Data protection

Privacy policy

Thank you for visiting our website and for your interest in our company. We understand data protection as a customer-oriented quality feature. The protection of your personal data and the protection of your personal rights are important to us.

With this data protection declaration, we would like to inform all visitors to our website transparently about the type, scope and purpose of the personal data collected, used and processed by us and inform you about the rights to which you are entitled.

In principle, it is possible to use our website without providing personal data. However, should you use services of our company via our website, the processing of your personal data may become necessary.

The data automatically collected when you visit our website or the personal data entered by you when using our services will be processed in accordance with the current legal provisions on the protection of personal data.

If processing of your personal data is necessary and there is no legal basis for such processing, we generally obtain consent for the required purpose of the processing.

As the company responsible for processing, we have established technical and organizational measures to ensure the highest possible level of protection for your personal data.

However, we would like to point out that data transmission via the World Wide Web can generally have security gaps.

If you would like to use the services of our company and do not want to use the method of data transmission via the World Wide Web, you also have the option of contacting us by telephone.

1. contact details of the data controller

The controller within the meaning of the General Data Protection Regulation, is:

Company:
OpenCelium GmbH
Street: Hauptstraße 8b
Postcode/Place: 82008 Unterhaching
Tel.: 089 608668‑0
E-Mail: info@opencelium.de

The appointed data protection officer is

Mr. Stephan Hartinger
Coseco GmbH
Phone: 08232 80988-70
E-Mail: datenschutz@coseco.de

2. collection of general access information

Each time our website is accessed, server log file information that your browser transmits to us is automatically collected. These are:

1. IP address (Internet Protocol address) of the accessing computer.
2. the website from which you visit us (referrer)
3. the website that you visit on our site
4. the date and duration of the visit
5. browser type and browser settings
6. operating system

We would like to point out that this data cannot be assigned to a specific person. We use this technical access information exclusively for the following purposes:

1. to improve the attractiveness and usability of our website,
2. to detect technical problems on our website at an early stage.
3. to deliver the contents of our website correctly,
4. and to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

This data is stored as a technical precaution for a maximum of 7 days to protect the data processing systems against unauthorized access.

3. Collection and disclosure of personal data

Personal data is information with the help of which a person can be determined, i.e. information that can be traced back to a person. This includes the name, email address or telephone number. . But also data about preferences, hobbies, memberships or which websites were viewed by someone count as personal data. Personal data is only collected, used and passed on by the provider if this is legally permitted or the users consent to the data collection. We use your personal data only for the purposes stated on this information page on data protection.

The following input masks for the collection of personal data exist on our website:

3.1 Registration on our website

You can use the following registration options on our website:

* Blog comment function
* Transmission of application documents
* Recruiting
* Contact form

3.1.1 Blog comment function

We offer you a blog on our website and the opportunity to leave individual comments on individual blog posts. A blog is a portal on a website, usually open to the public, in which one or more people, called bloggers, can post articles or write down thoughts in so-called blogposts. The blogposts can usually be commented by you.

If you leave a comment in our blog, in addition to the comments left by the data subject, information on the time of comment entry and the user name (pseudonym) chosen by the data subject will be stored and published. Furthermore, your IP address will also be logged. This storage of the IP address takes place for security reasons and in the event that the rights of third parties are violated by a submitted comment or illegal content is posted. The storage of this personal data is therefore in our own interest, so that we can provide evidence in the event of a violation of the law, if necessary. There is no disclosure of this collected personal data to third parties, unless such disclosure is required by law or serves the legal defense.

Subscription to comments in the blog on the website

The comments made in our blog can generally be subscribed to by third parties.

If you choose the option to subscribe to comments, we will send an automatic confirmation email to verify that the owner of the specified email address has really opted for this option (double opt in). The option to subscribe to comments can be terminated at any time.

To subscribe to the blog, we need the following information from you:

1. e-mail address

3.1.2 Transmission of application documents

In the course of your application (online application or by mail), we collect and process various personal application data.

This includes in particular your

* Contact information (name, address, telephone number and e-mail)
* Application documents (letter of application, curriculum vitae, certificates or other proof of education and qualifications).

3.1.3 Recruiting

On our website, we offer you the opportunity to use our online application form, which you can use to apply for a job with us.

In order to respond to your application, we require the following information from you:

1. first and last name
2. e-mail address
3. curriculum vitae
4. cover letter
5. certificates

The data mentioned here will be used exclusively for the application process.

If we have received your e-mail address in connection with job offers or via the application form and you have not objected to this, we reserve the right to contact you about similar job offers.

In the context of an online application via the application form, the transmission takes place exclusively via an encrypted page in accordance with the currently recognized state of the art, so that your personal data and your application documents are protected against manipulation and unauthorized access.

After sending, you will receive an e-mail confirming receipt of the application documents.

Your personal application data is collected and processed exclusively for the purpose of filling vacancies within our company. Your data will only be forwarded to the internal departments and specialist departments of our company responsible for the specific application procedure. Your personal application data will not be passed on to other companies without your prior express consent. Your application data will not be used or passed on to third parties in any other way.

Your personal application data will be deleted automatically three months after completion of the application process. This does not apply if legal regulations prevent deletion, if further storage is

necessary for the purpose of providing evidence, or if you agree to longer storage or you have expressly consented to longer storage, e.g. for future job advertisements.

If an employment contract is concluded with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.

3.1.4 Contact via e-mail or contact form

On our website, we offer you the option of contacting us by e-mail and/or via a contact form.

If you contact us by e-mail or via a contact form, the personal data you provide will be stored automatically.

Such personal data transmitted to us by you on a voluntary basis will be stored for the purpose of processing your inquiry or contacting the data subject. This personal data will not be passed on to third parties.

4. What are cookies used for?

COOKIE POLICY

What are cookies?

Cookies are small text files created by a website during your visit. They store information that may be useful for further navigation on the website. This way, your information remains even if you move to another page and your use of the website can be analyzed.

By using our website, you consent to the use and storage of cookies on your terminal device. However, you can also view our website without cookies.

We recommend that you leave cookies turned on, otherwise you may miss a lot of information. Most browsers accept cookies automatically.

Manage cookies

You have the option to control the acceptance of cookies yourself and, if necessary, to prevent them by configuring your browser.

We would like to point out that changes to settings always only affect the browser in question. If you use different browsers or change the end device, the settings must be made again. In addition, you can delete cookies from your storage medium at any time. For information on cookie settings, how to change them and how to delete cookies, please refer to the help function of your web browser.

Below you will find links to the setting options of the most common browsers:

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Chrome: https://support.google.com/chrome/answer/95647?hl=de
Safari: http://support.apple.com/kb/PH5042
Opera: http://help.opera.com/Linux/9.00/de/cookies.html

You can manage many online ad cookies from companies via the US site

http://www.aboutads.info/choices/ or the EU side http://www.youronlinechoices.com/uk/yourad-choices/ verwalten.

The most common types of cookies are explained below for your understanding:

1. Session cookies

While you are active on a website, a session cookie is temporarily stored in the memory of your computer, in which a session identifier is stored, for example, to prevent you from having to log in again each time you change pages. Session cookies are deleted when you log out or lose their validity once their session has automatically expired.

2. Permanent or protocol cookies

A persistent or protocol cookie stores a file on your computer for the period of time specified in the expiration date. These cookies allow websites to remember your information and preferences the next time you visit. This results in faster and more convenient access, as you do not have to set your language preferences for our portal again, for example. When the expiration date passes, the cookie is automatically deleted when you visit the website that generated it.

3. Third-party cookies

Third-party cookies come from providers other than the website operator. For example, they may be used to collect information for advertising, custom content, and web statistics.

4. Flash cookies

Flash cookies are stored on your computer as data elements of websites when they are powered by Adobe Flash. Flash cookies have no time limit.

The following cookies are used on this website:

5. Deployment and use of tracking, analysis tools and social plugins

5.1 Google Tag Manager

We use Google Tag Manager, which is provided by Google Inc. In the European area, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Tag Manager is a tool for organizing, integrating and managing website tags through a user interface. Diese Tags stammen aus anderen Google-Produkten wie Google Ads oder Google Analytics und sind kleine JavaScript-Codefragmente. These are used to record (track) your activities on our website.

To make our website the best it can be for you, we use various tracking and marketing tools. The data collected by these tools shows us which content interests you the most, where we can improve our services and which target group we should still address. To enable this tracking, appropriate sections of code must be integrated into our website.

The Google Tag Manager itself does not set any cookies and does not store any data. It serves only as a “manager” for the implemented tags. The data collected by the individual tags of the various web analytics tools are forwarded exclusively to the corresponding tools and are not stored there. Information on the storage, processing, prevention of storage and deletion of data of the individual analysis and tracking tools used by us can also be found in our privacy policy.

In order to use Google Tag Manager, we need your consent, which we obtain via our cookie popup. According to Art. 6 para. 1 lit. a DSGVO, this consent forms the legal basis for the processing of personal data that may occur when collected by web analytics tools. In addition to consent, we have a legitimate interest in analyzing the behavior of visitors to our website in order to improve our offer technically and economically. The legal basis for this is Art. 6 para. 1 lit. f DSGVO. For more information about Google Tag Manager, we recommend you visit the FAQs at https://support.google.com/tagmanager/?hl=de#topic=3441530.

5.2 Google Analytics

This offer uses Google Analytics, a web analytics service provided by Google Inc. (“Google“). Google Analytics uses “cookies”, which are text files placed on users’ computers, to help the website analyze how users use the site. The information generated by the cookie about the use of this website by users is usually transmitted to a Google server in the USA and stored there.

In the event that IP anonymization is activated on this website, however, Google will truncate the user’s IP address beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. . IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information for the purpose of evaluating the use of the website by users, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. Users may refuse the use of cookies by selecting the appropriate settings on their browser, however please note that if you do this you may not be able to use the full functionality of this website. Users can also prevent the collection of data generated by the cookie and related to their use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

For more information on Google’s use of data for advertising purposes, settings and opt-out options, please visit Google’s websites: https://www.google.com/intl/de/policies/privacy/partners/ (“Data use by Google when you use our partners’ websites or apps”), http://www.google.com/policies/technologies/ads (“Data use for advertising purposes”), http://www.google.de/settings/ads (“Manage information Google uses to show you ads”) and http://www.google.com/ads/preferences/ (“Determine what ads Google shows you”).

As an alternative to the browser add-on or within browsers on mobile devices, please click this link to prevent the collection by Google Analytics within this website in the future. This will place an opt-out cookie on your device. If you delete your cookies, you must click this link again.

The following tracking and analysis tools are used:

* Google Analytics Dashboard for WP (GADWP)

* Slimstat Analytics

* Slimstat Analytics – Custom DB

* Slimstat Analytics – Heatmap

* Download Monitor

* Email before Download

* Email Subscribers & Newsletters

1. Purpose of data processing: The provider (or its web space provider) collects data about each access to the offer (so-called server log files). The provider uses the log data only for statistical analysis for the purpose of operation, security and optimization of the offer. However, the provider reserves the right to subsequently review the log data if there is a justified suspicion of unlawful use based on concrete indications.
2. Type of data: Access data includes: Name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
3. The legal basis for data processing is Art. 6 DSGVO
4. The user has the right to receive, upon request and free of charge, information about the personal data stored about him. . In addition, the user has the right to correct incorrect data, blocking and deletion of his personal data, provided that this does not conflict with any legal obligation to retain data. Please contact the above addresses in this regard.

5.3 Google Ads and Google Ads Conversion-Tracking

We use Google Ads (formerly Google AdWords) as an online marketing measure to promote our products and services. Therefore, our website uses the conversion tracking tool of Google Inc. used. In Europe, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. This tracking tool allows us to better tailor our advertising offers to your interests and needs.

A conversion occurs when you click on our ad in your Google search and then take another action, such as visiting our website. With the help of the Google conversion tracking tool, we record what happens after a click on our Google Ads ad.

Through the conversion tracking tool, we can see which keywords, ads, ad groups, and campaigns lead to the desired customer actions. No personal data is collected in the process. This conversion data enables us to measure the success of individual advertising measures and consequently to optimize our online marketing activities. The data obtained also enables us to tailor our website to your needs in a more interesting and individual way.

On our website we have included a conversion code section. When you click on one of our Google Ads ads, the “Conversion” cookie from a Google domain is stored in your browser. This recognizes when you complete an action on our website and saves your action as a conversion. The cookie is read and the conversion data is sent back to Google Ads. For ads that Google shows in various places on the web, cookies named “_gads” or “_gac” may be set under our domain.

In most cases, conversion cookies expire after 30 days. The cookies named “Conversion” and “_gac” have a duration of 3 months.

You can choose not to participate in Google Ads conversion tracking at any time. If you disable the Google conversion tracking cookie in your browser, you prevent conversion tracking. In this case, you will not be included in the statistics of the tracking tool. You can change the cookie settings in your browser at any time. The exact procedure varies depending on the browser. Under the section “Cookies” you will find corresponding links to instructions for the most common browsers.

Legal basis

If you have consented to the use of Google Ads conversion tracking, the corresponding data processing is based on this consent. This consent constitutes pursuant to Art. 6 para. 1 lit. A DSGVO (consent) is the legal basis for the processing of personal data.

In addition, we have a legitimate interest in using Google Ads Conversion Tracking to optimize our online service and marketing efforts. The corresponding legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). We only use Google Ads Conversion Tracking if you have given your consent.

The Google Ads Data Processing Terms, which reference the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

If you would like to learn more about Google’s privacy policy, we recommend that you read Google’s general privacy policy: https://policies.google.com/privacy?hl=de.

5.4 Font Awesome

Our website uses Font Awesome, a service provided by the US company Fonticons (307 S. Main St., Suite 202, Bentonville, AR 72712, USA). When you visit our website, the Font Awesome web font (especially icons) are loaded via the Font Awesome content delivery network (CDN). This ensures a consistent display of icons across all devices to make the content on our website clearer, more attractive and better structured. The icons are inserted in the form of HTML code and not as an image, so they can be easily modified and do not slow down the loading speed of our website.

In order to load the web font, your browser must connect to the servers of Fonticons, Inc. Your IP address is recorded in the process. Font Awesome collects technical data and also which icon files are downloaded and when. This data is collected to improve CDNs and to detect and fix errors. Font Awesome does not set cookies.

Data in identifiable form is usually stored on CDN servers for only a few weeks. Aggregated statistics on CDN usage can also be stored for longer periods of time. Font Awesome does not store any personally identifiable information through the Content Delivery Networks.

Legal basis

Where you have consented to Font Awesome being used, the relevant data processing is based on that consent. This consent constitutes pursuant to Art. 6 para. 1 lit. a DSGVO (consent) is the legal basis for the processing of personal data.

In addition, we have a legitimate interest in using Font Awesome to improve our online service. The relevant legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). However, Font Awesome is only used if you have given your consent.

For more information about Font Awesome and their privacy practices, please see their privacy policy at https://fontawesome.com/privacy and their help page at https://fontawesome.com/support.

5.5 Privacy policy for the use of HubSpot

Our website uses HubSpot, a software of HubSpot Inc, USA. This software is used in the so-called area of inbound marketing and helps us to better coordinate and optimize our marketing strategy by means of statistical analyses and evaluation of logged user behavior, among other things. Cookies (see below) are used. You can prevent the storage of cookies at any time by selecting the appropriate settings on your browser software or delete the cookies already stored. Please note that if cookies are blocked, you may not be able to make full use of the services provided on our website. For more information, please refer to the Terms of Use and Privacy Policy of HubSpot Inc. accordingly at http://www.hubspot.com/terms-of-service and at http://www.hubspot.com/privacy-policy. If you do not want the information about your visit to be used for the purposes described, please feel free to let us know at any time by email or regular mail. All information we collect is subject to this Privacy Policy. HubSpot is subject to TRUSTe ‘s Privacy Seal and the U.S. – EU Safe Harbor Framework and the U.S. – Swiss Safe Harbor Framework. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.

5.6 Matomo

Our website uses Matomo. Matomo is an open source website analytics software provided by InnoCraft Ltd (7 Waterloo Quay PO625, 6140 Wellington).
So-called “cookies” are used for this purpose. These are stored on users’ computers, the information generated about use of this website is transmitted to a server and thus enables analysis.

If you would like to learn more about the data processed through the use of Matomo, you can view the privacy policy at https://matomo.org/privacy-policy/. If you have any questions about privacy, you can email your inquiries to privacy@matomo.org.

5.7 YouTube

YouTube is a video platform of Google Inc. (“Google“). When you visit one of our pages that has a YouTube video embedded, YouTube sets cookies that store information such as your IP address and our URL. For more information on data protection, please refer to the provider’s privacy policy at: https://policies.google.com/privacy.

If you are logged into your YouTube account, YouTube can associate your interactions on our website with your profile using cookies. This includes information such as session duration, bounce rate, approximate location, and technical data such as browser type, screen resolution, or Internet service provider. If you are not logged into a Google Account or YouTube account, less interaction data is stored because fewer cookies are set. Googles then stores data associated with your device, browser, or app. This preserves your preferred language settings, for example.

Further information on the use of data by Google, as well as setting and objection options, can be found on the following Google web pages:

• https://www.google.com/intl/de/policies/privacy/partners/ (“Data use by Google when you use our partners’ websites or apps”).
• http://www.google.com/policies/technologies/ads (“Data use for advertising purposes”)
• http://www.google.de/settings/ads (“manage information that Google uses to serve ads to you”).
• http://www.google.com/ads/preferences/ (“Determine what ads Google shows you”).

5.8 Real Cookie Banner

We use the “Real Cookie Banner” consent tool to manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents. Details on how “Real Cookie Banner” works can be found at https://devowl.io/knowledge-base/real-cookie-banner-data-processing/.

The legal basis for the processing of personal data in this context is Art. 6 para. 1 lit. c GDPR and Art. 6 para. 1 lit. f DS-GVO. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.

The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.

5.9 Kununu

We use the employer rating platform kununu and integrate our so-called score on our website. The service provider of kununu is the German company New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.

The use of our kununu pages is your own responsibility. kununu processes the data of users within the scope of the company profile page set up by us mainly for the provision of analysis and advertising services. You can find out more about kununu’s data use and data processing here: https://privacy.xing.com/de/datenschutzerklaerung

5.10 Gravatar

We have installed the Gravatar plug-in from Automattic Inc. on our website. (60 29th Street 343, San Francisco, CA 94110, USA) so that you can put a face to our authors on the blog page. The function enables user images (avatars) to be displayed with published posts or comments, provided the corresponding e-mail address is registered with www.gravatar.com. This function sends data to Automattic Inc. and is stored and processed there.

If you do not enter an e-mail address or write a comment, no data will be transferred to Automattic Inc.
You can find more information here: https://automattic.com/privacy/?tid=331707905702

5.11 Google Maps

We use the map service Google Maps on our website, which is provided by Google Inc. In the European area, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With Google Maps we can show you locations such as our office locations and how to get there. By using Google Maps, data is transferred to Google Inc. and stored on their servers, which are usually located in the USA. Google is a participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information here: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

When you use Google Maps, your search term, IP address and coordinates are recorded and a cookie is set.

Depending on your individual settings, web/app activities are stored for either 3 or 18 months and then automatically deleted. You can also manually manage and delete the “NID” cookie set by Google Maps in your browser. Otherwise the cookie will expire automatically after 6 months.

To use Google Maps, we need your consent, which we obtain via our cookie pop-up. According to Art. 6 para. 1 lit. a DSGVO, this consent forms the legal basis for the processing of personal data that may occur when collected by web analytics tools. In addition to consent, we have a legitimate interest in optimizing our online service and website for you. The legal basis for this is Art. 6 para. 1 lit. f DSGVO.

If you would like to learn more about Google’s privacy policy, we recommend that you read Google’s general privacy policy: https://policies.google.com/privacy?hl=de.

5.12 WPML Plugin
We use the translation plugin “WPML” from OnTheGoSystems Limited (88 Colin P Kelly Jr St, Wanchai, Hong Kong) to make our website available to you in German and English. The WPML plugin is fully compliant with the GDPR and DSGVO. No personal data of users is collected or processed. You can find more information here: https://wpml.org/de/documentation-3/datenschutzrichtlinie-und-gdpr-konformitaet/

5.12 Spotify
We use “Spotify” on our website. Spotify is a streaming service for music and podcasts from the Swedish company Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden. We use Spotify to make our podcast episodes or playlists created by us available to you.

Spotify collects the following data

If you are logged into the app or your browser, Spotify collects a lot of data about the behavior of users in the network. These include, among others:

• Songs played
• Created playlists
• Interaction with other users
• End device used
• Touch screen data
• Data from cookies
• Browser type
• Operating system
• IP address
• Language

Spotify itself divides the data collected into two categories:

• Essential data that users must provide in order to use the service. Consent to the storage and use of this data is given by agreeing to Spotify’s privacy policy.
• The data that Spotify also collects and uses to offer improved experiences and other features.

Spotify grants itself the right to forward user data in anonymized form to unspecified third-party companies such as advertising partners, rights holders from the music industry and payment service providers.

If you have agreed to the Spotify cookie when you visit our website, data such as your IP address will automatically be passed on to the music company when you use the Spotify integration. If you are logged in to Spotify and click on the play button of a podcast or song integrated on the website, Spotify links the website visit to your Spotify profile.

You can read more about Spotify’s data collection and use here: https://www.spotify.com/de/legal/privacy-policy/

6. Deletion, blocking and duration of storage of personal data

We process and store your personal data only for the period of time required to achieve the respective purpose of storage or as provided for by the various retention periods stipulated by law.

After the end of a storage purpose or after the expiration of the retention period provided by law, the personal data will be routinely blocked or deleted for further processing in accordance with the statutory provisions.

7. Data protection rights of the data subject

If you have questions about your personal data, you can contact us in writing at any time. You have the following rights according to DS-GVO:

7.1 The right to information (sub-item Art. 15 DS-GVO)

You have the right to obtain information at any time about which categories and information about your personal data are processed by us for which purpose and how long and according to which criteria these data are stored and whether automated decision-making including profiling is used in this context. In addition, you have the right to know which recipients or categories of recipients your data have been or will be disclosed to; in particular in the case of recipients in third countries or international organizations. In this case, you also have the right to be informed about appropriate safeguards in connection with the transfer of your personal data.

In addition to the right to complain to the supervisory authority and the right to information about the origin of your data, you have the right to erasure, rectification, as well as the right to restriction for or the right to object to processing of your personal data.

In all the above cases, you have the right to request from the data processor a free copy of your personal data processed by us. For any additional copies that you request or that go beyond the data subject’s right to information, we are entitled to charge a reasonable administrative fee.

7.2 The right to rectification (Art. 16 DS-GVO).

You have the right to request the immediate rectification of your inaccurate personal data and, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration.

If you wish to exercise the right to rectification, you may contact our data protection officer or the controller at any time.

7.3 The right to erasure (Art. 17 DS-GVO)

You have the right to request the immediate deletion of your data (“right to be forgotten”) in particular if the storage of the data is no longer necessary, you revoke your consent to data processing, your data has been processed unlawfully or has been collected unlawfully and there is a legal obligation to delete it under EU or national law.

However, the right to be forgotten does not apply if there is an overriding right to freedom of expression or freedom of information, the storage of data is necessary for the fulfillment of a legal obligation (e.g., retention obligations), archiving purposes conflict with the deletion or the storage serves to assert, exercise or defend legal claims.

7.4 The right to restriction (Art. 18 DS-GVO)

You have the right to request restriction of the processing of your data by the controller if the accuracy of the data is disputed by you, the processing is unlawful, you refuse the erasure of your personal data and instead request restriction of the processing, if the necessity for the purpose of processing ceases to apply or you have objected to the processing pursuant to Article 21(1), as long as it has not yet been determined whether legitimate grounds on our part override yours.

7.5 The right to data portability (Article 20 DS-GVO).

You have the right to the portability of your personal data, which you have provided to our company in a common format, so that you can have your personal data forwarded to another responsible party without hindrance, provided, for example, that consent has been given on your part and the processing is carried out by means of an automated procedure.

7.6 The right to object (Art. 21 DS-GVO).

You have the right to object at any time to the collection, processing or use of your personal data for purposes of direct marketing or market and opinion research, as well as general business-like data processing, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms.

In addition, you cannot exercise your right to object if a legal provision provides for the collection, processing or use of the data or obliges the collection, processing or use.

7.7 Right of appeal to the data protection supervisory authority (Art. 77 DS-GVO in conjunction with § 19 BDSG).

You are granted the right to complain to the competent supervisory authority if you believe that there has been a breach in the processing of your personal data.

7.8 Right to revoke consent granted under data protection law (Art. 7 (3) DS-GVO)

You may revoke a granted consent for the processing of your personal data at any time and without giving reasons. This also applies to the revocation of declarations of consent that was given to us before the EU General Data Protection Regulation came into force.

8. Legal basis of processing

When processing personal data for which we obtain the consent of the data subject, Article 6 (1), sentence 1 a) of the General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1, sentence 1 b) (DSGVO) serves as the legal basis. This provision also covers processing operations that are necessary for the performance of pre-contractual measures.

If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 para. 1, sentence 1 c) (DSGVO) serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) sentence 1 f) (DSGVO) serves as the legal basis for the processing. The legitimate interest of our company lies in the performance of our business activities as well as in the analysis, optimization and maintenance of the security of our online offer.

9. Transfer of data to third parties

We generally do not sell or lend user data. A transfer to third parties beyond the scope described in this privacy policy only takes place if this is necessary for the processing of the respective requested service.

We only transfer data if there is a legal obligation to do so. This is the case if government institutions (e.g. law enforcement agencies) request information in writing or if a court order exists.

A transfer of personal data to so-called third countries outside the EU / EEA area does not take place.

10. Legal or contractual requirements for the provision of personal data and possible consequences of failure to provide such data

We hereby point out that the provision of personal data in certain cases (e.g. tax regulations) is required by law or may result from contractual regulations (e.g. information on/of the contractual partner). For example, it may be necessary for the conclusion of a contract that the data subject/contractual partner must provide his/her personal data so that his/her request (e.g. order) can be processed by us at all. An obligation to provide personal data arises primarily when a contract is concluded. Should no

personal data be provided in this case, the contract with the data subject cannot be concluded. Before providing personal data by the data subject, the data subject may contact our data protection officer or the controller. The data protection officer or the controller will then inform the data subject whether the provision of the required personal data is required by law or contract or necessary for the conclusion of the contract and whether an obligation arises from the concerns of the data subject to provide the personal data or what the consequences are for the data subject of not providing the requested data.

11. Existence of automated decision-making

As a responsible company, we do not use automated decision-making or profiling in our business relationships.