Privacy Policy | Willkommen

Privacy Policy
Preamble
With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").

Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. These include, in particular, the Act on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Note on the applicability of the GDPR and Swiss FADP: This data protection notice serves to provide information in accordance with both the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation (GDPR).For this reason, please note that the terms of the GDPR are used due to the broader geographical application and comprehensibility.In particular, instead of the terms "processing" of "personal data", "overriding interest" and "sensitive personal data" used in the Swiss DPA, the terms "processing" of "personal data", "legitimate interest" and "special categories of data" used in the GDPR are used.However, the legal meaning of the terms will continue to be determined in accordance with the Swiss DPA within the scope of application of the Swiss DPA.Overview of processing operations
The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed
Inventory data.
Payment data.
Contact data.
Content data.
Contract data.
Usage data.
Meta, communication and process data.
Categories of data subjects
Customers.
Interested parties.
Users.
Business and contractual partners.
Purposes of the processing
Provision of contractual services and fulfilment of contractual obligations.
Contact enquiries and communication.
Reach measurement.
Tracking.
Office and organisational procedures.
Managing and responding to enquiries.
Feedback.
Marketing.
Profiles with user-related information.
Provision of our online services and user-friendliness.
Rights of the data subjects
Rights of data subjects under the DSGVO: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 DSGVO:

Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) DSGVO, including profiling based on those provisions. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Right to withdraw consent: You have the right to withdraw any consent you have given at any time.
Right to information: You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with the legal requirements.
Right to rectification: You have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you in accordance with the legal requirements.Right to erasure and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be erased immediately or, alternatively, to demand a restriction of processing in accordance with the legal requirements.Right to erasure and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be deleted immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the legal requirements.

Right to data portability: You have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with the legal requirements or to request its transmission to another controller.
Complaint to the supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the provisions of the DSGVO.

We process this data in order to fulfil our contractual obligations. These include, in particular, the obligations to provide the agreed services, any updating obligations and remedies in the event of warranty and other service disruptions. In addition, we process the data to safeguard our rights and for the purpose of the administrative tasks associated with these obligations and the company organisation. In addition, we process the data on the basis of our legitimate interests in proper and efficient business management and in security measures to protect our contractual partners and our business operations from misuse, jeopardising their data, secrets, information and rights (e.g. for the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only pass on the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfil legal obligations. Contractual partners will be informed about other forms of processing, e.g. for marketing purposes, as part of this privacy policy.

We delete the data after the expiry of statutory warranty and comparable obligations, i.e. generally after 4 years, unless the data is stored in a customer account, e.g. as long as it must be retained for legal archiving reasons. The statutory retention period is ten years for documents relevant under tax law as well as for trading books, inventories, opening balance sheets, annual financial statements, the work instructions required to understand these documents and other organisational documents and accounting records, and six years for commercial and business letters received and reproductions of commercial and business letters sent. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report was prepared, the commercial or business letter was received or sent or the accounting document was created, the record was made or the other documents were created.

Processed data types: Inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contact data (e.g. email, telephone numbers). Contract data (e.g. subject matter of the contract, term, customer category).
Data subjects: Interested parties. Business and contractual partners.
Purposes of Processing: Provision of contractual services and fulfilment of contractual obligations; contact requests and communication; Office and organisational procedures. Managing and responding to enquiries.
Legal bases: Contract fulfilment and pre-contractual enquiries (Art. 6 Para. 1 S. 1 lit. b) DSGVO); Legal obligation (Art. 6 Para. 1 S. 1 lit. c) DSGVO). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO).
Further information on processing processes, procedures and services:

Agency services: We process our customers' data as part of our contractual services, which may include, for example, conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes, handling, server administration, data analysis/consulting services and training services; legal basis: contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) DSGVO).
Online marketing
We process personal data for online marketing purposes, which may include in particular the marketing of advertising space or the presentation of advertising and other content (collectively referred to as "content") based on the potential interests of users and the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar procedures are used, by means of which the user data relevant for the presentation of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times and functions used. If users have consented to the collection of their location data, this can also be processed.

The IP addresses of users are also stored. However, we use available IP masking procedures (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored as part of the online marketing process, but pseudonyms. This means that neither we nor the providers of the online marketing procedures know the actual identity of the users, but only the information stored in their profiles.

Processed data types: Usage data (e.g. websites visited, interest in content, access times). Meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of Processing: Web Analytics (e.g. access statistics, recognition of returning visitors); Tracking (e.g. profiling based on interests and behaviour, use of cookies); Marketing. Profiles with user-related information (creation of user profiles).
Security measures: IP masking (pseudonymisation of the IP address).

Possibility of objection (opt-out): We refer you to the data protection notices of the respective providers and the opt-out options specified for the providers (so-called "opt-out"). If no explicit opt-out option has been specified, you have the option of switching off cookies in your browser settings. However, this may restrict the functions of our online offering. We therefore recommend the following additional opt-out options, which are summarised for the respective areas:

a) Europe: https://www.youronlinechoices.eu.
b) Canada: https://www.youradchoices.ca/choices.
c) USA: https://www.aboutads.info/choices.
d) Cross-territory: https://optout.aboutads.info.
Customer reviews and evaluation procedures
We participate in review and rating procedures in order to evaluate, optimise and promote our services. If users rate us or otherwise provide feedback via the participating review platforms or procedures, the general terms and conditions or terms of use and the data protection notices of the providers also apply. As a rule, the evaluation also requires registration with the respective providers.

Processed data types: Contract data (e.g. subject matter of the contract, duration, customer category); usage data (e.g. websites visited, interest in content, access times). Meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status).
Data subjects: Customers. Users (e.g. website visitors, users of online services).
Purposes of processing: Feedback (e.g. collecting feedback via online form). Marketing.
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO).
Further information on processing processes, procedures and services:

Rating widget: We integrate so-called "rating widgets" into our online offering. A widget is a functional and content element integrated into our online offering that displays variable information. It can, for example, be displayed in the form of a seal or comparable element, sometimes also called a "badge". Although the corresponding content of the widget is displayed within our online offering, it is retrieved from the servers of the respective widget provider at that moment. Only in this way can the current content always be shown, especially the current rating. For this purpose, a data connection must be established from the website accessed within our online offering to the widget provider's server and the widget provider receives certain technical data (access data, including IP address) that is necessary for the content of the widget to be delivered to the user's browser.

Furthermore, the widget provider receives information that users have visited our website. This information can be stored in a cookie and used by the widget provider to recognise which online offers that participate in the evaluation process have been visited by the user. The information may be stored in a user profile and used for advertising or market research purposes; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO).
Presence in social networks (social media)
We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

Furthermore, user data is generally processed within social networks for market research and advertising purposes. For example, user profiles can be created based on user behaviour and the resulting interests of users. The user profiles can in turn be used, for example, to place adverts within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are generally stored on the user's computer, in which the user's usage behaviour and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

Processed data types: Contact data (e.g. e-mail, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times). Meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of Processing: Contact requests and communication; Feedback (e.g. collecting feedback via online form). Marketing.
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO).
Further information on processing processes, procedures and services: LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Data processing agreement: https://legal.linkedin.com/dpa; Basis for third country transfers: Standard Contractual Clauses (https://legal.linkedin.com/dpa). Option to object (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Plugins and embedded functions and content
We incorporate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may be, for example, graphics, videos or city maps (hereinafter uniformly referred to as "content"). The integration always requires that the third-party providers of this content process the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content or function. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as being linked to such information from other sources.

Processed data types: Usage data (e.g. websites visited, interest in content, access times); meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status); inventory data (e.g. names, addresses); contact data (e.g. email, telephone numbers). Content data (e.g. entries in online forms).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of our online services and user-friendliness.
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO).