PRIVACY POLICY

Preamble

This Privacy Policy aims to inform you of the categories of personal data (hereinafter collectively referred to as “data”) that we process, the purposes of such processing, and the scope of the processing activities. This policy applies to all processing of personal data conducted by us, both in  providing our services and in particular on our websites, mobile applications, and external online presences, including our social media profiles (hereinafter collectively referred to as “online offerings”).

The terms used herein are gender-neutral.

Effective Date: 24th March 2025

Table of Contents

Data Controller

Sabrina Schneppe, Martinistr 89, 20251 Hamburg, Email address: info@sarefi.de

Overview of Processing Activities

The following overview summarises the categories of data processed and the purposes of such processing, and refers to the data subjects.

Processed Data Types

  • Inventory Data
  • Payment Data
  • Contact Data
  • Contract Data
  • Usage Data
  • Meta Data, Communication Data, and Procedural Data

Categories of Data Subjects (Individuals)

  • Customers
  • Prospective Clients
  • Communication Partners
  • Users
  • Business and Contract Partners

Purposes of Processing

  • Providing contractual services and customer support
  • Handling of enquiries and communication
  • Implementation of security measures
  • Direct marketing
  • Office and organisational processes
  • Administration and response to enquiries
  • Firewall management
  • Collection of feedback
  • Marketing initiatives
  • Development of user profiles
  • Provision of our online offerings and enhancement of user experience
  • Information technology infrastructure management

Relevant Legal Bases

Below you will find an overview of the legal bases of the General Data Protection Regulation (GDPR) according to which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may also apply in your country or our country of residence or establishment. If more specific legal bases are applicable in individual cases, we will inform you accordingly within this privacy policy.

  • Consent (Art. 6(1)(a) GDPR): The data subject has provided explicit consent to the processing of their personal data for one or more specific purposes.
  • Contractual Fulfilment and Pre-Contractual Enquiries (Art. 6(1)(b) GDPR): Processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures initiated at the request of the data subject.
  • Legal Obligation (Art. 6(1)(c) GDPR): Processing is necessary for compliance with a legal obligation to which the data controller is subject.
  • Legitimate Interests (Art. 6(1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the data controller or a third party, unless such interests are overridden by the fundamental rights and freedoms of the data subject that require the protection of personal data.

In addition to the data protection regulations under the GDPR, national data protection laws in Germany also apply. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which contains specific provisions regarding the rights of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and data transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for employment-related purposes (§ 26 BDSG), particularly concerning the establishment, execution, or termination of employment relationships, as well as employee consent. Additionally, state data protection laws of individual federal states may also apply.

Transmission of Personal Data

In the course of our processing of personal data, it may occur that data is transmitted to other entities, companies, legally independent organisational units, or individuals, or that it is disclosed to them. Recipients of this data may include service providers responsible for IT functions or providers of services and content integrated into our website. In such instances, we adhere to legal requirements and, in particular, enter into appropriate contracts or agreements with the recipients of your data to ensure its protection.

Data Transmission Within the Organisaton: We may share personal data with other entities within our organisation or grant them access to this data. If such transmission occurs for administrative purposes, it is based on our legitimate business interests, is necessary for the fulfilment of our contractual obligations, or occurs with the consent of the data subject or in accordance with legal provisions.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing occurs in the context of utilising services from third parties, or in disclosing or transmitting data to other persons, entities, or companies, this will only occur in compliance with legal requirements.

Subject to explicit consent or the necessity of transmission due to contractual or legal obligations, we will only process or permit the processing of data in third countries that provide an adequate level of data protection. This may be achieved through contractual obligations using so-called standard contractual clauses issued by the EU Commission, through relevant certifications, or binding internal data protection regulations (Art. 44 to 49 GDPR; for further information, see the EU Commission’s information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Data Erasure

The data we process will be deleted in accordance with legal provisions as soon as the consent given for processing is revoked or other permissions cease to exist (e.g., when the purpose for processing this data no longer exists or it is no longer necessary for such purposes). If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to these purposes. This means that the data will be limited in scope and not processed for other purposes. This applies, for instance, to data that must be retained for commercial or tax reasons, or whose retention is necessary for the assertion, exercise, or defence of legal claims, or to protect the rights of another natural or legal person.

Our privacy notices may also contain additional information regarding the retention and erasure of data that specifically pertains to the respective processing activities.

Security Measures

We implement appropriate technical and organisational measures in accordance with legal requirements, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, to ensure a level of protection commensurate with the risk.

Such measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling both physical and electronic access to the data, as well as access, input, transmission, securing availability, and segregation. Additionally, we have established procedures that facilitate the exercise of data subject rights, the erasure of data, and responses to data breaches. Furthermore, we integrate data protection considerations into the development or selection of hardware, software, and processes in accordance with the principles of data protection by design and by default.

SSL/ TLS Encryption (HTTPS): To safeguard your data transmitted via our online offerings, we utilise SSL or TLS encryption. You can identify such encrypted connections by the prefix “https://” in the address bar of your browser.

Use of Cookies

Cookies are small text files or other storage markers that store and retrieve information on devices. For instance, they may store the login status of a user account, the content of a shopping cart on an e-commerce platform, the content accessed, or the features used within an online offering. Cookies can serve various purposes, including ensuring the functionality, security, and convenience of online offerings, as well as generating analyses of visitor traffic.

Notes on Consent:

We utilise cookies in compliance with legal regulations. Therefore, we obtain prior consent from users, unless it is not legally required. Consent is particularly unnecessary when the storage and retrieval of information, including cookies, are essential to providing a telemedia service (i.e., our online offering) that users have expressly requested. The revocable consent is clearly communicated to users, including information on the specific use of cookies.

Notes on Data Protection Legal Bases:

The legal basis for processing users’ personal data through cookies depends on whether consent has been obtained. If consent is given, the legal basis for processing their data is the stated consent. Otherwise, data processed through cookies is based on our legitimate interests (e.g., for the economic operation of our online offering and enhancing its usability) or, where applicable, the fulfilment of our contractual obligations when the use of cookies is necessary to meet those obligations. We will inform you regarding the purposes for which cookies are processed in this privacy policy or within our consent and processing procedures.

Storage Duration: 

The following types of cookies are distinguished according to their storage time:

  • Temporary Cookies (also known as Session Cookies): Temporary cookies are deleted at the latest when a user has left an online offering and closed their device (e.g., browser or mobile application).
  • Permanent Cookies: Permanent cookies remain stored even after the device has been closed. For example, the login status may be retained, or preferred content may be displayed immediately upon the user’s return to the website. Additionally, data collected via cookies may be used for reach measurement. If we do not provide users with explicit information regarding the type and storage duration of cookies (e.g., during the consent collection), users should assume that cookies are permanent, with a potential storage duration that may last up to two years.

General Notes on Withdrawal and Objection (Opt-Out):

Users can withdraw their consent at any time and may also lodge an objection to processing in accordance with the legal provisions of Art. 21 GDPR. Users can express their objection through their browser settings, such as by disabling the use of cookies (which may also limit the functionality of our online services). Users can also obt out of the use of cookies for online marketing purposes through the following websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Further Notes on Processing Procedures, Methods, and Services:

  • Processing of Cookie Data Based on Consent: We use a cookie consent management procedure to obtain, manage, and revoke user consent for the use of cookies, as well as for the processes and providers mentioned in the cookie consent management procedure. In this context, the consent declaration is stored to avoid repeated enquiries and to demonstrate compliance with legal obligations. Storage may occur server-side and/or in a cookie (known as an opt-in cookie, or using comparable technologies) to associate the consent with a user or their device. Subject to specific terms regarding cookie management service providers, the following notes apply: The duration of consent storage may be up to two years. A pseudonymous user identifier is created and stored, along with the time of consent, details regarding the scope of consent (e.g., which categories of cookies and/or service providers), and information on the browser, system, and device used.
  • Complianz: Cookie consent management service; Provider: hosted locally on our server, with no data sharing with third parties; Website: https://complianz.io/Privacy Policy: https://complianz.io/legal/Additional Information: individual user IDs, language, types of consent, and the time of consent are stored both server-side and in a cookie on the user’s device.

Business Services

We process data of our contractual and business partners, which include customers and prospects (hereinafter collectively referred to as “Contract Partners”), within the framework of contractual and similar legal relationships, along with related measures and communications with Contract Partners (or pre-contractually), for example, in response to enquiries.

We process this data to fulfil our contractual obligations. This includes, in particular, obligations to provide the agreed services, any obligations to update, as well as remedies for warranty claims and other performance disruptions. Furthermore, we process the data to safeguard our rights and for administrative tasks associated with these obligations and business organisation. Additionally, we process the data based on our legitimate interests in ensuring proper and efficient business management, as well as implementing security measures to protect our Contract Partners and our business operations from misuse, threats to their data, confidential information, and rights (e.g., involving telecommunications, transport, and other ancillary services, subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities). In accordance with applicable law, we will disclose Contract Partner data to third parties only if this is necessary for the aforementioned purposes or to fulfil legal obligations. Contract Partners will be informed of any further forms of processing, such as for marketing purposes, within this privacy policy.

We will inform Contract Partners which data is required for the aforementioned purposes prior to or during data collection, for example, in online forms, through special markings (e.g., colours) or symbols (e.g., asterisks), or in person.

We will delete the data after the expiration of statutory warranty and comparable obligations, generally after a four-year period, unless the data is stored in a customer account (e.g., as long as it must be retained for legal reasons related to archiving). The statutory retention period for tax-relevant documents, commercial books, inventories, opening balances, annual financial statements, and other organizational documents and accounting vouchers is ten years. For received commercial and business correspondence and copies of sent commercial and business correspondence, the retention period is six years. The retention period commences at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance, the annual financial statement, or the management report was prepared, or the commercial or business letter was received or sent, or the accounting voucher was created.

To the extent that we utilise third-party providers or platforms to deliver our services, the terms and conditions and privacy notices of the respective third-party providers or platforms shall apply in the relationship between users and providers.

  • Processed Data Types: Inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); contact data (e.g., email adresses, phone numbers); contract data (e.g., subject matter of the contract, duration, customer category).
  • Data Subjects: Prospects; business and contract partners.
  • Purposes of Processing: Providing contractual services and customer service; contact enquiries and communication; administrative and organisational procedures; management and response to enquiries.
  • Legal Bases: Contract fulfilment and pre-contractual enquiries (Art. 6(1)(b) GDPR); legal obligation (Art. 6(1)(c) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Service Providers and Services Utilised in Business Activities

In the course of our business activities, we utilise additional services, platforms, interfaces, or plugins from third-party providers (hereinafter collectively referred to as “Services”) in accordance with legal regulations. Their use is grounded in our interests in effectively, lawfully, and economically managing our business operations and internal organisation.

  • Processed Data Types: Inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); contact data (e.g., email addresses, phone numbers); content data (e.g., entries in online forms); contract data (e.g., subject matter of the contract, duration, customer category).
  • Data Subjects: Customers; prospects; users (e.g., website visitors, users of online services); business and contract partners.
  • Purposes of Processing: Providing contractual services and customer service; administrative and organisational processes.
  • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

Online meetings, video conferences and screen sharing 

We use third-party providers to enable online meetings, video and/or audio conference calls, and online seminars between employees and with interested parties or customers. When you communicate with us via such a service, the data collected during this communication process is processed by both us and the third-party provider. The data that may be generated in such a communication process includes, in particular, your registration and contact details, contributions in the chat window, your video and audio contributions, and shared screen content. The data processed by the third-party provider we use primarily includes user data and metadata (e.g. IP address, computer system information). As a rule, third-party providers process this data to verify and ensure the security of the service. In addition, findings from data processing are to be used to optimise the third-party provider’s offering and to carry out appropriate marketing measures. Please note the third-party provider’s privacy policy in this regard.

We would like to point out that, depending on the country of residence of the service provider listed below, the data collected via the service may be transferred and processed outside the European Union. In this case, there is a risk that the level of data protection required by the GDPR may not be maintained and that it may be difficult or impossible to enforce your rights.

  • Processed Data Types:Inventory data (e.g. names, addresses), contact details (e.g. email address, telephone number), shared content (e.g. photos, videos, texts, audio recordings), user data (e.g. times of access, websites visited, interest in content), meta and communication data (e.g. IP address, computer system information)
  • Data Subjects: Prospective customers, customers, communication partners, business and contractual partners
  • Purposes of Processing:Processing of contact enquiries, internal and external communication with employees, prospective customers and customers, fulfilment of our contractual services, service offering
  • Legal Basis: Consent, Art. 6(1)(a) GDPR, fulfilment of contract and pre-contractual enquiries, Art. 6(1)(b) GDPR, legitimate interest, Art. 6(1)(f) GDPR
  • Services We Use: Microsoft Teams; Services offered: video conferencing, chats, voice conferencing; Service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; Website: https://www.microsoft.com/de-de/microsoft-365/microsoft-teams/group-chat-software; Privacy policy: https://privacy.microsoft.com/de-de/privacystatement

Further Notes on Processing Procedures, Processes, and Services:

  • abakus24 Service GmbH – Construction financing partner for financial service providers: Data subjects include persons potentially interested in financing; categories of data processed include first and last names, addresses, email addresses, contract and real estate data, income and financial circumstances; Service provider: abakus24 Service GmbH, Rudolf-Diesel-Str. 10, 23617 Stockelsdorf; Website: https://www.abakus24-partner.com/; Privacy policy: https://www.abakus24-partner.com/datenschutz/.
  • Senos Network – Sebastian Suslik – Construction financing partner for financial service providers: Data subjects include persons potentially interested in financing; categories of data processed include first and last names, addresses, email addresses, contract and real estate data, income and financial circumstances; Service provider: Senos Network, Sebastian Suslik, Rosenallee 25, 52249 Eschweiler; Website: https://www.senos-network.de; Privacy policy: https://www.senos-network.de/datenschutzerklarung/.

Provision of Online Services and Web Hosting

We process user data to provide our online services. In order to do so, we process the user’s IP address, which is necessary to transmit the content and functionalities of our online services to the user’s browser or device.

  • Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); meta data, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status); content data (e.g., entries in online forms).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our online services and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); security measures; firewall.
  • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further Notes on Processing Procedures, Processes, and Services:

  • Provision of Online Services on Rented Storage Space: For the provision of our online services, we utilise storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also referred to as “web hoster”). Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Service provider: Dogado GmbH, Antonio-Segni-Straße 11, 44263 Dortmund, Germany; Website: www.dogado.de; Privacy policy: www.dogado.de/datenschutz; Service provider: WordPress; Address: 660 4th St 119, San Francisco, CA 94107, USA; Privacy policy: https://de.wordpress.org/about/privacy/
  • Collection of Access Data and Log Files: Access to our online services is logged in the form of so-called “server log files.” Server log files may include the address and name of the retrieved websites and files, date and time of access, transmitted data volumes, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), and typically IP addresses and the requesting provider. Server log files can be used for security purposes, for example, to prevent server overload (especially in the event of abusive attacks, known as DDoS attacks) and to ensure the load and stability of the servers. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Data deletion: Log file information is stored for a maximum of 30 days and is then deleted or anonymised. Data that must be retained for evidentiary purposes is exempt from deletion until the respective incident is fully clarified.
  • Email Sending and Hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of recipients and senders, as well as other information concerning email dispatch (e.g., the involved providers) and the content of the respective emails, are processed. The aforementioned data may also be processed for spam detection purposes. Please note that emails are generally not encrypted during transmission over the internet. While emails are typically encrypted during transmission, they are usually not encrypted on the servers from which they are sent and received (unless an end-to-end encryption method is used). Therefore, we cannot accept responsibility for the transmission of emails between the sender and recipient on our server. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
  • Wordfence: This service provides firewall and security features, alongside error detection functions, to identify and prevent unauthorised access attempts and technical vulnerabilities that could enable such access. For these purposes, cookies and similar necessary storage methods may be used, and security logs may be generated during testing and particularly in the event of unauthorised access. In this context, the IP addresses of users, a user identification number, and their activities, including the time of access, are processed and stored, and compared with the data provided by the firewall and security feature provider. Service provider: Defiant, Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.wordfence.comPrivacy Policy: https://www.wordfence.com/privacy-policy/Standard Contractual Clauses (ensuring data protection level when processing in third countries): https://www.wordfence.com/standard-contractual-clauses/Further Information: https://www.wordfence.com/help/general-data-protection-regulation/.

Blogs and Publication Media

We utilise blogs and similar online communication and publication channels (hereinafter collectively referred to as “Publication Media”). Readers´ data will only be processed for the purposes of the Publication Media to the extent neccessary for their presentation and communication between authors and readers, or for security reasons. Further information regarding the processing of visitors to our Publication Media can be found in this privacy notice.

  • Processed Data Types: Inventory data (e.g., names, addresses); contact data (e.g., email addresses, phone numbers); content data (e.g., entries in online forms); usage data (e.g., visited websites, interest in content, access times); meta data, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of contractual services and customer service; feedback collection (e.g., via online forms); enhancement of our online services and user experience.
  • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

Contact and Enquiry Management

When contacting us (e.g., via mail, contact form, email, telephone, or social media), and in the context of existing user and business relationships, the details of the enquiring individuals will be processed insofar as necessary to respond to enquiries and any requested actions.

  • Processed Data Types: Contact data (e.g., email addresses, phone numbers); content data (e.g., entries in online forms); usage data (e.g., visited webpages, interest in content, access times); meta data, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Communication partners.
  • Purposes of Processing: Enquiry handling and communication; management and response to enquiries; feedback collection; enhancement of our online services and user experience.
  • Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); performance of contracts and pre-contractual enquiries (Art. 6(1)(b) GDPR).

Further Notes on Processing Procedures, Processes, and Services:

  • Contact Form: When users contact us via our contact form, email, or other communication channels, we process the data provided to address the enquiry. Legal bases: Performance of contracts and pre-contractual enquiries (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Advertising Communication via Email, Mail, Fax, or Telephone

We process personal data for the purpose of advertising communication through various channels, such as email, telephone, mail, or fax, in accordance with legal requirements.

Recipients have the right to revoke their consent at any time or to object to advertising communications.

After revocation or objection, we will store the data necessary for contacting or dispatch for up to three years after the end of the year in which the revocation or objection occurred, in order to prove prior authorisation based on our legitimate interests. The processing of this data is limited to the purpose of potentially defending against claims. Based on our legitimate interest in permanently monitoring the revocation or objection by users, we will also store the necessary data to prevent future contact (e.g., depending on the communication channel, the email address, phone number, name).

  • Processed Data Types: Inventory data (e.g., names, addresses); contact data (e.g., email addresses, phone numbers).
  • Data Subjects: Communication partners.
  • Purposes of Processing: Direct marketing (e.g., via email or mail).
  • Legal Bases: Consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Customer Reviews and Evaluation Procedures

We engage in review and evaluation processes to assess, optimise, and promote our services. When users provide ratings through relevant review platforms or procedures, the general terms and conditions and privacy policies of the respective providers also apply. Typically, submitting a review requires registration with these providers.

To verify that reviewers have genuinely used our services, we transmit necessary customer data and service details to the respective review platform with the customer’s consent (including name, email address, and order or item number). This data is used solely to verify the authenticity of the reviewer.

  • Processed Data Types: Contract data (e.g., subject of the contract, duration, customer category); usage data (e.g., visited websites, interest in content, access times); meta data, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Customers; users (e.g., website visitors, online service users).
  • Purposes of Processing: Feedback collection (e.g., via online forms); marketing activities.
  • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further Notes on Processing Procedures, Processes, and Services:

  • Review Widget: We integrate so-called “review widgets” into our online offerings. A widget is a functional and content element embedded in our online platform that displays variable information, often represented as a seal or badge. While the content of the widget is displayed within our offering, it is retrieved in real-time from the servers of the respective widget provider. This ensures the display of current and up-to-date ratings. To facilitate this, a data connection is established from our website to the widget provider’s server, and the widget provider receives certain technical data (access data, including IP address) necessary to deliver the widget’s content to the user’s browser. Additionally, the widget provider receives information indicating that users have visited our online offering. This information may be stored in a cookie to recognise which offerings participating in the evaluation process have been visited by the user. Such information may also be stored in a user profile and utilised for advertising or market research purposes. Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).
  • ProvenExpert: Evaluation platform; Service provider: Expert Systems AG, Quedlinburger Strasse 1, 10589 Berlin, Germany; Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.provenexpert.com/de-de/Privacy Policy: https://www.provenexpert.com/de-de/datenschutzbestimmungen/.

Social Media Presence

We maintain online presences within social networks and process user data in this context to communicate with users active on these platforms and to provide information about our services.

Please note that user data may be processed outside the European Union, which may pose risks for users, as enforcing user rights may be more challenging.

Additionally, user data within social networks is typically processed for market research and advertising purposes. For example, usage profiles may be created based on user behavior and interests. These profiles can be used to display advertisements both within and outside the networks that presumably align with users’ interests. For these purposes, cookies are generally stored on users’ devices, capturing their usage behavior and interests. Moreover, in these usage profiles, data may be stored independently of the devices used by the users, particularly if they are members of the respective platforms and are logged in.

For detailed information on processing methods and opt-out possibilities, we refer you to the privacy policies and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to user data and can take appropriate actions and provide relevant information. Should you require further assistance, please do not hesitate to contact us.

  • Processed Data Types: Contact data (e.g. email adresses, phone numbers); content data (e.g. entries in online forms); usage data (e.g. visited websites, interest in content, access times); meta data, communication data, and procedural Data (e. g. IP-adresses, timestamps, identification numbers, consent status).
  • Data Subjects: Users (e.g. website visitors, users of online services).
  • Purposes of Processing: Contact enquiries and communication; feedback (e.g. collecting feedback via online forms); marketing activities.
  • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further Notes on Processing Procedures, Processes and Services:

Plugins, Embedded Functions, and Content

We integrate functional and content elements into our online offerings that are sourced from the servers of third-party providers (hereinafter referred to as “Third Parties”). Such elements may include graphics, videos, or maps (collectively referred to as “Content”).

Integrating these elements requires Third Parties to process users’ IP addresses, because delivering content to users’ browsers requires the IP address. Consequently, the IP address is essential for the display of such content or functions. We strive to use only those contents whose respective providers use the IP address solely for the purpose of content delivery. Additionally, Third Parties may use pixel tags (invisible graphics, also known as “Web Beacons”) for statistical or marketing purposes. These pixel tags evaluate metrics like visitor traffic on the pages of our website. The pseudonymous information collected may be stored in cookies on users’ devices and may include technical information regarding the browser and operating system, referring websites, visit times, as well as additional information concerning the use of our online offerings. This information may also be correlated with data from other sources.

  • Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); meta data, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status); contact data (e.g., email addresses, phone numbers); content data (e.g., entries in online forms).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our online offerings and user-friendliness; marketing activities; creation of user profiles; feedback collection (e.g., via online forms).
  • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further Notes on Processing Procedures, Processes and Services:

  • Integration of Third-Party Software, Scripts, or Frameworks (e.g., jQuery): We integrate software from external providers into our online offerings (e.g., functional libraries that enhance the presentation or usability of our offerings). In this context, the respective providers collect users’ IP addresses and may process them for the purposes of delivering the software to users’ browsers, ensuring security, and evaluating and optimizing their offerings; Legal Basis: Legitimate interests (Art. 6 (1)(f) GDPR).
  • Google Fonts (local hosting): This site uses Google Fonts, which are provided by Google, to ensure consistent font display. The Google Fonts are installed locally. There is no connection to Google servers. Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
  • Font Awesome (hosted on our own server): We utilise Font Awesome for displaying fonts and icons; Provider: The Font Awesome icons are hosted on our server, and no data is transmitted to the Font Awesome provider.; Legal Basis: Legitimate interests (Art. 6 (1)(f) GDPR).
  • Calendly: You can schedule appointments with us on our website. We use the “Calendly” tool for appointment booking. To book an appointment, enter the requested data and your preferred date in the form provided. The data you enter will be used for planning, conducting, and, if necessary, following up on the appointment. The appointment data is stored for us on Calendly’s servers. The data you enter will remain with us until you request us to delete it, revoke your consent to its storage, or the purpose for storing the data no longer applies. Mandatory legal provisions – in particular retention periods – remain unaffected. The website operator has a legitimate interest in making it as easy as possible to make appointments with interested parties and customers. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://calendly.com/pages/dpa. The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/6050. Service provider: Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://calendly.com; Privacy policy: https://calendly.com/privacy; Data processing agreement: We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

Changes and Updates to the Privacy Policy

We encourage you to regularly review the content of our privacy policy. We will amend the privacy policy as soon as changes to the data processing we perform necessitate such adjustments. We will inform you when changes require an action on your part (e.g., consent) or otherwise necessitate individual notification.

If we provide addresses and contact information of companies and organisations in this privacy policy, please note that these addresses may change over time, and we recommend to verify the details before contacting them.

Rights of Data Subjects

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21:

  • Right to Object: You have the right to object at any time to the processing of personal data concerning you that is based on Article 6(1)(e) or (f) of the GDPR for reasons relating to your particular situation; this also applies to profiling based on these provisions. If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw any consent you have given at any time.
  • Right of Access: You have the right to request confirmation of whether your personal data is being processed, and to access this data as well as further information and a copy of the data in accordance with the legal requirements.
  • Right to Rectification: In accordance with legal requirements, you have the right to request to complete or correct any incomplete or inaccurate personal data concerning you.
  • Right to Erasure and Restriction of Processing: You have the right to request the immediate deletion of personal data concerning you, or alternatively, to request a restriction of processing of such data in accordance with legal requirements.
  • Right to Data Portability: You have the right to receive personal data concerning you that you have provided to us, in a structured, commonly used, and machine-readable format, or to request the transmission of such data to another controller in accordance with legal requirements.
  • Right to Lodge a Complaint with a Supervisory Authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your habitual residence, your workplace, or the location of the alleged infringement, if you believe that the processing of personal data concerning you infringes the provisions of the GDPR.

Definitions of Terms

This section provides an overview of the terminology used in this privacy policy. Many of the terms are derived from the law and are primarily defined in Article 4 of the GDPR. The legal definitions are binding. The following explanations are intended to facilitate understanding, and the terms are listed in alphabetical order.

  • Controller: The term “controller” refers to the natural or legal person, authority, agency, or other body that alone or jointly with others determines the purposes and means of the processing of personal data.
  • Firewall: A firewall is a security system that protects a computer network or an individual computer from unauthorised network access.
  • Personal Data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or to one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Processing: “Processing” means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data, including collection, evaluation, storage, transmission, or deletion.
  • Profiles with User-Related Information: The processing of “profiles with user-related information,” or simply “profiles,” includes any automated processing of personal data whereby personal data is used to analyse, evaluate, or predict certain personal aspects relating to a natural person. Depending on the type of profiling, this may involve various information regarding demographics, behavior, and interests, such as interaction with websites and their content. Cookies and web beacons are often used for profiling purposes.
  • Reach Measurement: Reach measurement (also referred to as web analytics) is used to evaluate visitor flows to an online offering and may include the behavior or interests of visitors regarding specific information, such as content from websites. Using reach analysis, website owners can determine when visitors visit their site and which content interests them. This allows them to better tailor the website’s content to the needs of their visitors. Pseudonymous cookies and web beacons are often used for reach analysis to identify returning visitors and obtain more accurate analyses of the use of an online offering.
  • Tracking: “Tracking” refers to the ability to trace user behavior across multiple online offerings. Typically, behavioral and interest information is stored in cookies or on the servers of the providers of tracking technologies in relation to the utilised online offerings (known as profiling). This information can then be used, for example, to display advertisements to users that are likely to correspond to their interests.

Created with free Datenschutz-Generator.de by Dr. Thomas Schwenke

Scroll to Top