4.2 Legal basis for data processing

The legal basis for processing personal data using technically necessary cookies is Article 6(1)(f) GDPR.

The legal basis for processing personal data using cookies for analysis purposes is Article 6(1)(a) GDPR if the user has consented to this.

4.3 Purpose of data processing

The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some functions of our website cannot be provided without cookies. For these functions, the browser must be recognized again even after a change of pages.

We need cookies for the following applications:

• saving the consent granted
• remembering search terms
• saving the selected page language

The user data collected by technically necessary cookies will not be used to create user profiles.

The use of other cookies is carried out to improve the quality of our website and its contents. We learn how the website is used on the basis of the analysis cookies, and can thus constantly optimize our offer.

According to Article 6(1)(f) GDPR, these purposes also represent our legitimate interest in processing personal data.

4.4 Storage period, means of objection and elimination

Cookies are stored on the user's computer and transmitted to our website from there. Therefore, you, as a user, have full control over the use of cookies. By modifying the settings in your Internet browser, you can disable or restrict the transmission of cookies. Previously stored cookies can be deleted at any time. This can also be done automatically. If you disable cookies for our website, you may no longer be able to use all of the website’s features to their full extent.

5. Contact form and e-mail contact

5.1 Description and scope of data processing

Our website offers a contact form that can be used to establish contact electronically. If a user takes this opportunity, the data entered in the input mask will be transmitted to us and stored. These data are:

• Data entered

Within the framework of the registration process, we obtain your consent to data processing and refer to this privacy policy.

Alternatively, you can contact us via the e-mail address provided. In this case, the user’s personal data transmitted in the e-mail will be stored.

There will be no transmission of data to third parties in this context. The data will be used exclusively for processing the conversation.

5.2 Legal basis for data processing

The legal basis for data processing under the presence of consent by the user is Article 6(1)(a) GDPR. The legal basis for processing data transmitted in the context of sending an e-mail is Article 6(1)(f) GDPR. If the contact aims at the conclusion of a contract, the additional legal basis for processing is Article 6(1)(b) GDPR.

5.3 Purpose of data processing

Processing of personal data from the input mask solely serves for processing your outreach. In the event of contacting via e-mail, this also represents the required legitimate interest in processing the data.

The other personal data processed during the transmission process are intended to prevent abuse of the contact form and ensure the safety of our information technology systems.

5.4 Storage period

The data will be erased as soon as they are no longer required to fulfill the purpose of their collection, and there are no other statutory retention periods. 

5.5 Means of objection and elimination

Users can revoke their consent to the processing of personal data at any time. If users contact us by e-mail, they can object to the storage of their personal data at any time. The conversation cannot be continued in such cases.

6. Use by third-party tools

6.1 Scope of processing personal data by third parties

In order to provide and continuously improve our services, we rely on the services of the following third-party providers, which may also process personal data. We have selected these third -party providers carefully and following the provisions of the GDPR.

6.1.1 Google Maps

Unless otherwise stated in this privacy policy, the operator of all Google services mentioned here is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

We have integrated the “Google Maps” service via API in order to be able to display geographical information. Using Google Maps allows Google to collect, process and use data about your use of the service. By using Google Maps, information about the use of this website, including your IP address and the (start) address entered as part of the route planner function, may be transmitted to Google in the USA. Google sends the map's content directly to the user’s browser and, from there, integrates it into the website. We do not have any influence on the amount of data Google collects in this way. We also have no influence on the further processing and use of the data by Google and, therefore, cannot accept any responsibility for this. Please refer to Google’s privacy policy for more information about how Google processes your data.

Google Maps collects and processes the following data:

• IP address
• location information
• usage data
• date and time of the visit
• URLs

The legal basis of processing is Article 6(1)(a) GDPR. Consent is voluntary and can be refused or revoked at any time with effect for the future.

The personal data is stored for as long as it is required to fulfill the purpose of processing. The data will be deleted as soon as they are no longer required to fulfill the purpose of their collection.

In addition to Google Ireland Limited, the data may be transmitted to the following recipients as part of processing:

– Google LLC.

– Alphabet Inc.

Google may transfer data to third countries, such as the USA, in the context of processing. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may be associated with various risks to the legality and security of data processing. So-called SCC generally guarantee the security of the transfer. This is intended to ensure that the processing is subject to a level of security that complies with the GDPR. If the SCC are insufficient, consent is obtained in advance following Article 49(1)(a) GDPR.

With the SCC, Google submits to the European level of data protection when processing the relevant data, even if this data is stored and processed in the USA. The SCC are based on an implementing decision of the EU Commission, which is available here: https://eurlex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

The Google Ads Data Processing Terms with reference to the SCC are available here: https://business.safety.google/intl/de/adsprocessorterms/.

If you want to learn more about Google's data processing, please go to: https://policies.google.com/privacy?hl=de .

6.1.2 Google Analytics

We use the analysis tracking tool Google Analytics (GA) by the US company “Google Inc” on our website. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services for the European area.

Google Analytics collects data about your actions on our website, such as clicking on a link, and tra nsmits this to Google Analytics. This is used to create reports that allow us to better customize our website to the expectations of website visitors.

These reports include, among others:

• target group reports
• ad reports
• acquisition reports
• behavior reports
• conversion reports
• real-time reports

Google Analytics uses the cookie to recognize a repeat visit.

The storage period is 14 months, and for “Universal Analytics” 26 months. After this period, the user data is deleted.

The legal basis of processing is Article 6(1)(a) GDPR. Consent is voluntary and can be refused or revoked at any time with effect for the future.

The personal data will be stored until the purpose of processing has been fulfilled and deleted as soon as they are no longer required to fulfill the purpose.

In addition to Google Ireland Limited, the data may be transmitted to the following recipients as part of processing:

– Google LLC.

– Alphabet Inc.

Google may transfer data to third countries, such as the USA, in the context of processing. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may be associated with various risks to the legality and security of data processing. So-called SCC generally guarantee the security of the transfer. This is intended to ensure that the processing is subject to a level of security that complies with the GDPR. If the SCC are insufficient, consent is obtained in advance following Article 49(1)(a) GDPR.

With the SCC, Google submits to the European level of data protection when processing the relevant data, even if this data is stored and processed in the USA. The SCC are based on an implementing decision of the EU Commission, which is available here: https://eurlex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

The Google Ads Data Processing Terms with reference to the SCC are available here: https://business.safety.google/intl/de/adsprocessorterms/.

If you want to learn more about Google's data processing, please go to: https://policies.google.com/privacy?hl=de .

6.1.3 Usercentrics

We use the Consent Management Platform (CMP) Usercentrics on our website. The service provider is the German company Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany. If you want to learn more about the data processed using Usercentrics, please refer to their privacy policy at https://usercentrics.com/privacy-policy/.

6.2 Legal basis for processing personal data

The legal basis of processing is Article 6(1)(a) GDPR. Consent is voluntary and can be refused or revoked at any time with effect for the future.

6.3 Purpose of data processing

Unless specified otherwise, processing of users' personal data allows us, among other things, to analyze the surfing behavior of our users. The analysis of the data obtained allows us to compile information about the use of the individual components of our website. This helps us to improve our w ebsite and its user friendliness continuously. According to Article 6(1)(f) GDPR, these purposes also represent our legitimate interest in processing the data. By anonymizing the IP address, the interest of users in the protection of their personal data is sufficiently accounted for.

6.4 Storage period

Unless specified otherwise, the data will be deleted as soon as they are no longer required for our recording purposes.

6.5 Means of objection and elimination

Unless specified separately for the individual services, cookies are stored on the user's computer and transmitted by it to us and/or the third-party providers. The user can – also automatically – disable or restrict the creation or transmission of cookies in their browser settings and delete cookies that have already been saved. Without cookies, you may no longer be able to use all of the website’s features.

When opting out, another cookie is set that tells us not to store the user's data If the user deletes this cookie, the opt-out cookie must be set again.

7. Rights of the data subject

If your personal data are processed, you will be considered a data subject within the meaning of the GDPR and have the following rights against the controller:

7.1 Right of access

You can request a confirmation from the controller whether we process personal data concerning you.

If there is such processing, you can request the following information from the controller:

• the purposes for which the personal data are processed;
• the categories of personal data which are processed;
• the recipients or categories of recipients to whom the personal data concerning you have been disclosed or will be disclosed;
• the planned storage period of personal data concerning you or, if specific details on this are not possible, criteria for determining the storage period;
• the existence of a right to rectification or erasure of personal data concerning you, the right to restriction of processing by the controller or a right to object to this processing;
• the existence of a right of appeal to a supervisory authority;
• all available information about the origin of the data if the personal data are not collected from the data subject;
• the existence of automated decision-making, including profiling according to Article 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and desired effects of such processing for the data subject.

You have the right to demand information on whether or not personal data concerning you are transmitted to a third country or an international organization. In this context, you may request to be informed about the appropriate safeguards according to Article 46 GDPR in connection with the transmission.

7.2 Right to rectification

You have the right to rectification and/or completion against the controller if the processed personal data concerning you are inaccurate or incomplete. The controller shall rectify this immediately.

7.3 Right to restriction of processing

On condition of the following, you can demand the restriction of processing of the personal data concerning you:

• if you challenge the accuracy of the personal data concerning you for a period which allows the controller to check the accuracy of the personal data;
• processing is unlawful, and you dismiss the erasure of the personal data and instead demand the restriction of the use of the personal data;
• the controller no longer needs the personal data for processing, but you need them for the enforcement, exercise or defense of legal claims, or
• if you have objected to processing in accordance with Article 21 (1) GDPR and it has not yet been decided whether the controller’s legitimate reasons outweigh your reasons.

If the processing of personal data concerning you has been restricted, these data – apart from storage – can only be processed with your consent or for the enforcement, exercise or defense of legal claims, or the protection of the rights of another natural or legal person, or reasons of substantial public interest of the European Union or of a member state.

If the restriction of processing has been limited according to the prerequisites mentioned above, you will be informed by the controller before the restriction is rescinded.

7.4 Right to erasure

7.4.1 Obligation for erasure

You can request the controller to erase the personal data concerning you immediately, and the controller will be obliged to erase these data immediately if one of the following reasons applies:

• The personal data concerning you are no longer necessary for the purposes for which they were collected or processed in any other way.
• You revoke your consent on which the processing was based according to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal basis for processing.
• You object to processing according to Article 21(1) GDPR, and there are no other legitimate reasons for processing, or you object to processing according to Article 21(2) GDPR.
• The personal data concerning you have been processed unlawfully.
• The erasure of the personal data concerning you is required for compliance with a legal obligation according to European Union law or the law of the member states to which the controller is subject.
• The personal data concerning you have been collected in relation to the offer of information society services in accordance with Article 8(1) GDPR.

7.4.2 Information to third parties

If the controller has disclosed the personal data concerning you and if they are obliged to erase these data according to Article 17(1) GDPR, they shall, taking into account the available technology and implementation costs, take the appropriate measures, also of a technical nature, to inform the persons responsible for data processing that you as the data subject have requested the erasure of all links to these personal data or of copies or replications of these personal data.

7.4.3 Exceptions

The right to erasure does not apply if processing is required

• for exercising the right of freedom of expression and information;
• for compliance with a legal obligation requiring processing in accordance with the law of the European Union or the member states to which the controller is subject, or for the performance of a task carried out in the public interest, or in the exercise of public authority vested in the controller;
• on grounds of public interest in the field of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) GDPR;
• for the enforcement, exercise or defense of legal claims.

7.5 Right to be informed

If you have enforced the right to rectification, erasure or restriction of processing against the controller, they are obligated to notify all recipients to whom the personal data concerning you have been disclosed about this rectification, erasure or restriction of processing of the data unless this proves impossible or involves disproportionate effort.

You have the right against the controller to be informed about these recipients.

7.6 Right to data portability

You have the right to obtain the personal data concerning you which you have provided to the controller in a structured, common and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided if

• processing is based on consent according to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract according to Article 6(1)(b) GDPR and
• processing takes place using automated procedures.

In exercising this right, you also have the right to obtain that the personal data concerning you are directly transferred to another controller by a controller insofar as this is technically feasible. This must not affect any civil liberties and rights of other persons.

The right to data portability does not apply to the processing of personal data required for the performance of a task in the public interest or in the exercise of public authority vested in the controller. 

7.7 Right to object

You have the right to object to the processing of personal data concerning you collected according to Article 6(1)(e) or (f) GDPR for reasons arising from your specific situation at any time; this also applies to profiling based on these provisions.

The controller will no longer process your personal data unless they can demonstrate compelling legitimate grounds for processing which override your interests, rights, and freedoms or for the enforcement, exercise, or defense of legal claims.

If the personal data concerning you will be processed for purposes of direct advertising, you have the right to object to the processing of personal data concerning you for the purposes of such advertising at any time; this also applies to profiling in so far as this is connected with such direct advertising.

If you object to processing for direct advertising purposes, the personal data concerning you will no longer be processed for these purposes.

In the context of the offer of information society services – notwithstanding Directive 2002/58/EC – you have the option to exercise your right to object using automated processes in which technical specifications are used.

7.8 Right to revoke your consent to the privacy policy

You can revoke your consent to the privacy policy at any time. The revocation of consent does not affect the legality of processing carried out until the revocation on the basis of the consent granted.

7.9 Automated individual decision-making, including profiling

You have the right not to be subjected to a decision solely based on automated processing – including profiling – which takes legal effect against you or significantly impacts you in a similar way. This does not apply if the decision

• is required for the conclusion or performance of a contract between you and the controller,
• due to statutory provisions of the European Union or the member states to which the controller is subject, is admissible, and these statutory provisions contain appropriate measures in order to safeguard your rights and freedoms as well as your legitimate interests or
• takes place with your explicit consent.

However, these decisions must not be based on special categories of personal data according to Article 9(1) GDPR unless Article 9(2)(a) or (g) GDPR applies and adequate measures for the protection of the rights and freedoms as well as your legitimate interests have been taken.

With regard to the first and the latter cases, the controller takes appropriate measures in order to safeguard the rights and freedoms as well as your legitimate interests, which includes at least the right to obtain the intervention of a person on the part of the controller, the right to present of one's position and the right to challenge the decision.

7.10 Right to appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to appeal to a supervisory authority, especially in the member state of your place of residence, your place of work or the location of the alleged infringement, if you think that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which you have appealed informs the claimant about the complaint’s status and results, including the possibility of a judicial remedy according to Article 78 GDPR.