Privacy Policy

This privacy policy explains the type, scope and purpose of the processing of personal data (hereinafter "data") in the context of the provision of our services and within our online offering and the websites, functions and content associated with it, as well as external online presences such as our social media profiles (hereinafter collectively referred to as "online offering"). With regard to the terminology used, e.g. "processing" or "controller", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Visitors and users of the online offering (hereinafter we also refer to the data subjects collectively as "users").

"Personal data" means any information relating to an identified or identifiable natural person; a natural person is regarded as identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to that person.

"Processing" means any operation or set of operations performed on personal data.

"Controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

In accordance with Art. 13 GDPR we inform you of the legal basis of our data processing. For users within the scope of the GDPR: the legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR; for processing for the performance of our services and response to enquiries Art. 6(1)(b) GDPR; for compliance with legal obligations Art. 6(1)(c) GDPR; for vital interests Art. 6(1)(d) GDPR; for tasks in the public interest Art. 6(1)(e) GDPR; for the purposes of our legitimate interests Art. 6(1)(f) GDPR.

We take appropriate technical and organizational measures in accordance with legal requirements and taking into account the state of the art to ensure a level of protection appropriate to the risk. This includes safeguarding the confidentiality, integrity and availability of data as well as procedures for the exercise of data subject rights and response to data breaches.

If we process data in a third country or this is done in the context of using third-party services, this only takes place on the basis of (pre-)contractual obligations, your consent, a legal obligation or our legitimate interests. Subject to express consent, we process data only in third countries with a recognised level of data protection or on the basis of appropriate safeguards (e.g. EU standard contractual clauses).

You have the right to obtain confirmation as to whether your data is being processed, and to access, rectification, erasure or restriction of processing, and to data portability. You also have the right to lodge a complaint with a supervisory authority (e.g. the Hamburg Commissioner for Data Protection and Freedom of Information).

You have the right to withdraw consent with effect for the future.

You may object at any time to the future processing of your data in accordance with the statutory provisions. The objection may in particular be made against processing for direct marketing purposes.

Cookies are small files stored on users' devices. We may use temporary and permanent cookies and explain this in this privacy policy. If we ask users for consent, the legal basis is Art. 6(1)(a) GDPR. Users can disable or delete cookies in their browser settings. Excluding cookies may limit functionality. Objections to advertising cookies can be made e.g. via https://www.youronlinechoices.com/.

Data we process is deleted or its processing restricted in accordance with legal requirements. Unless expressly stated, stored data is deleted when it is no longer required for its purpose and no statutory retention obligations apply.

We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the privacy policy as soon as changes to our data processing practices make this necessary.

The hosting services we use serve to provide infrastructure, platform services, computing capacity, storage, databases, email delivery, security and technical maintenance. We or our hosting provider process inventory, contact, content, contract, usage and meta data on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR.

We use Google Analytics (Google Ireland Limited, Dublin). Google uses cookies. The information generated by cookies is usually transmitted to a Google server in the USA. We use Google Analytics with IP anonymization enabled; the IP address is shortened within the EU/EEA. The legal basis is Art. 6(1)(a) GDPR where consent is given, otherwise Art. 6(1)(f) GDPR. Personal data of users is generally deleted or anonymized by Google after 14 months. Users can prevent collection by installing the browser plugin at https://tools.google.com/dlpage/gaoptout. Further information: https://policies.google.com/privacy.

We use Google AdWords to place ads in the Google advertising network. (Re)marketing tags are used for this purpose. The legal basis is Art. 6(1)(a) GDPR where consent is given, otherwise Art. 6(1)(f) GDPR. Further information: https://policies.google.com/technologies/ads.

We maintain online presences on social networks in order to communicate with users. Data may be processed outside the EU. Processing is based on our legitimate interests pursuant to Art. 6(1)(f) GDPR. We refer to the respective privacy policies of the providers (e.g. Instagram, LinkedIn) for details and opt-out options.

We integrate the "Google Fonts" fonts from Google Ireland Limited. Integration is based on our legitimate interest in a uniform presentation. Privacy policy: https://www.google.com/policies/privacy/.