Data protection at a glance
General notes
The following notices provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.
Data collection on this website
Who is responsible for the data collection on this website?
The data processing on this website is carried out by the website operator. You can find the contact details of the website operator in the section “Information about the responsible party” in this data protection declaration.
How do we collect your data?
On the one hand, your data is collected when you provide it to us. This can be, for example, data that you enter in a contact form. Other data is collected automatically or after your consent when you visit the website by our IT systems. This is mainly technical data (e.g. Internet browser, operating system or time of page view). The collection of this data takes place automatically as soon as you enter this website.
What do we use your data for?
Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have a right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority. For this purpose, as well as for further questions on the subject of data protection, you can contact us at any time.
Hosting
webgo
The provider is webgo GmbH, Heidenkampsweg 81, 20097, Hamburg (hereinafter “webgo”). When you
visit our website, webgo collects various log files including your IP addresses.
Details can be found in webgo’s privacy policy:
https://www.webgo.de/datenschutz/.
The use of webgo is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in displaying our website as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent allows the storage of cookies or access to
information in the user’s end device (e.g. for device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service.
concluded. This is a contract prescribed by data protection law, which
guarantees that it will only process the personal data of our website visitors in accordance with our
instructions and in compliance with the GDPR.
General Notes and mandatory Information
Privacy
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
We point out that data transmission over the Internet (eg communication by e-mail) security gaps. A complete protection of the data against access by third parties is not possible.
Note on the responsible entity
The responsible party for data processing on this website is:
- Jürgen Ruff
- Hummelbergring 35
- 74889 Sinsheim
- Telefon: 01737113662
E-Mail: info@juergenruff.com
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).
Storage Duration
Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.
General information on the legal basis for data processing on this website
If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) a DSGVO or Art. 9 (2) a DSGVO, if special categories of data are processed according to Art. 9 (1) DSGVO. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Art. 49 (1) a DSGVO. If you have consented to the storage of cookies or to the access to information in your terminal device (e.g. via device fingerprinting), the data processing is additionally carried out on the basis of Section 25 (1) TTDSG. The consent can be revoked at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b DSGVO. Furthermore, if your data is required for the fulfillment of a legal obligation, we process it on the basis of Art. 6 para. 1 lit. c DSGVO. Furthermore, the data processing may be carried out on the basis of our legitimate interest according to Art. 6 para. 1 lit. f DSGVO. Information about the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to object to data collection in special cases and to direct marketing (Art. 21 DSGVO)
IF THE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 ABS. 1 LIT. E OR F DSGVO, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION UNDER ARTICLE 21 (1) DSGVO).
IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ARTICLE 21 (2) DSGVO).
Right of appeal to the competent supervisory authority
In the event of breaches of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to other administrative or judicial remedies.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Information, deletion, and correction
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if necessary, a right to correction or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. For this purpose, you can contact us at any time. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we generally need time to check this. You have the right to request the restriction of the processing of your personal data for the duration of the review.
- If the processing of your personal data was/is carried out unlawfully, you can request the restriction of data processing instead of erasure.
- If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
- If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
Objection to advertising e-mails
The use of contact data published within the framework of the imprint obligation to send advertising and information materials not expressly requested is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.
Data collection on this website
Contact form
If you send us inquiries via the contact form, your data from the inquiry form including the contact data you provided there will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO) if this has been requested; the consent can be revoked at any time.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions – in particular retention periods – remain unaffected.
Request by e-mail, phone or fax
If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent. The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO) if this has been requested; the consent can be revoked at any time.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular legal retention periods – remain unaffected.
Analysis tools and advertising
WP Statistics
This website uses the WP Statistics analysis tool to statistically evaluate visitor traffic. Provider is Veronalabs, ARENCO Tower, 27th Floor, Dubai Media City, Dubai, Dubai 23816, UAE (https://veronalabs.com).
WP Statistics allows us to analyze the use of our website. WP Statistics collects log files (IP address, referrer, browser used, origin of the user, search engine used) and actions that website visitors have taken on the page (e.g. clicks and views).
The data collected with WP Statistics is stored exclusively on our own server.
The use of this analysis tool is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the anonymized analysis of user behavior in order to optimize both our website and our advertising. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.
IP anonymization
We use WP Statistics with anonymized IP. Your IP address is shortened so that it can no longer be directly assigned to you.
Newsletter
If you subscribe to our company’s newsletter, the data in the respective input mask will be transmitted to the controller. The registration for our newsletter takes place in a so-called double opt-in procedure. I.e. after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with foreign e-mail addresses. When registering for the newsletter, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the e-mail address of the person concerned. The data is not passed on to third parties. An exception exists if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. The subscription to the newsletter can be cancelled by the data subject at any time. Likewise, consent to the storage of personal data can be revoked at any time. For this purpose, a corresponding link can be found in each newsletter. The legal basis for the processing of the data after registration for the newsletter by the user is, if the user has given his consent, Art. 6 para. 1 lit. a) DSGVO. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.
rapidmail
Description and purpose: We use rapidmail to send newsletters. The provider is rapidmail GmbH, Wentzingerstraße, 21, 79106 Freiburg, Germany. Among other things, rapidmail is used to organize and analyze the dispatch of newsletters. The data you enter for the purpose of receiving the newsletter is stored on rapidmail’s servers in Germany. If you do not want any analysis by rapidmail, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can also unsubscribe from the newsletter directly on the website. For the purpose of analysis, the e-mails sent with rapidmail contain a so-called tracking pixel, which connects to the servers of rapidmail when the e-mail is opened. In this way, it can be determined whether a newsletter message has been opened. Furthermore, with the help of rapidmail, we can determine whether and which links in the newsletter message are clicked. All links in the e-mail are so-called tracking links, with which your clicks can be counted. Depending on the font with which the respective newsletter is designed, a connection to external servers such as Google Fonts takes place.
Legal basis: The legal basis for data processing is Art. 6 para. 1 lit. a) DSGVO.
Recipient: The recipient of the data is rapidmail GmbH.
Transmission to third countries: A transfer of data to third countries does not take place.
Duration: The data stored by us within the scope of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of rapidmail after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.
Revocation option:You have the option to revoke your consent to data processing with effect for the future at any time. The legality of the data processing operations already carried out remains unaffected by the revocation
Further data protection information: For more details, please refer to rapidmail’s data security notices at: https://www.rapidmail.de/datensicherheit. For more information on the analysis functions of rapidmail, please refer to the following link: https://www.rapidmail.de/wissen-und-hilfe
Payment processor
What is a payment processor?
We use online payment systems on our website that allow us and you a secure and smooth payment process. Among other things, personal data may be sent to the respective payment provider, stored and processed there. Payment providers are online payment systems that allow you to place an order via online banking. In this case, the payment processing is carried out by the payment provider you have chosen. We then receive information about the payment made. This method can be used by any user who has an active online banking account with PIN and TAN. There are hardly any banks left that do not offer or accept such payment methods.
Why do we use payment processor on our website?
Of course, we want to offer the best possible service with our website and our integrated online store, so that you feel comfortable on our site and use our offers. We know that your time is precious and especially payment processes must work quickly and smoothly. For these reasons we offer you various payment providers. You can choose your preferred payment provider and pay in the usual way.
What data is processed?
Exactly which data is processed depends, of course, on the respective payment provider. But basically, data such as name, address, bank data (account number, credit card number, passwords, TANs, etc.) are stored. These are necessary data to be able to carry out a transaction at all. In addition, any contractual data and user data, such as when you visit our website, what content you are interested in or which sub-pages you click on, may also be stored. Your IP address and information about the computer you are using are also stored by most payment providers.
The data is usually stored and processed on the servers of the payment providers. We as the website operator do not receive this data. We are only informed whether the payment has worked or not. For identity and credit checks, it may happen that payment providers forward data to the appropriate body. For all payment transactions, the business and data protection principles of the respective provider always apply. Therefore, please always take a look at the general terms and conditions and the privacy policy of the payment provider. You also have the right to have data deleted or corrected at any time. Please contact the respective service provider regarding your rights (right of revocation, right to information and right to be affected).
Duration of data processing
We will inform you about the duration of data processing below if we have further information on this. In general, we process personal data only as long as it is absolutely necessary for the provision of our services and products. If it is required by law, for example in the case of accounting, this storage period may be exceeded. For example, we keep accounting documents relating to a contract (invoices, contract documents, account statements, etc.) for 10 years (§ 147 AO) and other relevant business documents for 6 years (§ 247 HGB) after they are created.
Right of objection
You always have the right to information, correction and deletion of your personal data. If you have any questions, you can also contact responsible persons of the payment provider used at any time. Contact details can be found either in our specific privacy policy or on the website of the corresponding payment provider.
You can delete, disable, or manage cookies that payment providers use for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that the payment process may then no longer work.
Legal Basis
We therefore offer other payment service providers in addition to the traditional banking/credit institutions for the processing of contractual or legal relationships (Art. 6 para. 1 lit. b DSGVO). The privacy statements of the individual payment providers (such as Amazon Payments, Apple Pay or Discover) will provide you with a detailed overview of data processing and data storage. In addition, you can always contact the responsible parties if you have any questions about data protection-related topics.
Information on the specific payment providers – if available – can be found in the following sections.
Stripe
What is Stripe?
We use a payment tool from the American technology company and online payment service Stripe on our website. For customers within the EU, Stripe Payments Europe (Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) is responsible. This means that if you choose Stripe as your payment method, your payment will be processed through Stripe Payments. In doing so, data necessary for the payment process will be forwarded to Stripe and stored. In this privacy policy, we provide you with an overview of this data processing and storage by Stripe and explain why we use Stripe on our website.
The technology company Stripe offers payment solutions for online payments. With Stripe it is possible to accept credit and debit card payments in our webshop. Stripe takes care of the entire payment process. A big advantage of Stripe is, for example, that you never have to leave our website or store during the payment process and the payment processing is very fast.
Why do we use Stripe for our website?
Of course, we want to offer the best possible service with our website and our integrated online store, so that you feel comfortable on our site and use our offers. We know that your time is precious and therefore especially payment processes have to work quickly and smoothly. In addition to our other payment providers, we have found a partner in Stripe that ensures secure and fast payment processing.
What data is stored by Stripe?
If you choose Stripe as your payment method, personal data will also be transmitted from you to Stripe and stored there. This is transaction data. This data includes the payment method (i.e. credit card, debit card or account number), bank code, currency, amount and date of payment. In the case of a transaction, your name, e-mail address, billing or shipping address, and sometimes your transaction history may also be transmitted. This data is necessary for authentication. Furthermore, Stripe may collect name, address, phone number and your country in addition to technical data about your device (such as IP address) for fraud prevention, financial reporting and to fully provide its own services.
Stripe does not sell any of your data to unrelated third parties, such as marketing agencies or other companies that have nothing to do with the Stripe company. However, the data may be shared with internal departments, a limited number of external Stripe partners, or for regulatory compliance purposes, for example. Stripe also uses cookies to collect data. Here is a selection of cookies that Stripe may set during the payment process:
Name: m Value: edd716e9-d28b-46f7-8a55-e05f1779e84e040456111961690-5 Purpose: : This cookie appears when you select the payment method. It stores and recognizes whether you access our website through a PC, tablet or smartphone. Expiration date: after 2 years
Name: __stripe_mid Value: fc30f52c-b006-4722-af61-a7419a5b8819875de9111961690-1 Purpose: To perform a credit card transaction, this cookie is needed. For this purpose, the cookie stores your session ID. Expiration date: after one year
Name: __stripe_sid Value: 6fee719a-c67c-4ed2-b583-6a9a50895b122753fe Purpose: This cookie also stores your ID and is used for the payment process on our website by Stripe. Expiration date: after the session expires
How long and where is the data stored?
Personal data is generally stored for the duration of the service provision. This means that the data is stored until we terminate the cooperation with Stripe. However, in order to comply with legal and regulatory obligations, Stripe may also store personal data beyond the duration of the service provision. Because Stripe is a global company, data may also be stored in any country where Stripe provides services. Thus, data may also be stored outside your country, for example in the USA.
How can I delete my data or prevent data storage?
Please note that when using this tool, data from you may also be stored and processed outside the EU. Most third countries (including the USA) are not considered secure under current European data protection law. Data to insecure third countries may therefore not simply be transferred, stored and processed there unless there are suitable safeguards (such as EU standard contractual clauses) between us and the non-European service provider.
You always have the right to access, correct and delete your personal data. If you have any questions, you can also contact the Stripe team at any time via https://support.stripe.com/contact/email.
You can delete, disable, or manage cookies that Stripe uses for its functions in your browser. Depending on which browser you use, this works in different ways. Under the section “Cookies” you will find the corresponding links to the respective instructions of the most popular browsers.
Legal Basis
We therefore offer the payment processor Stripe in addition to the traditional banking/credit institutions for the processing of contractual or legal relationships (Art. 6 (1) lit. b DSGVO). The successful use of the service further requires your consent (Art. 6 para. 1 lit. a DSGVO), insofar as the admission of cookies is necessary for the use.
Stripe also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of the data processing.
Stripe uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Stripe undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
For more information on the standard contractual clauses and on the data processed through the use of Stripe, please refer to the Privacy Policy at https://stripe.com/at/privacy.
Video Conferencing & Streaming
What are video conferencing & streaming?
We use software programs that enable us to hold video conferences, online meetings, webinars, display sharing and/or streaming. Video conferencing or streaming involves the simultaneous transmission of information via sound and moving images. With the help of such video conferencing or streaming tools, we can communicate with customers, business partners, clients and also employees quickly and easily over the Internet. Of course, we pay attention to the specified legal framework when selecting the service provider.
Basically, third-party providers can process data as soon as you interact with the software program. Third-party providers of the video conferencing or streaming solutions use your data and metadata for different purposes. For example, the data helps to make the tool more secure and to improve the service. Most of the time, the data may also be used for the third-party provider’s own marketing purposes.
Why do we use video conferencing & streaming on our website?
We want to communicate with you, with our customers and business partners, quickly, easily and securely, digitally as well. This works best with video conferencing solutions that are very easy to use. Most tools also work directly via your browser and after just a few clicks you are right in the middle of a video meeting. The tools also offer helpful additional features such as a chat and screen sharing function or the possibility to share content between meeting participants.
What data is processed?
If you participate in our video conference or in a streaming, data about you will also be processed and stored on the servers of the respective service provider.
Exactly what data is stored depends on the solutions used. Each provider stores and processes different and varying amounts of data. But as a rule, most providers store your name, address, contact data such as your email address or phone number, and your IP address. Furthermore, information about the device you are using, usage data such as which websites you visit, when you visit a website or which buttons you click on may also be stored. Data that is shared within the video conference (photos, videos, texts) may also be stored.
Duration of data processing
We will inform you about the duration of data processing below in connection with the service used, provided we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. It may be that the provider stores data from you according to its own specifications, over which we then have no influence.
Right of objection
You always have the right to information, correction and deletion of your personal data. If you have any questions, you can also contact the responsible persons of the video conferencing or streaming tool used at any time. Contact details can be found either in our specific privacy policy or on the website of the respective provider.
You can delete, disable, or manage cookies that providers use for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that all functions may then no longer work as usual.
Legal Basis
If you have consented that data from you can be processed and stored by the video or streaming solution, this consent is considered the legal basis for the data processing (Art. 6 (1) lit. a DSGVO). In addition, we may also offer a video conference as part of our services if this has been contractually agreed with you in advance (Art. 6 (1) lit. b DSGVO). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 (1) lit. f DSGVO) in fast and good communication with you or other customers and business partners, but only if you have at least consented. Most video or streaming solutions also set cookies in your browser to store data. Therefore, we recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie policy of the respective service provider.
For information on specific videoconferencing and streaming solutions, see the following sections, if available.
Zoom
What is Zoom?
For our website we use the video conferencing tool Zoom from the American software company Zoom Video Communications. The company is headquartered in San Jose, California, 55 Almaden Boulevard, 6th Floor, CA 95113. Thanks to “Zoom”, we can hold a video conference with customers, business partners, clients and also employees very easily and without installing any software. In this privacy statement, we go into more detail about the service and inform you about the most important privacy-relevant aspects.
Zoom is one of the world’s best-known video conferencing solutions. With the “Zoom Meetings” service, we can hold an online video conference with you, for example, but also with employees or other users via a digital conference room. This makes it very easy for us to get in touch digitally, exchange information on various topics, send text messages or even talk on the phone. Furthermore, you can also share the screen, exchange files and use a whiteboard via Zoom.
Why do we use Zoom on our website?
It is important to us that we can communicate with you quickly and easily. And that’s exactly what Zoom offers us. The software program also works directly via a browser. This means we can simply send you a link and start the video conference. Of course, additional functions such as screen sharing or file exchange are also very practical.
What data is stored by Zoom?
When you use Zoom, data is also collected from you so that Zoom can provide its services. On the one hand, this is data that you consciously provide to the company. This includes, for example, name, telephone number or your e-mail address. However, data is also automatically transmitted to Zoom and stored. This includes, for example, technical data of your browser or your IP address. In the following, we will go into more detail about the data that Zoom may collect from you and store:
When you provide information such as your name, username, email address, or phone number, Zoom stores that information. Content that you upload while using Zoom is also stored. This includes, for example, files or chat logs.
The technical data that Zoom automatically stores includes the IP address already mentioned above, as well as the MAC address, other device IDs, device type, which operating system you use, which client you use, camera type, microphone type, and speaker type. Your approximate location is also determined and stored. Furthermore, Zoom also stores information about how you use the service. So, for example, whether you “zoom” via desktop or smartphone, whether you use a phone call or VoIP, whether you participate with or without video, or whether you request a password. Zoom also records so-called metadata such as duration of the meeting/call, start and end of meeting participation, meeting name and chat status.
Zoom mentions in its own privacy policy that the company does not use advertising cookies or tracking technologies for its services. Only on its own marketing websites, such as https://explore.zoom.us/docs/de-de/home.html, these tracking methods are used. Zoom does not resell personal data or use it for advertising purposes.
How long and where is the data stored?
Zoom does not disclose a specific time frame in this regard, but emphasizes that the collected data will be stored for as long as it is necessary to provide the services or for its own purposes. Data is only stored longer if this is required for legal reasons.
Basically, Zoom stores the data it collects on U.S. servers, but data can arrive at different data centers around the world.
How can I delete my data or prevent data storage?
If you do not want data to be stored during the Zoom meeting, you must opt out of the meeting. However, you always have the right and option to have all your personal data deleted. If you have a Zoom account, please visit https://support.zoom.us/hc/en-us/articles/201363243-How-Do-I-Delete-Terminate-My-Account for instructions on how to delete your account.
Please note that when using this tool, data from you may also be stored and processed outside the EU. Most third countries (including the USA) are not considered secure under current European data protection law. Data to insecure third countries may therefore not simply be transferred, stored and processed there unless there are suitable safeguards (such as EU standard contractual clauses) between us and the non-European service provider.
Legal Basis
If you have consented that data from you can be processed and stored by the video or streaming solution, this consent is considered the legal basis for the data processing (Art. 6 (1) lit. a DSGVO). In addition, we may also offer a video conference as part of our services if this has been contractually agreed with you in advance (Art. 6 (1) lit. b DSGVO). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f DSGVO) in fast and good communication with you or other customers and business partners, but only if you have at least consented.
Zoom also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.
Zoom uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Zoom undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
We hope we have provided you with an overview of Zoom’s data processing. Of course, it is always possible that the company’s privacy policy may change. Therefore, for more information about the data processed and the standard contractual clauses, we also recommend that you read Zoom’s privacy policy at https://explore.zoom.us/de/privacy/?tid=111961690.
Microsoft Teams
We use Microsoft Teams, an online meeting and video conferencing service, on our website. The service provider is the American company Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Microsoft also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.
Microsoft uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Microsoft undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the United States. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
More information about Microsoft’s standard contractual clauses can be found at https://docs.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses.
You can learn more about the data processed by using Microsoft in the privacy policy at https://privacy.microsoft.com/de-de/privacystatement.
Other
What falls under “Other”?
The category “Other” includes those services that do not fit into one of the above categories. These are usually various plugins and embedded elements that enhance our website. As a rule, these functions are obtained from third-party providers and integrated into our website. For example, these are web search services such as Algolia Place, Giphy, Programmable Search Engine or online services for weather data such as OpenWeather.
Why do we use other third party providers?
With our website we want to offer you the best web offer in our industry. For a long time now, a website has not been just a business card for companies. Rather, it is a place that should help you find what you are looking for. To always make our website more interesting and helpful for you, we use various third-party services.
What data is processed?
Whenever elements are integrated into our website, your IP address is transmitted to the respective provider, stored and processed there. This is necessary because otherwise the content will not be sent to your browser and consequently will not be displayed accordingly. It may also happen that service providers also use pixel tags or web beacons. These are small graphics on websites that can record a log file and also create analyses of this file. With the information obtained, providers can improve their own marketing efforts. In addition to pixel tags, such information (such as which button you click or when you visit which page) can also be stored in cookies. In addition to analysis data about your web behavior, technical information such as your browser type or operating system can also be stored in them. Some providers may also link the data obtained with other internal services or with third-party providers. Each provider handles your data differently. Therefore, we recommend that you carefully read the privacy statements of the respective services. As a matter of principle, we endeavor to use only services that handle the issue of data protection very carefully.
Duration of data processing
We will inform you about the duration of data processing below, provided we have further information on this. In general, we process personal data only as long as it is absolutely necessary for the provision of our services and products.
Legal Basis
If we ask you for your consent and you also consent that we may use the service, this is considered the legal basis for the processing of your data (Art. 6 para. 1 lit. a DSGVO). In addition to the consent, there is a legitimate interest on our part to analyze the behavior of website visitors and thus to improve our offer technically and economically. The legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use the tools if you have given your consent.
Information on the specific tools, if available, is provided in the following sections.
Calendly
We use Calendly, a scheduling and organization tool, for our website. The service provider is the American company Calendly LCC, 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA.
Calendly also processes data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.
As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, Calendly uses standard contractual clauses approved by the EU Commission (= Art. 46. para. 2 and 3 DSGVO). These clauses oblige Calendly to comply with the EU level of data protection when processing relevant data also outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses here, among other places: https://germany.representation.ec.europa.eu/index_de
You can learn more about the data processed through the use of Calendly in the privacy policy at https://calendly.com/privacy.