Privacy Policy

Rights of the data subject

If your personal data is processed by us, you are a data subject within the meaning of the General Data Protection Regulation (GDPR), and you have the following rights vis-à-vis the data controller:

Right to information

Arrow Down Icon
You have the right to request confirmation from the data controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request the following information from the data controller:
  1. Purposes for which the personal data is being processed.
  2. Categories of personal data being processed.
  3. Recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed.
  4. Planned duration of storage of the personal data concerning you or, if specific information is not possible, criteria for determining the storage period.
  5. Existence of the right to rectify or erase the personal data concerning you, the right to restrict the processing by the data controller, or the right to object to such processing.
  6. Existence of the right to lodge a complaint with a supervisory authority.
  7. Available information about the source of the data if the personal data was not collected from the data subject.
  8. Existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) of the GDPR, and - at least in these cases - meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is being transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.

Right to rectification

Arrow Down Icon
You have the right to request the rectification and/or completion of personal data concerning you that is inaccurate or incomplete from the data controller. The data controller is obliged to carry out the rectification without undue delay.

Right to restriction of processing

Arrow Down Icon
Under the following conditions, you can request the restriction of processing of personal data concerning you:
  1. If you contest the accuracy of the personal data concerning you, for a period that enables the data controller to verify the accuracy of the personal data.
  2. If the processing is unlawful, and you oppose the erasure of the personal data and instead request the restriction of its use.
  3. If the data controller no longer needs the personal data for the purposes of processing, but you require it for the establishment, exercise, or defense of legal claims.
  4. If you have objected to the processing pursuant to Article 21 (1) of the GDPR, pending the verification of whether the legitimate grounds of the data controller override your grounds.
If the processing of personal data concerning you has been restricted, except for storage, such data may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State. If the restriction of processing has been implemented according to the aforementioned conditions, you will be informed by the data controller before the restriction is lifted.

Right to erasure

Arrow Down Icon
A) Obligation to erase
You have the right to request the data controller to erase personal data concerning you without undue delay, and the data controller is obliged to erase such data without undue delay if one of the following grounds applies:
  1. The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. You withdraw your consent on which the processing pursuant to Article 6 (1) (a) or Article 9 (2) (a) of the GDPR was based, and there is no other legal ground for the processing.
  3. You object to the processing pursuant to Article 21 (1) of the GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) of the GDPR.
  4. The personal data concerning you has been unlawfully processed.
  5. The erasure of the personal data concerning you is required to fulfill a legal obligation under Union or Member State law to which the data controller is subject.
  6. The personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8 (1) of the GDPR.
B) Information to third parties
If the data controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, the data controller, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform data processors who are processing the personal data that you, as the data subject, have requested the erasure of any links to, or copies or replications of, such personal data.
C) Exceptions
The right to erasure does not apply if processing is necessary for the following purposes:
  1. Exercising the right of freedom of expression and information.
  2. Compliance with a legal obligation that requires processing under Union or Member State law to which the data controller is subject, or the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
  3. Reasons of public interest in the area of public health in accordance with Article 9 (2) (h) and (i) and Article 9 (3) of the GDPR.
  4. For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89 (1) of the GDPR, where the right referred to in section A) is likely to render impossible or seriously impair the achievement of the objectives of that processing.
  5. The establishment, exercise, or defense of legal claims.

Right to Information

Arrow Down Icon
If you have exercised your right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to communicate any rectification or erasure of data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients by the controller.

Right to Data Portability

Arrow Down Icon
You have the right to request the erasure of personal data concerning you from the controller, and the controller is obliged to erase such data immediately if one of the following reasons applies:
  1. The processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9 (2) (a) of the GDPR, or on a contract pursuant to Article 6 (1) (b) of the GDPR.
  2. The processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others.
The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to Object

Arrow Down Icon
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you based on Article 6 (1) (e) or (f) of the GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless they demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
If personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
You have the possibility to exercise your right to object in relation to the use of information society services, notwithstanding Directive 2002/58/EC, by automated means using technical specifications.

Right to Withdraw Consent for Data Processing

Arrow Down Icon
You have the right to revoke your consent for data processing at any time. The revocation of consent does not affect the lawfulness of the processing based on the consent prior to its withdrawal.

Automated Decision-Making, Including Profiling

Arrow Down Icon
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. However, this does not apply under the following conditions:
  1. When the decision is necessary for entering into or performance of a contract between you and the data controller.
  2. When the decision is authorized by Union or Member State law to which the data controller is subject, and that law provides for suitable measures to safeguard your rights, freedoms, and legitimate interests.
  3. When the decision is based on your explicit consent.
However, these decisions cannot be based on special categories of personal data as defined in Article 9 (1) of the GDPR, unless Article 9 (2) (a) or (g) of the GDPR applies, and appropriate measures to safeguard your rights, freedoms, and legitimate interests have been taken.
Regarding the cases mentioned above (points 1 and 3), the data controller shall implement suitable measures to safeguard your rights, freedoms, and legitimate interests, including at least the right to obtain human intervention on the part of the data controller, to express your point of view, and to contest the decision.

Right to Lodge a Complaint with a Supervisory Authority

Arrow Down Icon
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.

General Information on Data Processing

Extent of Personal Data Processing

Arrow Down Icon
We generally process personal data of our users only to the extent necessary for providing a functioning website as well as our content and services. The processing of personal data of our users usually takes place only with the user's consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of data is permitted by legal regulations.

Legal Basis for the Processing of Personal Data

Arrow Down Icon
If we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Article 6 (1) (b) of the GDPR serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.
If the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) of the GDPR serves as the legal basis.
If the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Article 6 (1) (d) of the GDPR serves as the legal basis.
If the processing of personal data is necessary for the purposes of the legitimate interests pursued by our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Article 6 (1) (f) of the GDPR serves as the legal basis for the processing.

Data Deletion and Storage Duration

Arrow Down Icon
Personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to exist. Storage may also take place if provided for by the European or national legislator in Union regulations, laws, or other provisions to which the data controller is subject. Data will be blocked or deleted when a storage period prescribed by the aforementioned regulations expires, unless there is a necessity for further storage of the data for the conclusion or performance of a contract.

Provision of the Website and Creation of Log Files

Platform Services and Hosting

Arrow Down Icon
This website has been created on the platform service provided by Webflow, Inc., located at 398 11th Street, 2nd Floor, San Francisco, CA 94103. Services like this offer web designers the ability to efficiently create, maintain, publish, and operate websites, assuming a solid understanding of website development. Such platforms provide web designers with components and tools (e.g., user and database management) that involve the processing of personal data. For the purpose of achieving the fastest possible loading times and maximum stability, this website is stored on multiple geographically distributed servers of Amazon Web Services, Inc., located at P.O. Box 81226, Seattle, WA 98108 (AWS), and delivered in collaboration with Fastly, Inc., located at PO Box 78266, San Francisco, CA 94107. Therefore, a precise location where personal data is stored cannot be determined.
You can find detailed information about the privacy policies of the aforementioned services at the following addresses:
  1. URL of the accessed page
  2. Browser type and version
  3. User's operating system
  4. User's internet service provider
  5. User's IP address
  6. Date and time of access
  7. Websites from which the user's system accessed our website
  8. Websites that are accessed by the user's system through our website
These data are also stored in the log files of the platform service. The storage of this data together with other personal data of the user does not occur.

Description and Scope of Data Processing

Arrow Down Icon
When accessing this website, the described platform service automatically collects the following data and information from the computer system of the requesting device:
  1. Webflow
  2. Amazon Cloudfront
  3. Fastly

Right to Restriction of Processing

Arrow Down Icon
Under the following conditions, you have the right to request the restriction of processing of your personal data:
  1. If you contest the accuracy of your personal data, and it is necessary for the controller to verify the accuracy of the data.
  2. If the processing is unlawful, and you oppose the erasure of the personal data and instead request the restriction of its use.
  3. If the controller no longer needs the personal data for processing purposes, but you require it for the establishment, exercise, or defense of legal claims.
  4. If you have objected to processing pursuant to Article 21(1) of the GDPR, and it is not yet determined whether the legitimate grounds of the controller override your grounds.
Once the processing of your personal data has been restricted, except for storage, it can only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a member state. If the restriction of processing has been requested under the above-mentioned conditions, you will be informed by the controller before the restriction is lifted.

Legal Basis for Data Processing

Arrow Down Icon
The legal basis for the temporary storage of data and log files is Article 6 (1) (f) of the GDPR.

Purpose of Data Processing

Arrow Down Icon
The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. Additionally, the data is used to optimize the website and ensure the security of our information technology systems. No evaluation of the data for marketing purposes takes place in this context.
These purposes constitute our legitimate interest in data processing pursuant to Article 6 (1) (f) of the GDPR.

Storage Duration

Arrow Down Icon
The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of data collected to provide the website, this occurs when the respective session is terminated. We do not disclose this data, but we cannot exclude the possibility of it being inspected in the event of unlawful behavior.
In the case of data stored in log files, this occurs after 14 days. Further storage is possible. In this case, the IP addresses of users are deleted or anonymized, so that attribution to the accessing client is no longer possible.

Right to Object and Erasure

Arrow Down Icon
The collection of data for the provision of the website and the storage of data in log files are mandatory for the operation of the website. Therefore, users do not have the option to object.

Use of Cookies

Description and Scope of Data Processing

Arrow Down Icon
Our website uses cookies. Cookies are small text files that are stored in or by the browser on the user's computer system. When a user accesses a website, cookies can be stored on the user's operating system. These cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again.
We use cookies to make our website more user-friendly. Some elements of our website require the requesting browser to be identified even after a page change. The data collected in this way is pseudonymized through technical measures. Therefore, it is no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the users.
When accessing our website, users are informed about the use of cookies for analytical purposes through an information banner and referred to this privacy policy. If you wish to prevent the storage of cookies or delete already set cookies, you can do so in the settings of your browser.
Cookies are not programs and therefore do not contain viruses, trojans, or other malware. Cookies cannot access information on your computer.

Legal Basis for Data Processing

Arrow Down Icon
The legal basis for processing personal data using cookies is Art. 6 (1) (f) of the EU General Data Protection Regulation (GDPR).

Purpose of Data Processing

Arrow Down Icon
The purpose of using technically necessary cookies is to simplify the use of websites for users. The use of analytical cookies is intended to improve the quality of our website and its content. Through the use of analytical cookies, we gain insights into how the website is used and can continuously optimize our offering.
These purposes also constitute our legitimate interest in processing personal data pursuant to Art. 6 (1) (f) of the GDPR.

Types of Cookies

Arrow Down Icon
There are first-party cookies and third-party cookies. First-party cookies are created directly by the platform service, while third-party cookies are set by external websites. Each cookie is individual and stores different data. The lifespan of a cookie can vary from the duration of your visit to several years.
The following cookies are distinguished:
  1. Necessary Cookies: These cookies are essential as they ensure basic functionality of the website.
  2. Functional Cookies: These cookies collect information about user behavior. They are used to analyze loading times and the performance of the website in different browsers.
  3. Targeting Cookies: These cookies enhance user-friendliness. For example, they store entered form data.
  4. Advertising Cookies: These cookies are used to deliver personalized advertisements to the user. However, this type of cookie is not used on our website.

Storage Duration, Objection, and Removal Options

Arrow Down Icon
Cookies are stored on the user's computer and transmitted to our site from there. As a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Stored cookies can be deleted at any time, including through automated means. If cookies are disabled for our website, some functions of the website may not be fully usable.
Depending on the browser you use, you can enable, manage, or delete cookies using the following links:
  1. Safari
  2. Google Chrome
  3. Firefox
  4. Internet Explorer
  5. Microsoft Edge

TLS Encryption via HTTPS

This website is encrypted using HTTPS with TLS. This ensures that data is transmitted securely over the internet (Data Protection by Design and by Default, Article 25 (1) of the GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission over the internet, we can ensure the protection of confidential data. You can recognize the use of this security measure by the lock symbol displayed in the browser's address bar and the use of the "https" scheme as part of the website address.

Contact Form and Email Contact

Description and Scope of Data Processing

Arrow Down Icon
Our website includes a contact form that can be used for electronic communication. Our top priority is to make the transmission of personal data as secure as possible. For this reason, we utilize the Google reCAPTCHA service (described in more detail in a separate section below). When you use the contact form feature, the data entered in the input fields is transmitted to us and stored. Additionally, the data is stored in an encrypted database provided by the platform service Webflow, Inc. Only we have access to this data through login credentials.
Your consent is obtained for the processing of the data during the submission process, and reference is made to this privacy policy.
Alternatively, you can contact us via the provided email address. In this case, the personal data transmitted with the email will be stored. No data is transferred to third parties in this context. The data is solely used for processing the conversation.

Legal Basis for Data Processing

Arrow Down Icon
The legal basis for processing the data, when the user has given consent, is Article 6 (1) (a) of the GDPR. The legal basis for processing the data transmitted via email is Article 6 (1) (f) of the GDPR. If the email contact aims to conclude a contract, an additional legal basis for the processing is Article 6 (1) (b) of the GDPR.

Purpose of Data Processing

Arrow Down Icon
The processing of personal data from the input fields is solely for the purpose of handling the contact request. In the case of contact via email, there is also a legitimate interest in processing the data. The other personal data processed during the submission process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

Storage Duration

Arrow Down Icon
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the contact form input fields and those transmitted via email, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when the circumstances indicate that the matter at hand has been conclusively resolved. Any additional personal data collected during the submission process will be deleted no later than seven days after submission.

Right to Object and Withdraw Consent

Arrow Down Icon
The user has the right to revoke their consent to the processing of personal data at any time. If the user contacts us via email, they can also object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

Google Analytics

Description and Scope of Data Processing

Arrow Down Icon
We use Google Analytics, a web analytics service provided by Google Inc., 1600 Amphiteatre Parkway, Mountain View, CA 94043, United States ("Google"), on our website. Google Analytics uses "cookies," which are text files stored on your computer, to analyze your use of the website. The information generated by the cookie about your use of this website is usually transmitted to and stored on a Google server in the United States. However, if IP anonymization is activated on this website, your IP address will be truncated by Google within member states of the European Union or other parties to the Agreement on the European Economic Area before being transmitted. Only in exceptional cases will the full IP address be sent to a Google server in the United States and truncated there. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be associated with any other data held by Google. You can prevent the storage of cookies by adjusting your browser software settings; however, please note that if you do this, you may not be able to use the full functionality of our website.

Legal Basis for Data Processing

Arrow Down Icon
The legal basis for the processing is Article 6 (1) (f) of the GDPR.

Purpose of Data Processing

Arrow Down Icon
The purpose of processing personal data is to target an audience that has already shown initial interest by visiting the website.

Storage Duration

Arrow Down Icon
Advertising data in server logs is anonymized by Google, who claims to delete parts of the IP address and cookie information after 9 or 18 months.

Right to Object and Withdraw Consent

Arrow Down Icon
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: www.google.com/intl/de/policies/privacy.