Data Protection Advisory
Protecting your data and preserving your privacy is of utmost importance to us. For this reason, we have established security and data protection provisions that ensure the greatest possible protection of your data.
We guarantee compliance with statutory data protection provisions. All employees of the company are bound by these provisions.
Below, we would like to explain which data we process when and for what purpose and on what legal basis. We would like to explain to you how the services we offer work and how the protection of your personal data is guaranteed
Pursuant to Article 4 no. 1 GDPR personal data means any information relating to an identified or identifiable natural person. A natural person is considered identifiable if he or she can be identified directly or indirectly. Further information on this can be found in Article 4 no. 1 GDPR.
The controller of processing personal data within the meaning of Article 4 no. 7 GDPR is:
v. Rundstedt & Partner GmbH
2) Contact for data protection
If you have any questions regarding the processing of your personal data, as well as your rights regarding data protection, please contact:
v. Rundstedt & Partner GmbH
Eschersheimer Landstraße 14
60322 Frankfurt am Main
Tel. +49 (0)69 6199 641
3) Log files
Every time you visit our website, we automatically collect data and information from your device’s system and store it in so-called server log files. This data is information that relates to an identified or identifiable natural person (here: website visitor). The data is automatically transferred by your browser when you visit our website. This includes the following information:
- The time you visited our website (request to the server of the host provider),
- URL of the website from which you visited our website,
- The operating system you are using,
- Type and version of the browser you are using,
- IP address of your computer.
The purpose of this processing is to make our website accessible from your device and to enable our website to be displayed correctly on your device or in your browser. Furthermore, the data helps us to optimise our website and to ensure the security of our systems. This data is not evaluated for marketing purposes.
The legal basis for processing is Article 6(1)(f) GDPR. We have a legitimate interest in presenting you with a website optimised for your browser and in enabling communication between our server and your terminal. The latter requires in particular the processing of your IP address.
The recipient of the data is our server host, which works for us under a commissioned data agreement.
In your browser settings you can restrict or completely prevent cookies from being stored. You can also arrange for the automatic deletion of cookies when closing the browser window. You can find how to delete cookies in the most common browsers and change the cookie settings here:
- Google Chrome: Website
- Mozilla Firefox: Website
- Apple Safari: Website
- Microsoft Internet Explorer: Website
Please note that a general deactivation of cookies may lead to functional limitations of our website.
We use essential cookies, which are required to operate the website. These enable the use of features, without which you would not be able to use the website as intended. The legal basis for processing is our legitimate interests in maintaining a functional website and thus the result of a balancing of interests pursuant to Art. 6(1)(1)(f) GDPR.
Furthermore, we use optional cookies for the purposes of website analytics and tracking as well as to improve our website service. Below, we describe the tools used on this website and the associated optional cookies in detail. We only use optional cookies with your prior consent, Art. 6(1)(1)(a) GDPR and Section 25 (1) TTDSG (German Act on Data Protection and the Protection of Privacy in Telecommunications and Telemedia). If you are visiting our website for the first time, a banner will appear in which we will ask you for your consent to the use of optional cookies.
If you give your consent, we will save a cookie on your computer and the banner will not be displayed again for the lifetime of the cookie. Thereafter, or if you actively delete this cookie beforehand, the banner will be displayed again the next time you visit our website in order to obtain your consent once again.
If you consent to the use of optional cookies, you also consent to your personal data being processed in third countries outside the European Union that have an inadequate level of data protection according to EU standards (e.g. United States). There is a risk that authorities there may also be able to access your data without the possibility of obtaining legal protection. We will inform you about potential processing in third countries and the measures we have taken to protect your personal data in the individual sections on our processors.
5) Information about Google services
On our website we use various services of Google Inc. (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
By integrating Google services, Google may collect information (including personal data) and process it. The possibility of Google also transferring the information to a server in a third country cannot be ruled out.
The transmission to the USA depends on the function in which personal data is transmitted. As the responsible party, we ourselves may transfer data to Google for further use in the USA. The transfer can be based on standard contractual clauses. Google has undertaken to comply with the Standard Contractual Clauses (SCC) for the transfer of personal data to third countries under Regulation (EU) 2016/679.
More information on the Standard Contractual Clauses can be found at ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractuals-clauses-scc_en as well as at policies.google.com/privacy/frameworks
We cannot on our own influence which data Google actually collects and processes. However, Google states that the following information (including personal data) may be processed among others:
- Log data (in particular the IP address)
- Locational information
- Unique application numbers
- Cookies and similar technologies
If you are signed in to your Google account, Google may add the processed information to your account and treat it as personal information, depending on your account settings, see www.google.de/policies/privacy/partners/ in particular.
Google states the following, among other things:
“We may combine personal information from one service with information and personal information from other Google services. This makes it easier for you to share content with friends and acquaintances, for example. Depending on your account settings, your activities on other websites and apps may be linked to your personal information in order to improve Google services and advertising displayed by Google.” (https://www.google.com/intl/de/policies/privacy/index.html)
How to delete cookies in the most common browsers is explained in section “4) Cookies”.
You can find information about Google’s privacy settings at privacy.google.com/take-control.html
6) Use of Google Analytics
On our website we use Google Analytics, a web analytics service provided by Google Inc. (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Furthermore we use the “Google-Optimize” tool in addition to Google Analytics.
Google Analytics uses “cookies”; these are text files which are stored on your device and enable the analysis of the websites you visited. Google Analytics also uses so-called web beacons (invisible graphics). These web beacons can be used to evaluate information such as visitor traffic on websites. The information generated by cookies and web beacons about the use of our website (including the users’ IP address) will be transferred to a Google server, probably in the U.S. or other third countries, and stored there. This information may be shared by Google with Google’s contractual partners.
The following data types are processed by Google:
- Online identifiers (including cookie identifiers)
- IP address (only anonymised)
- Device identifiers
- In addition, you can find more detailed information on the information processed at www.google.com/intl/de/policies/privacy/ under “Data we receive as a result of you using our services”, and at privacy.google.com/businesses/adsservices/.
We use Google Analytics solely with activated IP anonymisation (“anonymize IP”). In this manner, your IP address is abbreviated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there.
Furthermore, we have concluded a processing agreement with Google for the use of Google Analytics and Google Optimize (Article 28 GDPR). Google processes the data on our behalf for the purpose of evaluating your use of the website, compiling reports on website activities for us and providing us with other services related to website and internet use. If necessary, Google may transfer this information to third parties to the extent that this is prescribed by law or where third parties process the data on Google’s behalf. A list of these subcontractors can be found at privacy.google.com/businesses/subprocessors/.
Through the integration of Google Analytics, we aim to analyse user behaviour on our website and be able to react to it. This enables us to continuously improve our offer. We use Google Optimize to understand the effect of adjustments to our website on our users and to constantly optimise our website. For this purpose, users are presented with different versions of our website and various criteria are defined (e.g. determining whether a section can be found based on the click behaviour of users). We are only presented with statistics, it is not possible for us to draw conclusions about a single person based on these statistics.
The processing of your personal data takes place exclusively on the basis of your consent in accordance with Article 6(1)(f) GDPR. Our legitimate interest in this is based on the great benefit that the functions described above have for our offer. The statistical evaluation of user behaviour enables us in particular to react and optimise our offer in line with the interests of our customers. The consent can be revoked at any time.
You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout
You can also prevent data being captured by Google Analytics by managing the cookie settings. An opt-out cookie is then set which prevents your data being captured the next time you visit this website. How to delete cookies in the most common browsers and how to change the cookie settings is explained in section “4.) Cookies”.
7) Use of Google Tag Manager
On our website we use Google Tag Manager of Google Inc. (“Google”), Gordon House, Barrow Street, Dublin 4, Irland.
Use of the Google Tag Manager is based on Art. 6(1)(1)(f) GDPR. We have a legitimate interest in being able to integrate various services in a simplified and clear manner.
8) Use of retargeting and remarketing
We use the Google Analytics Remarketing tool from Google Ireland Ltd (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland on our website.
Google Remarketing analyses your user behaviour on our website (e.g. clicking on certain products) in order to classify you as part of certain advertising target groups and subsequently display suitable advertising messages to you when you visit other online services (remarketing or retargeting).
Furthermore, the advertising target groups created with Google Remarketing may be linked with Google’s cross-device features. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) to be displayed on another of your end devices (e.g. tablet or PC).
The use of this service is based on your consent pursuant to Art. 6 (1)(1)(a) GDPR and § 25 (1) TTDSG. The consent may be revoked at any time. If you have a Google account, you can object to personalised advertising at the following link: https://www.google.com/settings/ads/onweb/.
The installation of cookies for Google Remarketing and Google AdWords Conversion Tracking can be prevented by adjusting the respective browser software by visiting the website www.google.com/policies/privacy/ads/ and changing the relevant setting. You can also find further information on cookies under point "4) Cookies".
You can find information about Google’s privacy settings at privacy.google.com/take-control.html
9) Use of Google Maps
We use Google Maps on our website. Google Maps is a service of Google Inc.("Google"), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The Google-Maps plug-in is integrated by embedding the service on our website by means of a so-called “iFrame”. When loading this iFrame, Google may collect information (including personal data) and process it. The possibility of Google also transferring the information to a server in a third country cannot be ruled out.
For our part, we do not collect any data when you use Google Maps via our website.
Through the integration of Google Maps, we aim to be able to show you our address and provide you with further information for travelling to our offices. We can also present locations to you through this integration of Google Maps, with you not being limited to individual map sections and being able to independently research distances etc.
The legal basis for the processing of personal data described here is Article 6(1) f GDPR. Our necessary legitimate interest in this lies in the great benefit that Google Maps offers. Through the integration, we do not have to show the directions to the respective places by means of maps or the like, but enable each user to plan his or her own journey. Google also has a legitimate interest in the collected (personal) data in order to improve its own services.
10) Google Ads
We use the Google Ads (previously Google AdWorks) tool from Google Ireland Ltd (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland on our website.
We use the Google Ads Conversion service to draw attention to our offers with the help of advertising (Google Ads) on external websites. We can determine how successful the individual advertising measures are in relation to the data from the advertising campaigns. In this way, we pursue the interest of showing you advertising that is of interest to you, thus making our website itself more interesting for you and optimising our advertising costs.
These advertisements are delivered by Google via ad servers. For this purpose, we use ad server cookies, which can be used to measure certain success parameters, such as the display of ads or clicks made by you. If you access our website via a Google ad, Google Ads will store a cookie on your device. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (indication that you no longer wish to be targeted) are usually stored as analysis values for this cookie.
These cookies enable Google to recognise your internet browser. If you visit certain pages on our website and the cookie stored on your computer has not yet expired, we and Google will be able to recognise that you clicked on the ad and were redirected to that page. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. These evaluations enable us to see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising; in particular, we cannot identify you using this information.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no control over the scope of the data that Facebook collects with the help of this plug-in and therefore inform users to the best of our knowledge. Through the integration of Ads Conversion, Google receives information that you have visited the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is still possible for Google to obtain and store your IP address.
The use of this service is based on your consent pursuant to Art. 6 (1)(1)(a) GDPR and § 25 (1) TTDSG. The consent may be revoked at any time.
11) Microsoft Services
We use the "Microsoft Advertising" tool of Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland ("Microsoft") on our website.
By integrating Microsoft services, Microsoft may collect and process information (including personal data). It cannot be ruled out that Google also transmits the information to a server in a third country.
The transfer to the USA can be based on standard contractual clauses. Micorsoft has undertaken to comply with the Standard Contractual Clauses (SCC) for the transfer of personal data to third countries in accordance with Regulation (EU) 2016/679. More information on this: www.privacyshield.gov/participant;
We ourselves cannot influence what data Microsoft actually collects and processes. However, Microsoft states that, in principle, the following information (including personal data) may be processed, among others:
- Name and contact details
- Login information
- Demographic data
- Device and usage data
Information on technologies and cookies can be found here: https://support.microsoft.com/en-gb/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
You can find information on Microsoft's privacy settings at: https://account.microsoft.com/privacy/ad-settings/signedout?lang=en-GB
11.1) Microsoft Advertising
We use Microsoft's offer to draw attention to our offers with the help of advertisements in the Bing search. We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. In doing so, we pursue the interest of showing you advertising that is of interest to you, making our website more interesting for you and optimising our advertising costs.
These advertisements are delivered by Microsoft via so-called "Ad Servers". For this purpose, we use ad server cookies, which can be used to measure certain parameters for measuring success, such as the display of the ads or clicks by you. If you access our website via a Bing ad, Microsoft Advertising will store a cookie on your end device. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that you no longer wish to be contacted) are usually stored as analysis values for this cookie.
These cookies enable Microsoft to recognise your internet browser. If you visit certain pages of our website and the cookie stored on your computer has not yet expired, Microsoft and we can recognise that you have clicked on the advertisement and have been redirected to this page. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Microsoft. These evaluations enable us to recognise which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising tools; in particular, we cannot identify you from this information.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Microsoft server. We have no influence on the scope and further use of the data collected by Microsoft through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of theUET (Universal Event Tracking), Microsoft receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Microsoft service, Microsoft can assign the visit to your account. Even if you are not registered with Microsoft or have not logged in, it is possible that Microsoft will obtain and store your IP address.
The use of this service is based on your consent according to Art. 6 para. 1 p. 1 lit. a) DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.
The installation of cookies for Microsoft Advertising can be prevented by a setting of the respective browser software by calling up the website account.microsoft.com/privacy/ad-settings/signedout changing the corresponding setting. Further information on cookies can also be found under point 4.) Cookies.
12) Newsletter and Insights
On our website you have the possibility of registering for our newsletter. The newsletter is tailored to your individual interests.
In our knowledge base you have the possibility of requesting various content such as checklists, guides, e-books and white papers, all of which require registration. After you have registered for the content, you can access the download.
If you sign up for our free webinars, registration is also required. After signing up for the webinar, you will receive the access data and, if necessary, further information for participation in the webinar.
Our newsletter and our other content are sent with the newsletter service "Pardot MAS". Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA is a service of Salesforce.com EMEA Limited (Salesforce), village 9, floor 26 Salesforce Tower, 110 Bishopsgate, London, UK, EC2N 4AY. Within the framework of a commissioned data processing agreement Pardot processes your personal data on our behalf and according to our instructions.
In addition, the login data is also transferred to our CRM system. Our CRM system is technically provided by our service provider itdesign (itdesign GmbH, Friedrichstraße 12, 72072 Tübingen, Germany). Within the framework of a commissioned data processing agreement itdesign processes your personal data on our behalf and according to our instructions.
a) Sign up/registration
If you sign up for our newsletter or a webinar or if you download any of our content, we process the following mandatory information from you, in particular:
In addition, we process further voluntary information from you (e.g. your name), if you provide it, as well as various other information, such as object and profile reference, date and time, IP address, action type (registration, update, permission change) and the metadata of the action.
In order to be able to display the proof of consent and cancellation in a legally compliant manner, we keep the following data for each user profile, which is generated via a Pardot web form with an e-mail address confirmed by double opt-in procedure, for the events “registration/change”, “confirmation of the link” and “cancellation of the newsletter”:
- Date and time
- IP address
The purpose of collecting and processing the user's e-mail address is to be able to deliver the requested information. The collection and processing of further personal data within the scope of the sign up process is intended to prevent misuse of our information offer or the e-mail address used. Furthermore, the processing described above serves the purpose of enabling us to prove that you have given your consent. The purpose of processing your personal data by our CRM system is to be able to address you as a customer and use the information for marketing purposes.
The email addresses of our newsletter recipients, as well as their other data described in this notice, may be stored on Salesforce.com servers in the United States. In these cases, Pardot is certified under the EU-U.S. Privacy Shield Agreement. Salesforce says the following about this:
“For certain Services, for which we act as a data processor, Salesforce has certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks. For more details about the scope of the certification see here. The Privacy Shield frameworks were designed by the U.S. Department of Commerce, European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with EU and Swiss data protection requirements when transferring personal data from the European Union and Switzerland to the United States, but have since been held by the the Court of Justice of the European Union and the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland to be invalid. Additional information can be found at www.privacyshield.gov/Program-Overview .
EU and Swiss personal data may however still be transferred to and within Salesforce’s services pursuant to Salesforce’s Processor Binding Corporate Rules and the European Commission’s standard contractual clauses, both of which are incorporated by reference into Salesforce’s Data Processing Addendum. For further information, please see our International Transfers of EU Personal Data to Salesforce's Services document. (https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/EU-Data-Transfer-Mechanisms-FAQ.pdf )”
b) Statistical evaluation
With the help of the Pardot service we analyse the success and effectiveness of our newsletter (campaigns) as well as our download and webinar offer. In doing so, we especially evaluate, for example, whether and when you open the e-mails sent to you, whether and which links you click or how you otherwise handle the e-mails.
For this purpose, for statistical surveys and to build interest profiles, Pardot sets and stores cookies. This information is processed on a personal basis. Furthermore, the e-mails sent contain so-called web beacons, also called tracking pixels. These are one-pixel image files that link to our website and thus enable us to evaluate your user behaviour. This is done by collecting web beacons that are assigned to your e-mail address and linked to your own ID. Links contained in the newsletter also contain this ID. With the data thus obtained, we create a user profile in order to provide you with the newsletter tailored to your interests.
The purpose of processing cookie and measurement data is to create an individual newsletter tailored to the interests of the recipient and to track the success and reach of our newsletters.
c) Online access and data management
In this context, we would like to point out that cookies are used on Pardot’s websites and that personal data is processed by Pardot and its partners and service providers (e.g. Google Analytics). We have no influence on this data collection. Further information on data protection at Pardot can be found at: www.salesforce.com/company/privacy/
Basis of lawfulness
By signing up for the newsletter, for our webinars and by downloading our content, you expressly consent to the processing of your personal data (Article 6(1)(a) GDPR).
In a first step, you enter the mandatory data (e.g. e-mail address) and agree to the processing of your personal data by activating the box provided for this purpose. The sign up form is provided by Pardot, thus letting your data be transferred directly to Pardot. In a second step, you will then automatically receive an e-mail with a confirmation or activation link, which you must also confirm or activate. In this way we ensure that the e-mail address entered on our website also belongs to you. If the confirmation or activation link is not used, the corresponding e-mail address will not receive any further e-mails from us and the data entered will be deleted.
The legal basis for the processing of further personal data as well as the processing of your personal data within the framework of our CRM system is our legitimate interest in accordance with Article 6(1)(f) GDPR. We have a legitimate interest in being able to prove that you have given your consent. Furthermore, we have a legitimate interest in preventing or being able to prove misuse of our information offer. The consent can be revoked at any time.
15) Using Adobe Connect/Webinaris
We offer various webinars on our website, which we conduct using Adobe Connect (“AC”). AC is a service or software from Adobe Systems Incorporated, 601 Townsend St., San Francisco, CA 94103, USA. Furthermore, on the Adobe website accessible from Germany, the subsidiary Adobe Systems Software Ireland Limited, 4–6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland is listed as being responsible for Europe.
AC is integrated via a corresponding interface from Adobe. Through the integration, Adobe collects information (including personal data) and processes it. The possibility of Adobe also transferring the information to a server in a third country (e.g. USA) cannot be ruled out.
As is evident from the Adobe Systems Incorporated Privacy Shield certification (available at www.privacyshield.gov/list under the search term “Adobe Systems Incorporated”), Adobe has undertaken to comply with the EU-US Privacy Shield Framework regarding the collection, use, and storage of personal data from third countries, respectively. Adobe has certified that it adheres to the Privacy Shield Principles.
Within the framework of a commissioned data processing agreement Adobe processes your personal data on our behalf and according to our instructions. This may include the following data:
- The name you provided,
- Your IP address,
- Type of browser and device,
- Web page from which you arrived at an Adobe website,
- Search terms entered into a search engine that led you to an Adobe website,
- Use and navigation of websites and applications (collected by cookies and similar technologies or by Adobe servers when you are logged into the application or website),
- Analysis of your content (such as activity logs and direct feedback from you) sent or received through an online feature of an Adobe application or website or stored on Adobe servers.
If you are signed in to your Adobe account, Adobe can add the processed information to your account.
You can prevent this information from being added directly by logging out of your Adobe account.
Further information can be found at www.adobe.com/privacy/policy.html
Through the integration of AC we aim to be able to offer you various webinars.
The legal basis for the processing of personal data described here is Art. 6 (1) p. 1 lit. b) DSGVO - insofar as the webinars are conducted within the scope of contractual relationships - as well as our legitimate interest in the professional handling of our webinars pursuant to Art. 6 (1) p. 1 lit. f DSGVO. The consent can be revoked at any time.
16) Contact form
On our website there is a contact form which you can use for electronic contact. If you contact us via this contact form, the data entered in the input fields will be processed by us.
This includes the following data as mandatory information:
- E-mail address
- Postcode, Town/City
Furthermore, you can add further data as voluntary information. This may simplify and speed up the processing of your request. The following data is potentially affected:
- First name
- Last name
- The information arising in each instance from the message text
Mandatory and voluntary information is treated equally by us. The mandatory information is necessary to be able to contact you and process your request.
Please note that the extent of the personal data collected in the contact form also depends on the data you yourself disclose in the message text of the contact form.
The purpose of the processing of personal data within the scope of the mandatory and voluntary information is to process the contact enquiry and to be able to contact the enquirer in order to respond to the request.
The legal basis for the processing of personal data described here is Article 6(1)(f) GDPR. It is our legitimate interest to offer you the possibility to contact us at any time so that we can answer your questions.
The personal data are processed only as long as necessary for the provision of the function.
The recipient of the data is our server host, which is working for us within the scope of a commissioned data processing agreement.
17) Making contact
You have the possibility to contact us by mail, telephone, fax or e-mail.
If you contact us by post, we can process, in particular, your address data (e.g. surname, first name, street, town/city, postcode), date and time of receiving the letter as well as such data resulting from your letter itself.
If you contact us by telephone, we can process your telephone number and, if necessary, in the course of the conversation on request your name, your e-mail address, the time of the call and details of your request.
If you contact us by fax, we can process, in particular, the fax number or the source identifier as well as the data resulting from the fax.
When you contact us by e-mail, your e-mail address, the time of the e-mail and the data resulting from the message text (and attachments if applicable) are processed.
The purpose of processing the above-mentioned data is to process the contact enquiry and to be able to contact the enquirer in order to respond to the request.
The legal basis for the processing of personal data described here is Article 6(1)(f) GDPR. It is our legitimate interest to offer you the possibility to contact us at any time and to answer your questions.
The personal data will be deleted as soon as it is no longer required for the purpose for which it was collected.
19) Online appointment booking via Microsoft Bookings
We offer you the possibility to book appointments online via our website. For this purpose, we use the Microsoft Bookings tool, a service of Microsoft Corporation, located at One Microsoft Way, Redmond, WA 98052-6399, United States. We have concluded both a data processing agreement and EU Standard Contractual Clauses (SCC) with Microsoft to guarantee an appropriate level of data protection.
To the extent that Microsoft Bookings processes personal data in connection with Microsoft’s legitimate business operations, Microsoft is the independent data controller for such use and as such is responsible for compliance with all applicable laws and obligations of a data controller. In this case, we have no influence over Microsoft’s data processing.
Further information about Microsoft Bookings and how it handles user data can be found here: privacy.microsoft.com/en-us/privacystatement
The connection to the service is established when you visit our contact page; the data you enter there is processed after you confirm the form. To book an appointment, your entries in the appointment form are transferred to Microsoft. Please note that you are not obliged to use Microsoft Bookings to book an appointment. If you do not wish to use the service, please use another of the contact options offered to book an appointment.
The legal basis for the data transfer, storage and processing is your consent pursuant to Art. 6(1)(1)(a) GDPR. The consent may be revoked at any time.
You have the option to revoke your consent to data processing or to object to the use of the data at any time. In this case, the intended contact with the user is no longer possible or communication that has already begun can no longer be continued.
20) Social networks and external links
We would like to point out that personal data of users may be processed outside the European Union. This may result in risks for users as there is sometimes a lack of an appropriate level of data protection (e.g. in the United States), which makes it difficult, for example, to enforce users’ rights.
In addition, the social network provider may process the most important data of the computer system from which you visit it – for example, your IP address, the type of processor used and browser version including plug-ins.
If you are logged in with your personal user account on the respective network while visiting such a website, this network can assign the visit to this account.
The purpose and scope of data collection by the respective medium and the further processing of your data there as well as your rights in this regard can be found in the respective provisions of the respective controller, such as:
Requests for information and the data subject rights can be asserted most effectively with the providers. This is because only the providers have access to the users’ data and can take appropriate measures and provide information directly. However, we will of course support you if you still need help.
Fanpage Facebook: Insofar as you communicate directly with us via our fan pages on Facebook and Instagram or share personal content with us, we are responsible for processing your data.
An exception applies to data processing for usage analytics (page insights); we are jointly responsible for this with Meta Platforms Ireland Ltd (Facebook).
We, as the provider of the information service, also process that data from your use of our service that you voluntarily provide on the fan page (e.g. in comments) for the purpose of answering your enquiries, communicating with you and publishing information regarding the content offered on the Facebook pages or our company. The legal basis for the processing is Art. 6(1)(1)(b) and (f) GDPR. The legitimate interest is the effective provision of information to users, customers and interested parties and communication with these persons.
20) Data security
We secure our website and other systems by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons. However, despite regular checks, complete protection against all risks is not possible.
21) Storage and retention periods
22) Obligation to provide data
Within the scope of our business relationship, you are only required to provide the personal data that is necessary for the establishment, implementation and termination of a business relationship or which we are legally obliged to collect. Without this data, we will generally have to refuse to conclude a contract or execute the order, or be unable to continue to execute an existing contract and may have to terminate it.
Furthermore, in order to provide paid services, it is necessary for us to ask for additional data and, for example, to process the method of payment requested by you.
However, subject to the provisions set out above, you are generally free to provide personal data.
You have the right to withdraw any consent you have given at any time with future effect, without affecting the lawfulness of the processing carried out on the basis of the consent up to the point of withdrawal.
You can send or communicate your revocation of consent to us at any time (e.g. by e-mail to firstname.lastname@example.org).
25) Rights of the data subject
In principle, you have the following rights:
- right of access (Art. 15 GDPR)
- right of rectification (Article 16 GDPR)
- right to object (Art. 21 GDPR)
- right to erasure (Article 17 GDPR)
- right to restrict processing (Article 18f. GDPR)
- right to data transferability (Article 20 GDPR)
For enquiries of this kind, please contact email@example.com. Please note that in the case of such requests, we must ensure that the person making contact is indeed the data subject.
You have the right to appeal to a data protection supervisory authority, without prejudice to any other administrative or judicial remedy.
Automated decision making does not take place on our website.
Information about your right of objection pursuant to art. 21 GDPR
Insofar as we cite our legitimate interest (Art. 6 (1)(f) GDPR) as the basis for lawful processing, you have a right of objection pursuant to Art. 21 GDPR.
Under Art. 21 GDPR, you have the right to object to the processing of personal data at any time. If you do so, we will no longer process the personal data for direct marketing or related profiling purposes. We will also not process your personal data for other purposes after an objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing serves the establishment, exercise or defence of legal claims (see, for example, Art. 21(1) GDPR, ‘limited right of objection’). In this case, you must provide reasons for the objection that arise from your particular situation.
You may also object to the processing of your personal data on grounds relating to your particular situation, for scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) GDPR, unless the processing is necessary for the performance of a task carried out in the public interest (see Art. 21(6) GDPR).
You can send or inform us of your objection at any time (e.g. by email to firstname.lastname@example.org).