Privacy Policy

1. At a Glance

General Information

The following information provides a brief overview of what happens to your personal data when you visit this website. Personal data refers to any information that can be used to identify you personally. For detailed information on data protection, please refer to our Privacy Policy, which is listed below this text.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find the operator’s contact information in the “Information on the Data Controller” section of this Privacy Policy.

How do we collect your data?

We collect your data, in part, because you provide it to us. This may include, for example, data that you enter into a contact form.

Other data is collected by our IT systems automatically or with your consent when you visit the website. This primarily consists of technical data (e.g., internet browser, operating system, or the time the page was accessed). This data is collected automatically as soon as you access this website.

What do we use your data for?

Some of the data is collected to ensure that the website functions properly. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right at any time to obtain, free of charge, information about the source, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to the processing of your data, you may withdraw that consent at any time with future effect. In addition, you have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to file a complaint with the competent supervisory authority.

Please feel free to contact us at any time regarding this matter or any other questions you may have about data protection.

Analytics tools and third-party tools

When you visit this website, your browsing behavior may be analyzed for statistical purposes. This is primarily done using so-called analytics tools. You can find detailed information about these analytics tools in the privacy policy below.

2. Hosting

Hetzner

We host our website with Hetzner. The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter: Hetzner).

For more details, please refer to Hetzner's Privacy Policy:https://www.hetzner.com/de/rechtliches/datenschutz.

The use of Hetzner is based on Article 6(1)(f) of the GDPR. We have a legitimate interest in ensuring that our website is displayed as reliably as possible. If consent has been obtained, processing is based exclusively on Article 6(1)(a) of the GDPR; consent may be withdrawn at any time.

Order Processing

We have entered into a Data Processing Agreement (DPA) with the provider mentioned above. This is a contract required by data protection law that ensures the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. General Information and Mandatory Disclosures

Privacy Policy

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with applicable data protection laws and this Privacy Policy.

When you use this website, various types of personal data are collected. Personal data is information that can be used to identify you personally. This Privacy Policy explains what data we collect and how we use it. It also explains how and for what purpose this is done.

Please note that data transmission over the Internet (e.g., when communicating via email) may be subject to security risks. It is not possible to completely protect data from access by third parties.

Information about the data controller

The entity responsible for data processing on this website is:

Rapidobject GmbH
Weißenfelser Str. 84
04229 Leipzig

Phone: +49 341 23 18 37 30
Email: info@rapidobject.com

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

Retention period

Unless a more specific retention period is stated in this Privacy Policy, we will retain your personal data until the purpose for which it was collected no longer applies. If you submit a valid request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible grounds for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted once these grounds no longer apply.

Data Protection Officer

We have appointed a data protection officer for our company.

Hans Peter Becher
, Data Protection Officer

Phone: +49 341 23 18 37 30
Email: info@datenbeauftragter-info.de

Notice Regarding the Transfer of Data to the United States and Other Third Countries

Among other things, we use tools provided by companies based in the United States or other third countries that do not offer adequate data protection. When these tools are active, your personal data may be transferred to these third countries and processed there. Please note that these countries cannot guarantee a level of data protection comparable to that of the EU. For example, U.S. companies are required to disclose personal data to security authorities without you, as the data subject, being able to take legal action against this. It cannot therefore be ruled out that U.S. authorities (e.g., intelligence agencies) may process, analyze, and permanently store your data located on U.S. servers for surveillance purposes. We have no influence over these processing activities.

Withdrawal of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You may withdraw any consent you have already given at any time. The lawfulness of the data processing carried out prior to the withdrawal remains unaffected by the withdrawal.

Right to object to data collection in specific cases and to direct marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)( E OR F OF THE GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. YOU CAN FIND THE SPECIFIC LEGAL BASIS ON WHICH PROCESSING IS BASED IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, exercise, or defense of legal claims (objection pursuant to Art. 21(1) GDPR).

IF YOUR PERSONAL DATA IS BEING PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES; THIS ALSO APPLIES TO PROFILING, TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) OF THE GDPR).

Right to file a complaint with the competent supervisory authority

In the event of a breach of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place where the alleged breach occurred. This right to lodge a complaint is without prejudice to any other administrative or judicial remedies.

Right to data portability

You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract, either directly or through a third party, in a commonly used, machine-readable format. If you request that the data be transferred directly to another controller, this will only be done to the extent that it is technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential information, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address bar of your browser changes from “http://” to “https://” and by the lock icon in your browser’s address bar.

If SSL or TLS encryption is enabled, the data you send to us cannot be intercepted by third parties.

Secure online payments on this website

If, after entering into a paid contract, you are required to provide us with your payment information (e.g., account number for direct debit authorization), this information is necessary for processing the payment.

Payments made using standard payment methods (Visa/MasterCard, direct debit) are processed exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the browser’s address bar changes from “http://” to “https://” and by the padlock icon in your browser’s address bar.

With encrypted communication, the payment information you send to us cannot be read by third parties.

Access, Deletion, and Correction

In accordance with applicable legal provisions, you have the right at any time to receive, free of charge, information about your stored personal data, its source and recipients, and the purpose of the data processing, as well as the right to have this data corrected or deleted, if applicable. You may contact us at any time regarding this matter or any other questions you may have about personal data.

Right to restriction of processing

You have the right to request that the processing of your personal data be restricted. You may contact us at any time to do so. The right to restrict processing applies in the following cases:

• If you dispute the accuracy of your personal data stored by us, we generally need time to verify this. For the duration of the verification process, you have the right to request that the processing of your personal data be restricted.

• If your personal data has been or is being processed unlawfully, you may request that the processing be restricted instead of having the data erased.

• If we no longer need your personal data but you need it to exercise, defend, or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of being erased.

• If you have lodged an objection under Article 21(1) of the GDPR, a balancing of your interests against ours must be carried out. Until it is determined whose interests prevail, you have the right to request that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, such data may—apart from storage—be processed only with your consent, or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of a substantial public interest of the European Union or a Member State.

Objection to promotional emails

We hereby object to the use of contact information published in accordance with legal disclosure requirements for the purpose of sending unsolicited advertising and informational materials. The operators of this website expressly reserve the right to take legal action in the event of the unsolicited transmission of advertising information, such as through spam emails.

4. Data Collection on This Website

Cookies

Our website uses so-called “cookies.” Cookies are small text files that do not cause any harm to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Persistent cookies remain stored on your device until you delete them yourself or your web browser deletes them automatically.

In some cases, cookies from third-party companies may also be stored on your device when you visit our site (third-party cookies). These enable us or you to use certain services provided by the third-party company (e.g., cookies for processing payment services).

Cookies serve various purposes. Many cookies are technically necessary, as certain website features would not work without them (e.g., the shopping cart feature or the display of videos). Other cookies are used to analyze user behavior or display advertisements.

Cookies that are required to carry out the electronic communication process (necessary cookies), to provide certain features you have requested (functional cookies, e.g., for the shopping cart feature), or to optimize the website (e.g., cookies for measuring website traffic) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies to ensure the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the storage of the relevant cookies takes place exclusively on the basis of this consent (Art. 6(1)(a) GDPR); consent may be revoked at any time.

You can configure your browser to notify you when cookies are set, to allow cookies only on a case-by-case basis, to block cookies in specific cases or generally, and to enable the automatic deletion of cookies when you close your browser. Disabling cookies may limit the functionality of this website.

If cookies from third-party companies or for analytical purposes are used, we will inform you separately about this in this Privacy Policy and, if necessary, request your consent.

Consent via Cookiebot

Our website uses Cookiebot’s consent technology to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies, and to document this in compliance with data protection regulations. This technology is provided by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter “Cookiebot”).

When you visit our website, a connection is established with Cookiebot’s servers to obtain your consent and other statements regarding cookie usage. Cookiebot then stores a cookie in your browser to associate the consents you have given or their revocation with your session. The data collected in this way is stored until you request its deletion, delete the Cookiebot cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention obligations remain unaffected.

Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6(1)(c) of the GDPR.

Server log files

The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This information includes:

• Browser type and browser version

• operating system used

• Referrer URL

• Hostname of the connecting computer

• Time of the server request

• IP address

This data is not combined with other data sources.

This data is collected on the basis of Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in ensuring that the website functions properly and is optimized—to this end, server log files must be collected.

Contact Form

If you submit an inquiry to us via the contact form, we will store the information you provide in the form—including the contact details you enter there—for the purpose of processing your inquiry and in case we have any follow-up questions. We will not share this information without your consent.

The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), provided that such consent has been requested.

The data you enter in the contact form will remain with us until you request that we delete it, revoke your consent to its storage, or the purpose for storing the data no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions—in particular retention periods—remain unaffected.

Inquiries by email, phone, or fax

If you contact us by email, phone, or fax, we will store and process your inquiry, including all personal data contained therein (name, inquiry), for the purpose of handling your request. We will not share this information without your consent.

The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), provided that such consent has been requested.

The data you send us via contact requests will remain with us until you ask us to delete it, revoke your consent to its storage, or the purpose for storing the data no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular statutory retention periods—remain unaffected.

Online Appointment

On our website, you can schedule appointments with us. We use eTermin to book appointments. The provider is eTermin GmbH, Im Wiesengrund 8, 8304 Wallisellen, Switzerland (hereinafter “eTermin”).

To schedule an appointment, please enter the requested information and your preferred date and time in the form provided. The information you provide will be used for planning, conducting, and, if necessary, following up on the appointment. In addition, eTermin collects log files (including the number and time of page views, browser type, browser version, operating system, and an anonymized IP address).

Appointment data is stored for us on eTermin's servers; you can view their privacy policy here:https://www.etermin.net/online-terminbuchung-datenschutz.

The data you provide will remain with us until you request that we delete it, revoke your consent to its storage, or the purpose for storing the data no longer applies. Mandatory legal provisions—in particular retention periods—remain unaffected.

The legal basis for data processing is Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in making it as easy as possible for prospective customers and clients to schedule appointments. If consent has been requested, Article 6(1)(a) of the GDPR serves as the legal basis for data processing; consent may be withdrawn at any time.

Order Processing

We have entered into a Data Processing Agreement (DPA) with the provider mentioned above. This is a contract required by data protection law that ensures the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Salesforce Sales Cloud

We use Salesforce Sales Cloud to manage customer data. The provider is salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich (hereinafter “Salesforce”).

Salesforce Sales Cloud is a CRM system that enables us, among other things, to manage existing and potential customers as well as customer contacts, and to organize sales and communication processes. Using the CRM system also allows us to analyze our customer-related processes. Customer data is stored on Salesforce’s servers. In this context, personal data may also be transferred to the parent company of salesforce.com Germany GmbH, salesforce.com inc., Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA.

For details on the features of Salesforce Sales Cloud, click here:https://www.salesforce.com/de/products/sales-cloud/overview/.

The use of Salesforce Sales Cloud is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in managing customer data and communicating with customers as efficiently as possible. If consent has been obtained, processing is based exclusively on Article 6(1)(a) of the GDPR; consent may be withdrawn at any time.

Salesforce has Binding Corporate Rules (BCR) that have been approved by the French data protection authority. These are binding internal company rules that legitimize the transfer of data within the company to third countries outside the EU and the EEA. For more details, please visit:https://www.salesforce.com/de/blog/2020/07/die-binding-corporate-rules-von-salesforce-erfuellen-hoechste-da.html.

For more details, please refer to Salesforce’s Privacy Policy:https://www.salesforce.com/de/company/privacy/.

Order Processing

We have entered into a Data Processing Agreement (DPA) with the provider mentioned above. This is a contract required by data protection law that ensures the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Registration on this website

You can register on this website to access additional features. We will use the information you provide solely for the purpose of providing the specific product or service for which you have registered. You must provide all required information requested during registration. Otherwise, we will decline your registration.

For important changes, such as changes to the scope of our services or technically necessary changes, we will use the email address you provided during registration to notify you.

The data provided during registration is processed for the purpose of establishing the user relationship resulting from the registration and, where applicable, for the purpose of entering into further contracts (Art. 6(1)(b) of the GDPR).

We will retain the data collected during registration for as long as you remain registered on this website, after which it will be deleted. This does not affect any statutory retention periods.

5. Analytics Tools and Advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking and analytics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies, or perform any independent analysis. It is used solely to manage and deploy the tools integrated through it. However, Google Tag Manager does collect your IP address, which may be transferred to Google’s parent company in the United States.

The use of Google Tag Manager is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in the quick and easy integration and management of various tools on its website. If consent has been obtained, processing is based exclusively on Article 6(1)(a) of the GDPR; consent may be withdrawn at any time.

Google Analytics

This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows website operators to analyze the behavior of website visitors. In doing so, website operators receive various usage data, such as page views, time spent on the site, operating systems used, and the user’s location. Google may aggregate this data into a profile that is associated with the respective user or their device.

In addition, Google Analytics allows us to track your mouse and scroll movements, as well as your clicks. Google Analytics also uses various modeling techniques to supplement the collected data and employs machine learning technologies in its data analysis.

Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google regarding the use of this website is generally transmitted to a Google server in the United States and stored there.

The use of this analytics tool is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If consent has been obtained (e.g., consent to the storage of cookies), processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR; consent may be revoked at any time.

Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. For more details, please visit:https://privacy.google.com/businesses/controllerterms/mccs/.

Browser plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link:https://tools.google.com/dlpage/gaoptout?hl=de.

For more information on how Google Analytics handles user data, please see Google's Privacy Policy:https://support.google.com/analytics/answer/6004245?hl=de.

Order Processing

We have entered into a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities regarding the use of Google Analytics.

Google Analytics E-commerce Tracking

This website uses the "E-commerce Tracking" feature of Google Analytics. With the help of E-commerce Tracking, the website operator can analyze the purchasing behavior of website visitors to improve its online marketing campaigns. This involves collecting information such as orders placed, average order values, shipping costs, and the time from viewing to purchasing a product. Google may aggregate this data under a transaction ID that is assigned to the respective user or their device.

Retention period

Data stored by Google at the user and event level that is linked to cookies, user identifiers (e.g., User ID), or advertising IDs (e.g., DoubleClick cookies, Android Advertising ID) is anonymized or deleted after 14 months. For more details, please visit the following link:https://support.google.com/analytics/answer/7667196?hl=de

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display ads in the Google search engine or on third-party websites when users enter specific search terms into Google (keyword targeting). Furthermore, targeted ads can be displayed based on user data available to Google (e.g., location data and interests) (audience targeting). As website operators, we can quantitatively evaluate this data by, for example, analyzing which search terms led to the display of our ads and how many ads resulted in corresponding clicks.

The use of Google Ads is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in marketing its services and products as effectively as possible.

Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. For more details, please visit:https://policies.google.com/privacy/frameworksandhttps://privacy.google.com/businesses/controllerterms/mccs/.

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google Conversion Tracking, Google and we can determine whether a user has performed certain actions. For example, we can analyze which buttons on our website are clicked and how often, as well as which products were viewed or purchased particularly frequently. This information is used to generate conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information that allows us to personally identify the user. Google itself uses cookies or similar recognition technologies for identification purposes.

The use of Google Conversion Tracking is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If consent has been obtained (e.g., consent to the storage of cookies), processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR; consent may be revoked at any time.

For more information about Google Conversion Tracking, please refer to Google's Privacy Policy:https://policies.google.com/privacy?hl=de.

Google DoubleClick

This website uses features provided by Google DoubleClick. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “DoubleClick”).

DoubleClick is used to display interest-based ads to you across the Google Display Network. With the help of DoubleClick, these ads can be tailored to the specific interests of each viewer. For example, our ads may appear in Google search results or in ad banners connected to DoubleClick.

In order to display interest-based ads to users, DoubleClick must be able to recognize each viewer and associate them with the websites they have visited, their clicks, and other information about their user behavior. To do this, DoubleClick uses cookies or similar recognition technologies (e.g., device fingerprinting). The collected information is compiled into a pseudonymous user profile to display interest-based ads to the user in question.

Google DoubleClick is used for the purpose of targeted advertising. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. If consent has been obtained (e.g., consent to the storage of cookies), processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR; consent may be revoked at any time.

For more information on how to opt out of the ads displayed by Google, please visit the following links:https://policies.google.com/technologies/adsandhttps://adssettings.google.com/authenticated.

Facebook Pixel

This website uses Facebook's visitor action pixels to measure conversions. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the United States and other third countries.

This allows the provider to track the behavior of website visitors after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables the provider to evaluate the effectiveness of Facebook ads for statistical and market research purposes and to optimize future advertising campaigns.

The data collected is anonymous to us as the operator of this website; we cannot identify individual users. However, the data is stored and processed by Facebook, allowing a link to the respective user profile and enabling Facebook to use the data for its own advertising purposes in accordance withFacebook’s Data Use Policy. This allows Facebook to display advertisements on Facebook pages as well as outside of Facebook. As the site operator, we have no influence over this use of the data.

The use of Facebook Pixel is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in effective advertising measures, including social media. If consent has been requested (e.g., consent to the storage of cookies), processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR; consent may be revoked at any time.

Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. For more details, please visit:https://www.facebook.com/legal/EU_data_transfer_addendumandhttps://de-de.facebook.com/help/566994660333381.

To the extent that personal data is collected on our website using the tool described here and transmitted to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set forth in a joint processing agreement. The text of the agreement can be found at:https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing privacy information regarding the use of the Facebook tool and for ensuring the tool is implemented on our website in compliance with data protection laws. Facebook is responsible for the data security of Facebook products. You can exercise your data subject rights (e.g., requests for information) regarding the data processed by Facebook directly with Facebook. If you exercise your data subject rights with us, we are obligated to forward them to Facebook.

You can find more information about protecting your privacy in Facebook's Privacy Policy:https://de-de.facebook.com/about/privacy/.

You can also disable the "Custom Audiences" remarketing feature in the Ad Settings section athttps://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.

If you do not have a Facebook account, you can opt out of Facebook’s interest-based advertising on the European Interactive Digital Advertising Alliance website:http://www.youronlinechoices.com/de/praferenzmanagement/.

LinkedIn Insight Tag

This website uses the LinkedIn Insight Tag. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Data processing via the LinkedIn Insight Tag

The LinkedIn Insight Tag allows us to gather information about visitors to our website. If a website visitor is registered on LinkedIn, we can analyze key professional data (e.g., career level, company size, country, location, industry, and job title) and use this information to better tailor our site to specific target audiences. Furthermore, with the help of LinkedIn Insight Tags, we can measure whether visitors to our websites make a purchase or take another action (conversion tracking). Conversion tracking can also be performed across devices (e.g., from PC to tablet). LinkedIn Insight Tag also offers a retargeting feature that allows us to display targeted ads to our website visitors outside of the website; however, according to LinkedIn, the recipient of the ad is not identified.

LinkedIn also collects so-called log files (URL, referrer URL, IP address, device and browser properties, and time of access). IP addresses are truncated or (if used to reach LinkedIn members across devices) hashed (pseudonymized). LinkedIn members’ direct identifiers are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days.

As the website operator, we are unable to link the data collected by LinkedIn to specific individuals. LinkedIn will store the personal data collected from website visitors on its servers in the United States and use it for its own advertising purposes. For more details, please refer to LinkedIn’s Privacy Policy athttps://www.linkedin.com/legal/privacy-policy#choices-oblig.

Legal basis

The use of LinkedIn Insight is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in effective advertising measures, including social media. If consent has been requested (e.g., consent to the storage of cookies), processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR; consent may be revoked at any time.

Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. For more details, please visit:https://www.linkedin.com/legal/l/dpaandhttps://www.linkedin.com/legal/l/eu-sccs.

Objection to the use of the LinkedIn Insight Tag

To opt out of the analysis of your usage behavior and targeted advertising by LinkedIn, click the following link:https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

In addition, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

ClickCease

We use the features of the advertising analytics service ClickCease (Karniboo Technologies Limited dba ClickCease, 26th Eliphelet Street, Tel Aviv, Israel) on our website. The provider collects, stores, and processes information that your browser automatically transmits. This includes, in particular, the browser type and version, the operating system used, the referrer URL, the hostname of the accessing computer, the time of the server request, and the IP address. In addition, your time spent on our site, the number of page views, and the search terms used are stored.
The legal basis for this processing is Article 6(1)(f) of the GDPR.

The provider of the web tool analyzes this data for suspicious behavior related to click fraud, i.e., the frequency of ad views from a single IP address. The collected data may be processed and stored outside the European Union.
Further information and the privacy policy can be found at the following address:https://www.clickcease.com/privacy.html.
Information on the GDPR can be found here:http://docs.clickcease.com/pricing-privacy-and-terms/the-clickcease-roadmap-to-gdpr-compliance

6. Newsletter

Newsletter information

If you would like to subscribe to the newsletter offered on the website, we will need your email address as well as information that allows us to verify that you are the owner of the email address provided and that you consent to receiving the newsletter. No other data is collected, or is collected only on a voluntary basis. We use newsletter service providers, described below, to manage the newsletter.

ActiveCampaign

This website uses ActiveCampaign to send newsletters. The provider is ActiveCampaign, Inc., 1 N Dearborn, 5th Floor, Chicago, Illinois 60602, USA.

ActiveCampaign is a service that allows you to organize and analyze the distribution of newsletters, among other things. The data you provide when subscribing to the newsletter is stored on ActiveCampaign’s servers in the United States.

Data Analysis with ActiveCampaign

With the help of ActiveCampaign, we can analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links were clicked, if any. This allows us to determine, among other things, which links were clicked on particularly often.

We can also track whether certain predefined actions were taken after the email was opened or clicked (conversion rate). For example, we can see whether you made a purchase after clicking on the newsletter.

ActiveCampaign also allows us to segment newsletter recipients into different categories (“cluster” them). For example, newsletter recipients can be segmented by age, gender, or location. This allows us to better tailor the newsletters to the respective target groups. If you do not want your data analyzed by ActiveCampaign, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.

For detailed information about ActiveCampaign's features, please visit the following link:https://www.activecampaign.com/email-marketing.

You can find ActiveCampaign's Privacy Policy at:https://www.activecampaign.com/privacy-policy.

Legal basis

Data processing is based on your consent (Art. 6(1)(a) of the GDPR). You may withdraw this consent at any time. The lawfulness of any data processing that has already taken place remains unaffected by the withdrawal.

Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. For more details, please visit:https://www.activecampaign.com/legal/sccandhttps://www.activecampaign.com/de/legal/gdpr-updates/privacy-shield.

Retention period

The data you have provided to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter, at which point it will be deleted from the newsletter distribution list. Data stored by us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter mailing list, your email address may be stored in a blacklist by us or the newsletter service provider, if necessary, to prevent future mailings. The data from the blacklist is used solely for this purpose and is not combined with any other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Storage on the blacklist is not time-limited.You may object to the storage if your interests outweigh our legitimate interest.

Order Processing

We have entered into a Data Processing Agreement (DPA) with the provider mentioned above. This is a contract required by data protection law that ensures the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

7. Plugins and Tools

YouTube with enhanced privacy settings

This website embeds YouTube videos. The site is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in enhanced privacy mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. However, enhanced privacy mode does not necessarily prevent data from being shared with YouTube partners. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

As soon as you play a YouTube video on this website, a connection is established with YouTube’s servers. This informs the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to link your browsing activity directly to your personal profile. You can prevent this by logging out of your YouTube account.

In addition, after a video starts playing, YouTube may store various cookies on your device or use similar tracking technologies (e.g., device fingerprinting). This allows YouTube to collect information about visitors to this website. This information is used, among other things, to track video statistics, improve the user experience, and prevent fraud.

In some cases, additional data processing operations may be triggered after a YouTube video is started, over which we have no control.

We use YouTube to ensure that our online content is presented in an engaging manner. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. If consent has been obtained, processing is based solely on Article 6(1)(a) of the GDPR; consent may be withdrawn at any time.

For more information about data protection on YouTube, please see their Privacy Policy at:https://policies.google.com/privacy?hl=de.

Google Web Fonts (locally hosted)

This site uses web fonts provided by Google to ensure consistent font display. The Google Fonts are installed locally. No connection is made to Google's servers.

For more information about Google Web Fonts, visithttps://developers.google.com/fonts/faqand review Google’s Privacy Policy:https://policies.google.com/privacy?hl=de.

Font Awesome (local hosting)

This site uses Font Awesome to ensure consistent font styling. Font Awesome is installed locally. No connection is made to servers operated by Fonticons, Inc.

For more information about Font Awesome, please see the Font Awesome Privacy Policy at:https://fontawesome.com/privacy.

Google Maps

This site uses the Google Maps mapping service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the features of Google Maps, it is necessary to store your IP address. This information is typically transmitted to a Google server in the United States and stored there. The provider of this site has no influence over this data transfer. When Google Maps is enabled, Google may use Google Web Fonts to ensure consistent font display. When you access Google Maps, your browser loads the required web fonts into its cache to display text and fonts correctly.

We use Google Maps to ensure that our online content is presented in an appealing way and to make it easy for users to locate the places listed on our website. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR; consent may be withdrawn at any time.

Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. For more details, please visit:https://privacy.google.com/businesses/gdprcontrollerterms/andhttps://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

For more information on how user data is handled, please see Google's Privacy Policy:https://policies.google.com/privacy?hl=de.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is used to verify whether data entry on this website (e.g., in a contact form) is performed by a human or by an automated program. To do this, reCAPTCHA analyzes the website visitor’s behavior based on various characteristics. This analysis begins automatically as soon as the website visitor enters the site. For the analysis, reCAPTCHA evaluates various pieces of information (e.g., IP address, the duration of the website visitor’s stay on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not notified that an analysis is taking place.

The storage and analysis of data are based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and from SPAM. If consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR; consent may be revoked at any time.

For more information about Google reCAPTCHA, please refer to Google’s Privacy Policy and Terms of Service at the following links:https://policies.google.com/privacy?hl=deandhttps://policies.google.com/terms?hl=de.

Zapier

We have integrated Zapier into this website. The provider is Zapier Inc., 62411 Market St., San Francisco, CA 94104-5401, USA (hereinafter “Zapier”).

Zapier allows us to connect various features, databases, and tools to our website and synchronize them with one another. This makes it possible, for example, to automatically post content we publish on our website to our social media channels or to export content from marketing and analytics tools. Depending on the feature, Zapier may also collect various types of personal data in the process.

The use of Zapier is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in ensuring that the tools used are integrated as effectively as possible. If consent has been obtained, processing is based exclusively on Article 6(1)(a) of the GDPR; consent may be withdrawn at any time.

Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. For more details, please visit:https://zapier.com/tos.

Order Processing

We have entered into a Data Processing Agreement (DPA) with the provider mentioned above. This is a contract required by data protection law that ensures the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

WebinarJam

We use WebinarJam to host and manage online webinars. This service is provided by Genesis LLC, 7660 Fay Ave #H184, La Jolla, California (USA).

When you participate in one of our webinars, your personal data is stored on WebinarJam’s servers. This includes, in particular, your IP address, as well as any information you enter into WebinarJam yourself (e.g., your email address or chat messages).

Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. For more details, please visit:https://home.webinarjam.com/dpa.

For details on data processing, please refer to WebinarJam’s Privacy Policy:https://home.webinarjam.com/privacypolicy.

8. E-commerce and Payment Providers

Processing of Data (Customer and Contract Data)

We collect, process, and use personal data only to the extent necessary to establish, define the terms of, or modify the legal relationship (master data). This is done in accordance with Article 6(1)(b) of the GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. We collect, process, and use personal data regarding the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill for it.

The customer data collected will be deleted once the order has been completed or the business relationship has ended. Statutory retention periods remain unaffected.

Data Transmission Upon Contract Conclusion for Online Stores, Retailers, and Merchandise Shipping

When you order goods from us, we share your personal data with the shipping company responsible for delivery and with the payment service provider handling the payment transaction. We only disclose the data that the respective service provider needs to fulfill its task. The legal basis for this is Article 6(1)(b) of the GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. If you have provided your consent in accordance with Article 6(1)(a) of the GDPR, we will share your email address with the shipping company responsible for delivery so that they can inform you via email about the shipping status of your order; you may revoke your consent at any time.

Data transmission upon conclusion of a contract for services and digital content

We only disclose personal data to third parties when necessary for the fulfillment of the contract, such as to the financial institution responsible for processing payments.

Your data will not be disclosed to any other parties, unless you have expressly consented to such disclosure. Your data will not be disclosed to third parties without your express consent, for example for advertising purposes.

The legal basis for data processing is Article 6(1)(b) of the GDPR, which permits the processing of data for the performance of a contract or the implementation of pre-contractual measures.

Credit checks

If you choose to purchase on account or use another payment method that requires us to make an advance payment, we may conduct a credit check (scoring). To do this, we will forward the information you have provided (e.g., name, address, age, or bank details) to a credit reporting agency. Based on this information, the likelihood of non-payment will be assessed. If the risk of non-payment is deemed too high, we may refuse the payment method in question.

The credit check is conducted for the purpose of fulfilling the contract (Art. 6(1)(b) GDPR) and to prevent payment defaults (legitimate interest under Art. 6(1)(f) GDPR). If consent has been obtained, the credit check is conducted on the basis of this consent (Art. 6(1)(a) GDPR); consent may be revoked at any time.

Payment services

We integrate third-party payment services into our website. When you make a purchase from us, your payment information (e.g., name, payment amount, bank account details, credit card number) is processed by the payment service provider for the purpose of processing the payment. The respective terms and conditions and privacy policies of the respective providers apply to these transactions. The use of payment service providers is based on Art. 6(1)(b) GDPR (contract fulfillment) as well as in the interest of ensuring a payment process that is as smooth, convenient, and secure as possible (Art. 6(1)(f) GDPR). To the extent that your consent is requested for certain actions, Art. 6(1)(a) GDPR serves as the legal basis for data processing; consent may be revoked at any time with future effect.

We use the following payment services / payment service providers on this website:

PayPal

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).

Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. For more details, please visit:https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

For more details, please refer to PayPal's Privacy Policy:https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

PayOne

This payment service is provided by PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main (hereinafter “PayOne”). For more details, please refer to PayOne’s Privacy Policy:https://www.payone.com/DE-de/datenschutz.

Mastercard

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter “Mastercard”).

Mastercard may transfer data to its parent company in the United States. Data transfers to the United States are based on Mastercard’s Binding Corporate Rules. For more details, please visit:https://www.mastercard.de/de-de/datenschutz.htmlandhttps://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISA

This payment service is provided by Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter “VISA”).

The United Kingdom is considered a safe third country for data protection purposes. This means that the United Kingdom has a level of data protection that is equivalent to that of the European Union.

VISA may transfer data to its parent company in the United States. Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. For more details, please visit:https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.

For more information, please refer to VISA’s Privacy Policy:https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

9. Audio and Video Conferences

Data Processing

We use online conferencing tools, among other methods, to communicate with our customers. The specific tools we use are listed below. When you communicate with us via video or audio conference over the Internet, your personal data is collected and processed by us and by the provider of the respective conferencing tool.

The conferencing tools collect all data that you provide or use in connection with the tools (email address and/or phone number). In addition, the conferencing tools process the duration of the conference, the start and end times of your participation in the conference, the number of participants, and other “contextual information” related to the communication process (metadata).

In addition, the tool provider processes all technical data necessary for handling online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.

If content is exchanged, uploaded, or otherwise made available within the tool, it is also stored on the tool provider’s servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared while using the service.

Please note that we do not have full control over the data processing activities of the tools we use. Our options are largely determined by the corporate policies of the respective providers. For further information on data processing by the conference tools, please refer to the privacy policies of the respective tools, which we have listed below.

Purpose and Legal Basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer specific services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of these tools serves to generally simplify and expedite communication with us or our company (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Where consent has been requested, the use of the relevant tools is based on this consent; consent may be revoked at any time with future effect.

Retention period

Data that we collect directly through video and conferencing tools is deleted from our systems as soon as you request its deletion, revoke your consent to its storage, or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal retention periods remain unaffected.

We have no control over how long your data is stored by the operators of the conferencing tools for their own purposes. For more details, please contact the operators of the conferencing tools directly.

Conference tools used

We use the following conferencing tools:

Zoom

We use Zoom. The provider of this service is Zoom Communications Inc., San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. For details on data processing, please refer to Zoom’s Privacy Policy:https://zoom.us/de-de/privacy.html.

Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. For more details, please visit:https://zoom.us/de-de/privacy.html.

Order Processing

We have entered into a Data Processing Agreement (DPA) with the provider mentioned above. This is a contract required by data protection law that ensures the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

10. Our Own Services

Handling of Applicant Data

We offer you the opportunity to apply for a position with us (e.g., by email, mail, or via our online application form). Below, we provide information about the scope, purpose, and use of the personal data collected from you during the application process. We assure you that the collection, processing, and use of your data are carried out in accordance with applicable data protection laws and all other legal provisions, and that your data will be treated as strictly confidential.

Scope and Purpose of Data Collection

If you submit an application to us, we will process your associated personal data (e.g., contact and communication details, application documents, notes taken during interviews, etc.) to the extent necessary to decide whether to enter into an employment relationship. The legal basis for this is Section 26 of the German Federal Data Protection Act (BDSG) (initiation of an employment relationship), Art. 6(1)(b) of the GDPR (general contract initiation), and—provided you have given your consent—Art. 6(1)(a) of the GDPR. Consent may be revoked at any time. Your personal data will be shared within our company exclusively with those individuals involved in processing your application.

If your application is successful, the data you have submitted will be stored in our data processing systems in accordance with Section 26 of the German Federal Data Protection Act (BDSG) and Article 6(1)(b) of the General Data Protection Regulation (GDPR) for the purpose of administering the employment relationship.

Data retention period

If we are unable to offer you a position, if you decline a job offer, or if you withdraw your application, we reserve the right to retain the data you have provided for up to 6 months from the conclusion of the application process (rejection or withdrawal of the application) based on our legitimate interests (Art. 6(1)(f) GDPR). The data will then be deleted and the physical application documents destroyed. The retention serves, in particular, as evidence in the event of a legal dispute. If it becomes apparent that the data will be required after the 6-month period has expired (e.g., due to an impending or pending legal dispute), deletion will not take place until the purpose for continued retention no longer applies.

Data may also be retained for a longer period if you have provided your consent (Art. 6(1)(a) of the GDPR) or if statutory retention requirements prevent its deletion.

Inclusion in the candidate pool

If we do not offer you a position, we may add you to our candidate pool. If we do add you, all documents and information from your application will be transferred to the candidate pool so that we can contact you if suitable openings arise.

Inclusion in the applicant pool is based solely on your explicit consent (Art. 6(1)(a) GDPR). Providing consent is voluntary and has no bearing on the ongoing application process.The data subject may withdraw their consent at any time.In this case, the data will be permanently deleted from the applicant pool, provided there are no legal grounds for retention.

Data from the applicant pool will be permanently deleted no later than two years after consent is given.