Data Protection ALMAE Heilarbeitsinstitut GmbH
Privacy Policy
1. Introduction
This website is operated by: ALMAE-Heilarbeitsinstitut GmbH.
It is very important to us to handle the data of our website visitors with confidence
and to protect them in the best possible way. For this reason, we make every effort
to comply with the requirements of the GDPR.
Below we explain how we process your data on our website. We use language that
is as clear and transparent as possible so that you really understand what happens
to your data.
2. General information
2.1 Processing of personal data and other terms
Data protection applies to the processing of personal data. Personal data means all
data with which you can be personally identified. This is, for example, the IP
address of the device (PC, laptop, smartphone, etc.) in front of which you are
currently sitting. Such data is processed when ‘something happens to it’. Here, for
example, the IP is transmitted from the browser to our provider and stored there
automatically. This is then a processing (according to Art. 4 No. 2 GDPR) of
personal data (according to Art. 4 No. 1 GDPR).
These and other legal definitions can be found in Art. 4 GDPR.
2.2 Applicable regulations/laws – GDPR, BDSG and TDDDG
The scope of data protection is regulated by laws. In this case, these are the GDPR
(General Data Protection Regulation) as a European regulation and the BDSG
(Federal Data Protection Act) as a national law.
In addition, the TDDDG supplements the provisions of the GDPR as far as the use
of cookies is concerned.
2.3 The responsible
The controller within the meaning of the GDPR is responsible for data processing
on this website. This is the natural or legal person who alone or jointly with others
determines the purposes and means of the processing of personal data.
You can reach the responsible person under:
ALMAE-Heilarbeitsinstitut GmbH
Schillerhain 1 67292 Kirchheimbolanden
institute@almae.de
2.4 Data Protection Officer
We have appointed a data protection officer for our company. You can reach him
under:
Manuel Frey
Schillerhain 1, 67292 Kirchheimbolanden
institute@almae.de
2.5 This is how data is basically processed on this website
As we have already established, there is data (e.g. IP address) that is collected
automatically. This data is mainly required for the technical provision of the website.
If we also use personal data or collect other data, we will inform you of this or ask
for your consent.
Other personal data you share with us consciously.
You will find more detailed information below.
2.6 Yours Right
The GDPR provides you with comprehensive rights. These include, for example,
free information about the origin, recipient and purpose of your stored personal
data. You can also request the rectification, blocking or erasure of this data or lodge
a complaint with the competent data protection supervisory authority. You can
revoke your consent at any time.
You can find out in detail what these rights are and how to exercise them in the last
section of this Privacy Policy.
2.7 Data protection – Our view
Data protection is more than just a chore for us! Personal data is of great value and
careful handling of this data should be a matter of course in our digitalized world. In
addition, you as a website visitor should be able to decide for yourself what
“happens” to your data, when and by whom. Therefore, we undertake to comply with
all legal provisions, collect only the data necessary for us and, of course, treat
them confidentially.
2.8 Disclosure and deletion
The transfer and deletion of data are also important and sensitive topics. Therefore,
we would like to briefly inform you in advance about our general approach to this.
A transfer of data only takes place on the basis of a legal basis and only if this is
unavoidable. This may be the case in particular if it is a so-called Data Processor
and a Data Processing Agreement has been concluded in accordance with Art. 28
GDPR.
We delete your data when the purpose and the legal basis for processing cease to
exist and the deletion is not contrary to any other legal obligations. A ‘good’
overview of this is also provided by Art. 17 GDPR.
For further information, please refer to this Privacy Policy and contact the
responsible person if you have any specific questions.
2.9 Hosting
This website is hosted externally. The personal data collected on this website is
stored on the host’s servers. This includes the automatically collected and stored
log files (see below for more details), as well as all other data provided by website
visitors.
External hosting is used for the purpose of secure, fast and reliable provision of our
website and in this context serves to fulfill the contract with our potential and
existing customers.
The legal basis for the processing is Art. 6 para. 1 lit. a, b and f GDPR, as well as §
25 para. 1 TDDDG, insofar as consent includes the storage of cookies or access to
information in the terminal device of the website visitor or user within the meaning
of the TDDDG.
Our hoster only processes data that is necessary for the fulfillment of its service
obligation and acts as our Data Processor, which means that it is subject to our
instructions. We have concluded a corresponding Data Processing Agreement with
our hoster.
We use the following hoster:
netCup
netCup GmbH, Daimlerstraße 25, 76185 Karlsruhe, Germany
https://www.netcup.de/kontakt/datenschutzerklaerung.php.
2.10 Legal basis
The processing of personal data always requires a legal basis. The GDPR provides
for the following possibilities in Art. 6 (1) Sentence 1:
a) The data subject has given his/her consent to the processing of personal
data concerning him/her for one or more specific purposes;
b) the processing is necessary for the performance of a contract to which the
data subject is party or for the implementation of pre-contractual measures
taken at the data subject’s request;
c) processing is necessary for compliance with a legal obligation to whichthe
responsible person is subject to;
d) the processing is necessary in order to protect the vital interests of the
data subject or another natural person;
e) processing is necessary for the performance of a task carried out in the
public interest or in the exercise of official authority vested inthe
responsible was transferred;
f) processing is necessary for the purposes of safeguarding the legitimate
interests ofof the responsible orof a third party necessary, unless the
interests or fundamental rights and freedoms of the data subject which
require the protection of personal data override this, in particular where
the data subject is a child.
In the following sections, we will provide you with the specific legal basis for the
respective processing.
3. What happens on our website
By visiting our website, we process personal data about you.
To protect this data as best as possible against unauthorized access by third
parties, we use SSL or TLS encryption. You can recognize this encrypted
connection by the fact that a https:// or a lock symbol is displayed in the address
bar of your browser.
In the following, you will learn which data is collected when you visit our website, for
what purpose this is done and on what legal basis.
3.1 Data collection when calling up the website
By calling up the website, information is automatically stored in so-called server log
files. This is the following information:
– Browser type and version
– Operating system used
– Referrer URL
– Host name of the accessing computer
– Time of the server request
– IP address
This data is temporarily required in order to be able to display our website to you
permanently and without problems. In particular, this data serves the following
purposes:
– System security of the website
– System stability of the website
– Website troubleshooting
– Connecting to the website
– Website presentation
The data processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR and
is based on our legitimate interest in the processing of this data, in particular the
interest in the functionality of the website as well as its security.
If possible, this data is stored pseudonymously and deleted after the respective
purpose has been achieved.
Insofar as the server log files allow the identification of the person concerned, the
data is stored for a maximum period of 14 days. An exception exists if a security-
relevant event occurs. In this case, the server log files are stored until the
elimination and final clarification of the security-relevant event.
For the rest, a consolidation with other data does not take place.
3.2 Cookies
3.2.1 General
This website uses so-called cookies. This is a data record, information that is stored
in the browser of your terminal device and is related to our website.
By setting cookies, the navigation of the website in particular can be made easier
for the visitor.
In our Cookie Consent Tool you will find all information about the cookies we have
in use on our website (if applicable after your consent).
3.2.2 Reject cookies
You can manage all cookies that are not technically necessary directly via our cookie consent tool.
The setting of cookies can be prevented by adjusting the settings of your browser.
Here you can find the corresponding links to frequently used browsers:
Mozilla Firefox:https://support.mozilla.org/de/kb/cookies-und-website-daten-in-
firefox-loschen?redirectslug=Cookies+l%C3%B6schen&redirectlocale=en
Google Chrome:https://support.google.com/chrome/answer/95647?
co=GENIE.Platform%3DDesktop&hl=de
Microsoft Edge:https://support.microsoft.com/de-de/windows/l%C3%B6schen-und-
verwalten-von-cookies-168dab11-0753-043d-7c16-ede5947fc64d
Safari:https://support.apple.com/de-de/guide/mdm/mdmf7d5714d4/web
andhttps://support.apple.com/de-de/guide/safari/sfri11471/mac. As far asYou
another browserusesit is recommended to use the nameYours browser and ‘delete
and manage cookies’ in a search engine and follow the official link toYour browser
to follow.
Alternativeyou can use your Cookie settings also underwww.aboutads.info/choices/
orwww.youronlinechoices.commanage.
However, we must inform you that a comprehensive blocking/deletion of cookies
can lead to impairments in the use of the website.
3.2.3 Technically necessary cookies
We use technically necessary cookies on this website to ensure that our website
functions without errors and in accordance with applicable laws. They help to make
the website user-friendly. Some functions of our website cannot be displayed
without the use of cookies.
The legal basis for this is, depending on the individual case, Art. 6 para. 1 lit. b, c
and/or f GDPR.
3.2.4 Technically unnecessary cookies
We also use cookies on our website that are not technically necessary. These
cookies are used, among other things, to analyze the surfing behavior of the
website visitor or to offer functions of the website that are not technically necessary.
The legal basis for this is your consent pursuant to Art. 6 para. 1 lit. a GDPR.
Technically unnecessary cookies are only set with your consent, which you can
revoke at any time in the cookie consent tool.
3.3 Data processing through user input
3.3.1 Own data collection
We offer the following (service) on our website: Appointment.
For this purpose, we collect the following data:
Name
E-mail address
Phone number
The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR.
The data will be deleted as soon as the respective purpose ceases to apply and it is
possible in accordance with the legal requirements.
3.3.2 Contact
a) E-mail
When you contact us by email, we process your email address and any other data
contained in the email. This data is stored on the mail server and in some cases on
the respective end devices. Depending on the request, the legal basis for this is
regularly Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. The data will be
deleted as soon as the respective purpose no longer applies and it is possible in
accordance with the legal requirements.
b) Phone
If you contact us by phone, the call data may be stored pseudonymously on the
respective terminal device and with the telecommunications provider used.
Personal data collected during the telephone call will only be processed in order to
handle your request. Depending on the request, the legal basis for this is regularly
Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. The data will be deleted as
soon as the respective purpose ceases to apply and it is possible according to the
legal requirements.
c) Appointment tool
Microsoft Bookings
In order to be able to make an appointment with us, we integrate the functions of
Microsoft Bookings on our website. This service is provided by Microsoft Ireland
Operations Limited, One Microsoft Place, South County Business Park,
Leopardstown, Dublin 18, Ireland.
The data requested for this purpose will be used for the planning, execution and
follow-up of the appointment.
This data is used exclusively for technical provision and is then automatically
deleted.
Microsoft Bookings uses cookies to collect and store data on our website. These
cookies are only set with consent. This consent can be revoked and managed at
any time in our cookie consent tool. The legal basis for this is Art. 6 para. 1 lit. a
GDPR and § 25 para. 1 TDDDG, insofar as this consent includes access to
information in the user’s terminal device or the storage of cookies within the
meaning of the TDDDG.
In addition, the legal basis for the use of Microsoft Bookings is Art. 6 para. 1 lit. f
GDPR, as we have a legitimate interest in entering into a direct exchange with
customers, potential customers and other interested parties and processing
inquiries directly and as quickly as possible.
The data will be stored until the data subject requests deletion, revokes consent to
storage or the purpose for storage no longer applies. Mandatory statutory
provisions on retention periods remain unaffected.
You can find more information here:
https://privacy.microsoft.com/de-DE/privacystatement
3.4 Cookie Consent Tool
3.4.1 iubenda Cookie Solution
We use the iubenda cookie solution to ensure that only those cookies are set on
our website for which there is a legal basis. This service is provided by iubenda
s.r.l., Via San Raffaele, 1-20121 Milan, Italy.
This service is used to obtain the consent of the website visitor to the storage of
certain cookies in his browser or the use of certain technologies and to document it
in accordance with data protection law.
When this website is accessed, the consent given by the website visitor or the
revocation of consent is stored in the website visitor’s browser using a tracker. A
connection to the iubenda servers is established for this purpose.
The legal basis is Art. 6 para. 1 lit. c GDPR. iubenda is used to obtain the legally
required consent for the use of cookies.
The data collected will be stored until the website visitor requests its deletion or
iubenda deletes it itself or the purpose for storing the data no longer applies. The
mandatory statutory retention periods remain unaffected by this.
3.5 Analysis and tracking tools
3.5.1 Google Analytics
We use Google Analytics on this website. Google Analytics is a web analytics
service. This service is provided by Google Ireland Limited (“Google”), Gordon
House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses cookies to recognize the user and thus analyze usage
behavior. These cookies are only set with consent. Consent can be revoked at any
time and managed in our cookie consent tool.
The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1
TDDDG.
The information collected here is usually transferred to a Google server in the USA
and stored there. On July 10, 2023, the European Commission adopted an
adequacy decision for the USA. Google LLC is certified under the EU-US Privacy
Framework. However, as the Google servers are located worldwide and data
transfer to third countries (e.g. Singapore) cannot be ruled out, the EU
Commission’s Standard Contractual Clauses (SCC) apply.
The use of Google Analytics results in IP anonymization. The IP address of the
respective user is shortened on servers within the member states of the EU (or the
European Economic Area) in such a way that it is no longer possible to trace it back
to a natural person. In addition, Google undertakes to provide appropriate data
protection via the Google Ads data processing conditions and creates an evaluation
of website use and website activity and provides the services associated with use.
The Google Ads Data Processing Terms apply to companies that are subject to the
EU General Data Protection Regulation (GDPR) of the European Economic Area
(EEA), the California Consumer Privacy Act (CCPA) or similar regulations.
An additional browser plugin can be used to prevent the information collected (such
as the IP address) from being sent to Google and used by Google. The plugin and
further informationyou will find underhttps://tools.google.com/dlpage/gaoptout?
hl=de.
Otherwise, the storage period depends on the type of data processed. Each
customer can choose how long Google Analytics stores data before it is
automatically deleted. The maximum lifespan of a Google Analytics cookie is two
years.
Further information on the use of data by Googleyou will findalso
underhttps://support.google.com/analytics/answer/6004245?hl=de. For all further
questionsyou can also directly tosupport-deutschland@google.com turn.
3.5.2 Google Consent Mode
We use Google Consent Mode on our website to customize the use of Google
services based on your consent. This means that, depending on your consent, we
either use the full functionality of these services or only carry out limited data
collection.
Google Consent Mode allows a certain amount of data processing, even if consent
is denied, but in anonymized form.
We use the Advanced Consent Mode. This enables more detailed data collection if
you have consented to the use of cookies in accordance with Art. 6 para. 1 lit. a
GDPR. This data helps us to evaluate the performance of our marketing measures
more precisely and to carry out user-defined analyses.
The processing is carried out in our legitimate interest in being able to better control
and use certain functions of the Google services used on the website that require
consent. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR.
Further information on Google Consent Mode can be found at:
https://support.google.com/analytics/answer/9976101.
3.5.3 Google Conversion Tracking
This website uses Google Conversion Tracking. Google Conversion Tracking is a
web analytics service. This service is provided by Google Ireland Limited
(“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Conversion Tracking sets cookies for identification. We learn the number of
users and what actions were performed on the website by website visitors.
The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1
TDDDG. Consent can be revoked at any time.
The data will be deleted as soon as they are no longer needed for the processing
purposes.
More details:
https://policies.google.com/privacy?hl=de.
3.5.4 Google Tag Manager
On this website we use Google Tag Manager. Google Tag Manager is a web
analytics service. This service is provided by Google Ireland Limited (“Google”),
Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager does not store cookies and does not analyze
independently. It only serves to manage the tools integrated via it. However, the IP
address of the website visitor is recorded, which may be transferred to Google’s
parent company in the USA.
The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate
interest in the uncomplicated integration and management of various tools on its
website.
More details:
https://policies.google.com/privacy?hl=en.
3.5.5 Google Ads
We use Google Ads on this website. Google Ads is an online advertising program of
Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The service enables us to link advertisements in the Google search engine to
specific keywords and to place targeted advertisements based on existing user
data. Cookies are used for conversion tracking.
The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1
TDDDG. Consent can be revoked at any time.
In the case of data transfer to the USA, the standard contractual clauses (SCC) of
the EU Commission apply.
More details:
https://privacy.google.com/businesses/controllerterms/mccs/.
3.6 Social media plugins
3.6.1 LinkedIn
Elements of the social network LinkedIn are integrated on this website. This service
is offered by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place,
Dublin 2, Ireland.
If the social media element is activated, a direct connection is established between
the website visitor and the LinkedIn servers and the visitor’s IP address is
transmitted to LinkedIn. If the website visitor has a user account, the visit to this
website can be assigned to the corresponding user account. The website operator
gains no knowledge of the content of the transmitted data.
The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1
TDDDG. Consent can be revoked at any time.
In the case of data transfer to the USA, the standard contractual clauses (SCC) of
the EU Commission apply.
https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-
dem-ewr-und-derschweiz?lang=de.
More information:
https://www.linkedin.com/legal/privacy-policy.
3.6.2 XING
Elements of the social network XING are integrated on this website. This service is
offered by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
If the social media element is activated, a direct connection is established between
the website visitor and the XING servers. Personal data and the IP address are not
stored here. User behavior is not evaluated.
The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1
TDDDG. Consent can be revoked at any time.
More details:
https://privacy.xing.com/de/datenschutzerklaerung.
3.7 Social media profiles
In addition to our website, our company is also present on social networks. Here we
want to present our company and create the opportunity to get in touch with us.
We also use the opportunity to place advertisements and job advertisements on
social media.
In the following, we provide information about what data we and the respective
social network process when you visit and interaction with our profile.
3.7.1 LinkedIn
We operate a LinkedIn profile onhttps://www.linkedin.com/. This social network is
operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043,
USA.
a) Interaction with our company profile
When you visit our LinkedIn profile and interact with us via it, we process personal
data. personal data. On the one hand, the data made publicly available on the
profile. On the other hand, we also process the personal data contained in posts,
comments or direct messages to us. Through interactions such as liking or sharing,
we can see the user profile with the public information.
The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. It is in our legitimate
interest interest to provide relevant and interesting content and to enable the use
and functionality of our LinkedIn profile
Insofar as an inquiry is related to the fulfillment of a contract or is necessary to carry
out pre-contractual measures, our processing is based on Art. 6 para. 1 lit. b
GDPR.
b) Page Insights
LinkedIn provides us with aggregated statistics and insights (called Page Insights)
that tell us how people interact with our Company Page. Among other things, we
receive information about the number of profiles that view, comment on or
otherwise interact with our posts, as well as aggregated demographic and other
information that helps us learn about the interaction with our page or LinkedIn
profile. Pages Insights provided to us by LinkedIn consist of aggregated data, and
LinkedIn does not provide us with any personally identifiable information about
members in relation to Page Insights. We also have no way of linking Page Insights
to individual members.
When placing ads, LinkedIn provides us with information about the types of people
who see our ads and about the success of our ads. Personal data is only passed
on to us if this person has consented to such processing. We also receive
information from LinkedIn that allows us to understand which of our ads led to a
purchase being made or an action being taken.
The purpose of processing this data is to analyze our reach and to adapt our
content and advertisements to user interests. By evaluating this data, we can
recognize how our content, our profile and our advertising are consumed. This
enables us to create target group-specific content and place advertisements in
order to better market our company and our services.
The processing is based on our legitimate interest in accordance with Art. 6 para. 1
sentence 1 lit. f GDPR.
When processing personal data in the course of the so-called Page Insights, the
processing is carried out in joint responsibility with LinkedIn in accordance with Art.
26 para. 1 GDPR.
To this end, we have entered into a corresponding agreement with LinkedIn, which
is available here (https://legal.linkedin.com/pages-joint-controller-addendum) can
be viewed.
The contact details of LinkedIn are:
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
For LinkedIn, you can contact the data protection officer at the following link:
https://www.linkedin.com/help/linkedin/ask/TSO-DPO.
3.7.2 Processing by LinkedIn
In connection with your visit to our company profile, LinkedIn may also process
additional personal data. In this case, the processing is carried out under the sole
responsibility of LinkedIn and without our knowledge. You can find more information
from LinkedIn on this at:
https://de.linkedin.com/legal/privacy-policy.
3.8 Xing
We operate a Xing page. This social media platform is offered by New Work SE,
Am Strandkai 1, 20457 Hamburg, Germany.
3.8.1 Interaction with our company profile
When you visit our Xing profile and interact with us via it, we process personal data.
On the one hand, the data made publicly available on the profile. On the other
hand, we also process the personal data contained in posts, comments or direct
messages to us. Through interactions such as liking or sharing, we can see the
user profile with the public information.
It is also possible to contact us as the operator via the company profile using the
contact details provided.
If users are logged in to XING with their user account when they access the
company page, information about the access to the service can be assigned to the
respective user account. This information is also available to us as the operator of
the company profile. The provision of information can be avoided by logging out of
the XING user account before accessing the company page.
The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. It is in our legitimate
interest to provide relevant and interesting content, to maintain business contacts,
to draw attention to our services and job advertisements and to get in touch with
visitors to our profile and interested parties.
Insofar as an inquiry is related to the performance of a contract or is necessary for
the implementation of pre-contractual measures, our processing is based on Art. 6
para. 1 lit. b GDPR.
3.8.2 Processing of personal data and cookies by Xing
When using and accessing our company profile, personal data is also processed by
Xing. Xing is solely responsible for this processing. We have no influence on the
processing by Xing.
If consent has been given (for example, by setting your XING status to “actively
looking for a job”), Xing will contact you directly to suggest suitable job offers.
The processing of data can be restricted in the privacy settings.
Xing’s Privacy Policy can be viewed here:
https://privacy.xing.com/de/datenschutzerklaerung
3.8.3 YouTube
We operate a profile on YouTube. This is a video platform of Google Ireland
Limited, Gordon House, Barrow Street, Dublin 4, Ireland, which enables us to
publish video content and interact with our audience.
3.8.4 Data processing by us
We also process the data of profile visitors. In doing so, we process data from your
use of our profile, which is provided to us by YouTube.
This information includes statistics on visits to our profile, reports on the playback
time of our videos, user interaction (e.g. “I like” or comments), as well as
information about individual people who actively interact with our site, e.g. by
subscribing or using YouTube’s communication options.
The data entered on YouTube, in particular the user name and the content
published under the account, is made visible and processed by us through
interactions with our profile.
We process this data to enable communication and to optimize our content in terms
of reach and target group.
The legal basis for the processing is a legitimate interest in accordance with Art. 6
para. 1 lit. f GDPR for the purposes mentioned.
3.8.5 Data processing by YouTube
When visiting our YouTube channel or interacting with our YouTube channel,
YouTube collects personal data such as IP address, device information, geographic
information, as well as activity on the platform, including videos viewed, interactions
such as likes, comments and subscriptions. This data may be collected through
cookies and similar technologies that are stored on the device.
YouTube uses this information to operate and improve the platform, to provide
personalized advertising and to perform analyses and measurements to understand
how users interact with the content. In addition, data processing helps to evaluate
and improve the reach and effectiveness of content.
The processing of data by YouTube takes place, among other things, on the basis
of your consent, which is expressed by accepting the cookie policy on YouTube.
The data collected by YouTube may be shared within the Google group of
companies and with third parties who may be located in countries outside the
European Union, including the USA. Google LLC is certified by the EU-U.S. Data
Privacy Framework, which ensures that an adequate level of data protection is
maintained even when data is transferred to third countries.
We have no influence on the scope of the data processed by YouTube, the type of
processing and use or the transfer of this data to third parties. We also have no
effective control options in this respect.
Information on what data is processed by YouTube and for what purposes can be
found in YouTube’s Privacy Policy: https://policies.google.com/privacy?
hl=de&gl=de.
3.9 Third-party content
3.9.1 Google Fonts
We have integrated Google Fonts locally on our server. Thus, despite the use, no
data is transmitted to Google.
3.9.2 Wordfence
We use Wordfence on this website. Wordfence is a firewall and malware scanner.
This service is provided by Defiant Inc, 800 5th Ave Ste 4100, Seattle, WA 98104,
USA.
To protect a website from unwanted access or cyberattacks and to increase
security, this website establishes a permanent connection to Wordfence’s servers.
In this process, accesses are compared with Wordfence’s database and users are
blocked if necessary.
The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. The website operator
has a legitimate interest in effectively protecting its website from unwanted access
and cyberattacks.
In the case of data transfer to the USA, the standard contractual clauses (SCC) of
the EU Commission apply.
https://www.wordfence.com/help/general-data-protection-regulation/.
3.9.3 Updraft Plus
We use the Updraft Plus service. This service is provided by Updraft WP Software
Ltd, Welsh Ice Britannia House, Caerphilly Business Park, Caerphilly, Wales, CF83
3GG.
UpdraftPlus is a WordPress backup plugin that enables full manual or scheduled
backups of all WordPress files, databases, plugins and themes. It offers features
such as restoring backups directly from the WordPress control panel, migrating or
cloning WordPress websites and integrating with various cloud storage options for
secure backups.
With the help of this service, the entire WordPress installation is encrypted
(SFTP/SCP) at regular intervals.
The legal basis for the processing of personal data is otherwise Art. 6 para. 1 lit. f
GDPR. We have a legitimate interest in protecting our website through regular
backups.
More information:
https://updraftplus.com/data-protection-and-privacy-centre/.
3.9.4 WP-Optimize
We integrate the functions of WP-Optimize on our website. This service is provided
by Updraft WP Software Ltd, Welsh Ice Britannia House, Caerphilly Business Park,
Caerphilly, Wales, CF83 3GG.
WP-Optimize is a WordPress optimization tool that includes database cleanup,
image compression and page caching to improve website performance and speed.
It offers features such as automatic database cleanup, lossless and lossy image
compression, device-specific caching, CSS and JavaScript minimization, GZIP
compression and the ability to manage multiple websites with UpdraftCentral.
WP-Optimize can also set cookies. These cookies are only set with consent.
Consent can be revoked at any time. The legal basis for this is Art. 6 para. 1 lit. a
GDPR. Otherwise, the legal basis for the processing of personal data is Art. 6 para.
1 lit. f GDPR. We have a legitimate interest in optimizing the presentation of our
website. Further information: https://getwpo.com/data-protection-and-privacy-
centre/.
3.10 Audio and video conferencing
3.10.1 Microsoft Teams
For communication with customers we use Microsoft Teams. Microsoft Teams is an
online conferencing tool. This service is provided by Microsoft Ireland Operations
Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin
18, Ireland.
When communicating with this tool via video or audio conferencing, personal data
is processed by us and the provider of the tool. The data collected includes all
information that you provide when using the tool. Metadata relating to the
conference is also processed. Furthermore, technical information is processed that
is required for the function of online communication. Furthermore, all files that are
shared within the tool are stored on the tool provider’s servers.
Microsoft Teams may also set cookies. These cookies are set only with consent.
This consent can be revoked at any time. The legal basis for this is Art 6 para. 1 lit.
a GDPR.
Otherwise, the legal basis for the processing of data by Microsoft Teams is Art. 6
para. 1 lit. b GDPR. The communication is related to the performance of a contract
or is necessary for the fulfillment of pre-contractual obligations. Furthermore, this
tool is used to simplify communication with our company. This constitutes a
legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
This data is stored until the data subject requests deletion, consent to storage is
revoked, or the purpose for storage no longer applies. Cookies remain on the end
device until the user deletes them. Mandatory legal provisions regarding retention
periods remain unaffected.
More details:
https://privacy.microsoft.com/de-de/privacystatement.
3.11 Affiliate marketing
3.11.1 vibrant.store
We link to products and brands on our website that are offered via vibrant.store, a
central online store operated by Vibrant Ventures GmbH, Rudolfplatz 3, 50674
Cologne, Germany. As part of our affiliate marketing, we use these links to direct
users directly to the vibrant.store offer pages and receive a commission for
purchases or other qualifying actions. This involves processing personal data, such
as IP addresses, device information, click behavior and timestamps, which are
necessary for tracking affiliate links and assigning transactions. The purpose of the
data processing is to carry out affiliate marketing activities and the transparent
allocation of commission claims. The legal basis for the processing is Art. 6 para. 1
lit. f GDPR, based on our legitimate interest in the implementation of affiliate
marketing measures. Further information on data processing by vibrant.store can
be found here:
https://www.vibrant.shop/policies/privacy-policy.
3.12 Cloud backups
We use cloud backup functions on our website to protect the data and content of
the website from data loss, corruption or security incidents. This ensures that the
website can be restored quickly and completely in the event of a server failure, a
hacker attack or other unforeseen events.
If personal data is stored on our website, it is transferred to the servers of the
respective provider during backups. The legal basis for data processing is Art. 6
para. 1 lit. f GDPR, as we have a legitimate interest in backing up our data.
We use the following cloud backup service:
One Drive
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
https://privacy.microsoft.com/de-de/privacystatement.
4. This is also important
Finally, we would like to inform you in detail about your rights and how you will be
informed about changes in data protection requirements.
4.1 Yours Rights in detail
4.1.1 Right to information according to Art. 15 GDPR
You can request information about whether your personal data is being processed.
If this is the case, you can request further information about the type and manner of
processing. A detailed list can be found in Art. 15 (1) a) to h) GDPR.
4.1.2 Right to rectification according to Art. 16 GDPR
This right includes the correction of inaccurate data and the completion of
incomplete personal data.
4.1.3 Right to deletion according to Art. 17 GDPR
This so-called ‘right to be forgotten’ gives you the right, under certain conditions, to
demand the deletion of personal data by the controller. This is generally the case if
the purpose of the data processing has ceased to exist, if consent has been
revoked or if the initial processing took place without a legal basis. You can find a
detailed list of reasons in Art. 17 (1) lit. a to f GDPR. Furthermore, this “right to be
forgotten” corresponds with the obligation of the controller under Art. 17 (2) GDPR
to take appropriate measures to bring about a general erasure of the data.
4.1.4 Right to restriction of processing according to Art. 18 GDPR
This right is subject to the conditions set out in Art. 18(1)(a) to (d).
4.1.5 Right to data portability according to Art. 20 GDPR
Here, the basic right to receive one’s own data in a common form and to transfer it
to another data controller is regulated. However, this only applies to data processed
on the basis of consent or a contract pursuant to Art. 20 (1) (a) and (b) and to the
extent that this is technically feasible.
4.1.6 Right of objection according to Art. 21 GDPR
In principle, you can object to the processing of your personal data. This applies in
particular if your interest in objecting outweighs the legitimate interest of the
controller in the processing and if the processing relates to direct marketing and/or
profiling.
4.1.7 Right to “decision in individual cases” according to Art. 22 GDPR
In principle, you have the right not to be subject to a decision based solely on
automated processing (including profiling) which produces legal effects vis-à-vis
you or similarly significantly affects you. However, this right is also subject to
restrictions and additions in Art. 22 (2) and (4) GDPR.
4.1.8 Other rights
The GDPR contains comprehensive rights to inform third parties about whether or
how you have asserted rights under Art. 16, 17, 18 GDPR. However, this only
applies insofar as this is possible or feasible with reasonable effort.
At this point, we would like to inform you once again of your right to withdraw your
consent in accordance with Article 7 (3) of the GDPR. However, this does not affect
the lawfulness of the processing carried out up to that point.
In addition, we would like to inform you about your rights according to §§ 32 ff.
BDSG, which, however, are largely congruent with the rights just described.
4.1.9 Right of appeal according to Art. 77 GDPR
You also have the right to lodge a complaint with a data protection supervisory
authority if you consider that the processing of personal data relating to you
infringes this Regulation.
5. What if tomorrow the GDPR is abolished or other
changes take place?
From time to time it is necessary to adapt the content of the Privacy Policy to respond to factual and legal
changes. We therefore reserve the right to amend this Privacy Policy at any time.
We will publish the amended version in the same place and recommend that you
read the Privacy Policy regularly.