessary for entering into, or for the performance of, a contract between the data subject and the data controller, or (2) is permitted by Union or Member State law, the controller is subject to, that contains suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is based on the data subject's explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and the data controller, or (2) is made with the data subject's explicit consent, the PCK IT Solutions GmbH shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, which at least include the right to obtain the data subject's involvement on the part of the controller, to express his or her point of view and to contest the decision.

‍

Right to revoke consent under data protection law

Any person affected by the processing of personal data has been granted the right by the European Directive and Regulation to withdraw consent to the processing of personal data at any time.

‍

Right to complain to a supervisory authority

In the event of breaches of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to other administrative or judicial remedies.

The supervisory authority responsible for Picture Framing GmbH is:

‍

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 27
91522 Ansbach

‍

23. Data protection during applications and the application process

We offer the opportunity to apply to us (e.g. by e-mail, by post or via online application form). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with the applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.

‍

If you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes taken during job interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG-new under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and - if you have given your consent - Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.

‍

If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of § 26 BDSG-new and Art. 6 para. 1 lit. b GDPR for the purpose of implementing the employment relationship.

‍

If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The retention serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the expiry of the 6-month period (e.g. due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies.

‍

Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if statutory retention obligations prevent deletion.

‍

If we do not make you a job offer, it may be possible to include you in our applicant pool. In the event of inclusion, all documents and details from the application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.

‍

Inclusion in the applicant pool is based exclusively on your express consent (Art. 6 para. 1 lit. a GDPR). Giving consent is voluntary and is not related to the current application process. The data subject can withdraw their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, provided there are no legal grounds for retention.

‍

The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.

‍

Privacy policy online store - eCommerce

If you use our online store, the following applies in addition to our privacy policy:

‍

1. Processing of payment data

In addition to the data specified in our privacy policy, we process your payment data (e.g. name, payment amount, bank account details, credit card number, etc.) in order to provide you with the functions of our online store.

‍

2. Data transfer to third parties (upon conclusion of the contract)

We only transmit personal data to third parties if it is necessary in the context of the contract, such as to the companies entrusted with delivering of goods or the credit institution entrusted with payment processing. A further transmission of the data does not take place or only takes place if you have explicitly agreed to the transmission. Your data will not be passed on to third parties without your explicit consent.

‍

The basis for data processing is Art. 6 para. 1 lit. b. GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

‍

3. Payment services

We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment data is processed by the payment service provider for the purpose of payment processing. For these transactions, the respective contract and data protection provisions of the respective providers apply. The payment service providers are used on the basis of Art. 6 para. 1 lit. b. GDPR (contract processing) and in the interest of a smooth, convenient and secure payment process (Art. 6 para. 1 lit. f. GDPR). As far as your consent is requested for certain actions, Art. 6 para. 1 lit. a. GDPR is the legal basis for that data processing; consents for the future can be revoked at any time.

‍

We use the following payment services / payment service providers within the scope of this website:

‍

PayPal

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").

‍

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full

‍

Details can be found in PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

‍

Stripe

The provider for customers within the EU is Stripe Payments Europe, Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter "Stripe").

‍

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https: //stripe.com/de/privacy and https://stripe.com/de/guides/general-data-protection-regulation

‍

You can find details on this in Stripe's privacy policy at the following link: https://stripe.com/de/privacy

‍

4. Encrypted payment transactions

If there is an obligation to provide us with your payment data (e.g. account number in the case of direct debit authorization) after the conclusion of a chargeable contract this data is required for payment processing.

‍

Payment transactions via the common payment methods (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can identify an encrypted connection by the change of the address line of your browser from "http://" to "https://" and by the lock symbol in your browser line.

‍

Encrypted communication ensures that your transmitted payment data cannot be read by third parties.

‍

Privacy policy Dynamic Video

When you use Dynamic Video, the following applies in addition to our Privacy Policy:

‍

1. Processing of contract and payment data

Additionally to the mentioned data in our privacy policy on our website, we process

• Contract data (e.g. subject matter of the contract, term, customer category) and
• Payment data (e.g. bank details, payment history)

to provide you with our online trial version and Dynamic Video services in addition to the purposes stated in our Privacy Policy.

‍

Privacy policy Mozaik API

If you use the Mozaik AP, the following applies in addition to our privacy policy:

1. processing of contract and payment data

Additionally to the mentioned data in our privacy policy on our website, we process

• Contract data (e.g. subject matter of the contract, term, customer category) and
• Payment data (e.g. bank details, payment history)

to provide you with our online trial version and Dynamic Video services in addition to the purposes stated in our Privacy Policy.

‍

Privacy policy Mozaik

If you use Mozaik, the following applies in addition to our Privacy Policy:

1. Processing purpose

Additionally to the data mentioned in our privacy policy, we process

• Contract data (e.g., subject matter of the contract, term, customer category) and
• Payment data (e.g., bank details, payment history)

to provide you with our Mozaik platform in addition to the purposes stated in our privacy policy.

‍

We also process your personal data in connection with the Mozaik platform for beta testing purposes. Beta testing allows you to access this application or parts of it in order to test a specific function or the entire application. We may automatically collect data about crashes and statistics related to your use of the beta test version in a personally identifiable form.

‍

2. Data transfer to third countries

Among other things, tools from companies based in the USA or other third countries that are not secure under data protection law are integrated into our platform. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.

‍

If you do not want personal data to be transferred to third countries, you can deactivate the tools of companies based in the USA or other third countries that are not secure under data protection law in the settings, depending on your subscription.

‍

3. Integration of services and contents of third parties

We use within Mozaik on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR in order to integrate their content and services, such as videos, messages, music functions or fonts, and to improve your user experience of the application. An overview of all support tools that may be used in the context of Mozaik is available here.

‍

Google Play Beta Testing  

Google Play Beta Testing is a beta testing service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on data processing, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=de.  

‍

TestFlight  

TestFlight is a beta testing service provided by Apple Inc, 1, Apple Park Way Cupertino, California, 95014-0642 United States. For details on data processing, please refer to Apple's privacy policy: https://www.apple.com/legal/internet-services/itunes/testflight/sren/terms.html

‍

Firebase Notifications

Firebase Notifications is a messaging service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Firebase Notifications can be integrated with Firebase Analytics to create analytics-based audiences and to access conversion and delivery statistics. For details on data processing, please see Google's privacy policy: https://policies.google.com/privacy?hl=de.

‍

Push notifications

Our application may send push notifications to you in order to achieve the purposes set out in this Privacy Policy.

‍

In most cases, you can opt out of receiving push notifications by going to your device settings, such as mobile message alerts, and changing those settings for a specific app, or all apps on that device.

‍

You must be aware that disabling push notifications may negatively affect the functions and usefulness of our application.

‍

OneSignal

If you have given your consent for push notifications, you will receive push notifications from our website/app/web app at regular intervals. Clicking on them will take you directly to the advertised website and/or promotion. You can unsubscribe from the push notifications at any time if you no longer wish to receive them.

‍

For the implementation we use the technology of the provider OneSignal, 201 San Antonio Circle Suite #140, Mountain View, CA, USA. You can find the provider's data protection information here: https://onesignal.com/privacy_policy

‍

In order to be able to send you the push notifications, it is necessary that non-personal data, such as a message, is transmitted to the OneSignal server. It is necessary that a non-personal ID is assigned for the unique assignment of the device, which does not allow OneSignal to draw any conclusions about the person.

‍

OneSignal may also place cookies on your device if you have consented to the use and storage of cookies from third-party providers. The purpose of using the service is to make it easier for us to process inquiries and provide our website.

‍

The legal basis for the use of cookies is our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR to integrate content or service offers from third-party providers. In addition, the legal basis is Art. 6 para. 1 GDPR, as we have a legitimate interest in processing requests voluntarily sent to us.

‍

The data will be deleted as soon as it is no longer required for our recording purposes or to process your request. In our case, this is usually the case after 90 days.

‍

You can revoke your consent to the storage and use of cookies by OneSignal by deactivating "third-party cookies" or technically deactivate them in the settings of your browser or smartphone or by means of browser add-ons; however, we would like to point out that in this case you may not be able to use all functions of our website/web app or application to their full extent.

‍

OneSignal has obtained EU-US Privacy Shield certification from the US Department of Commerce to comply with the EU-US Privacy Shield Agreement between the EU and the US regarding the collection, use and retention of personal data from EU member states. You can find more information about OneSignal and data protection at OneSignal at: https://onesignal.com/privacy_policy

‍

Nolt Software Inc.

Our feedback platform within the Mozaik application is provided by Nolt. The provider is Nolt Software Inc, 6D - 7398 Yonge St. Unit # 320, Thornhill, L4J 8J2, Ontario, Canada.

‍

The legal basis for the use of Nolt is our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR to integrate content or service offers from third-party providers.

‍

Nolt is GDPR compliant. You can find Nolt's privacy policy here: https://nolt.io/help/privacy

‍

Custify

We use the Custify tool from Custify SRL (Bucharest, Zagazului Street, No. 4E, Entrance A, First Floor, ap. 1A, District 1, Romania). Custify offers us the opportunity to evaluate the use of Mozaik, to provide individual assistance for optimized use and to provide more targeted support for our users on the Mozaik platform. No data is transmitted to Custify if there is no user account with the Mozaik application.

‍

The information required for this is transferred on the server side from Mozaik to the Segment tool from Twilio Germany GmbH (Rosenheimer Str. 143C, 81671 Munich, Germany), which in turn forwards it to Custify. Segment enables aggregation and filtering of the data provided by Mozaik.

‍

Further information on the processing of personal data by Custify can be found in the privacy policies of the services: https://www.custify.com/privacy and https://www.twilio.com/legal/privacy

‍

EU/US Data Privacy Framework: https://www.dataprivacyframework.gov/list

‍

Retool Inc

We use Retool to connect our data sources in one user interface and to make it easier for our team and stakeholders to plan queries, update and process data and to provide them with smooth access management. The data processing is carried out by:Retool, Inc. 292 Ivy Street San Francisco, California, 94102 USA. For more information on the subject of data protection, please refer to Retool's data policy below: https://docs.retool.com/docs/privacy-policy

‍

The data processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

‍

You can request the deletion of your data from Retool by sending an e-mail. Data subjects from the European Union and Switzerland should send their request to dpo@retool.com. All other data subjects should send their request to data-subject-requests@retool.com

‍

Azure OpenAI Service

We use Azure OpenAI, a service of Microsoft Corporation, One Microsoft Way, Redmond, WA98052-6399, USA, for functions within the platform such as the translation function. Your data is processed on servers within the European Union (EU). Azure OpenAI is integrated into our existing technology stack and data processing is carried out in accordance with the applicable data protection regulations. Azure OpenAI explicitly does not use customer data for the retraining of models.

‍

To ensure security and data protection, we have concluded a data processing agreement (DPA) with Microsoft. Data is used exclusively to translate and improve the services and to provide an appealing offer and is not passed on to unauthorized third parties. For more information on data processing by Azure OpenAI, please read Microsoft's privacy policy: https://privacy.microsoft.com

‍

You can request the deletion of your data from Azure OpenAI Service by sending an e-mail. Data subjects should send the request to: kunden@microsoft.com

‍

Auphonic

We use functions of the provider Auphonic to optimize audio tracks. The data processing is carried out by: Auphonic GmbH, Hörmsdorf 102 A-8552 Eibiswald, Austria. For further information on data protection, please refer to the following Auphonic data policy: https://auphonic.com/privacy

‍

The data processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

‍

You can request the deletion of your data from Auphonic by sending an e-mail. Data subjects should send the request to: contact@auphonic.com

‍

Rev

We use for the processing of video files in connection with certain functions in the Mozaik platform, Rev. The data processing is carried out by: Rev.com, Inc, 1717 W 6th St, Ste 310, Austin, TX 78703, USA.

‍

For more information on data protection, please refer to Rev's data policy below: https://www.rev.com/legal/privacy

‍

The data processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

‍

You can request the deletion of your data from Rev by sending an e-mail. Data subjects should send the request to: support@rev.ai

‍

Soundstripe

We use the Soundstripe platform to provide and license music tracks and to remunerate artists. The data processing is carried out by: Soundstripe Inc, 604 Gallatin Avenue Suite 300, Nashville TN 37206, USA. For further information on data protection, please refer to the following Soundstripe data policy: https://www.soundstripe.com/privacy-policy

‍

The data processing is based on your consent in accordance with Art. 6 Para. 1S.1 lit.a GDPR.

‍

You can request the deletion of your data from Soundstripe by sending an e-mail. Data subjects should send the request to: help@soundstripe.com

‍

4. Integration of platform services

The purpose of these services is to host and operate main components of the application so it can be offered from a unified platform. Such platforms provide the provider with a whole range of toolswhich involve the processing of personal data. For example, analysis and commenting functions, user and database management, e-commerce and payment processing.

‍

Some of these services operate with geographically dispersed servers, making it difficult to determine where personal data is stored.

‍

Apple App Store (Apple Inc.)

Our Mozaik app is distributed on Apple's App Store. This is a mobile application distribution platform provided by Apple Inc. Inc, 1, Apple Park Way Cupertino, California, 95014-0642 United States. By distributing our App through this channel, Apple collects basic usage statistics and provides reporting features that allow us to view usage statistics and measure the performance data of our App. A lot of this information is processed on an opt-in basis. You can opt-out of this analytics feature directly through your device settings, where you can find more information on managing analytics settings. For details on data processing, please refer to the Apple Inc. privacy policy: https://www.apple.com/legal/privacy/  

‍

Google Play Store  

Our Mozaik app is distributed on the Google Play Store, a mobile app distribution platform provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. By distributing our app through this channel, Google collects and shares usage and diagnostic information with us. A lot of this information is processed on an opt-in basis. You can disable this analytics feature directly through your device settings, where you can find more information on managing analytics settings. For details on data processing, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=de.

‍

5. Non-tracking requests

Our app does not support ''Do Not Track'' requests through web browsers.  

‍

For information on whether integrated third-party services support the no-tracking protocol, please refer to the privacy policy of the respective service.