2. Definitions

Our Privacy Policy contains technical definitions that can be found in the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). To help you better understand these definitions, we would like to explain them in simple terms here first:

2.1 Personal data

“Personal data” refers to all information relating to an identified or identifiable natural person (Art. 4(1) of the GDPR). Information about an identified person can, for example, be their name or email address. However, personal data is also data from which the identity is not immediately apparent, but which can be ascertained by combining your own or third-party information to find out who the person is. A person can be identified, for example, by providing their official home address or bank details, their date of birth or user name, their IP addresses and/or location data. All information that can be used to identify a person in any way whatsoever is relevant in this context.

2.2 Processing

“Processing” is defined in Article 4(2) GDPR as any operation performed  on personal data. In particular, this means the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

4. Data Protection Officer

We have appointed an external data protection officer for our company. You can contact him as follows: 

Name: Dr. Nolte Datenschutz & QM
Address: Dr. Nolte Datenschutz & QM, Am Ziegelteich 44 b, 22525 Hamburg
Phone: +49 (0)160 - 63 222 32 
Email: uwe.nolte@datenschutz-qm.de

6.2 Purpose

Data is processed in order to enable access to the website, and to ensure the stability and security of the website. Processing also serves to enable the statistical evaluation and improvement of our online offering.

6.3 Basis in law

The processing is necessary in order to protect the overriding legitimate interests of the controller (Art. 6(1)(f) of the EU General Data Protection Regulation (GDPR)). Our legitimate interest is based on the purpose stated in section 6.2.

6.4 Storage period

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of data collected for the purpose of making the website available, deletion is carried out once the session has ended. The log files are deleted after 30 days.

7. Cookies

7.1 Description of processing

Our website uses cookies. Cookies are small text files that are stored on the end device of a user when they visit a website. Cookies contain information that enables an end device to be recognised and certain website functions to be used. We differentiate between our own cookies and external cookies, the latter also called third-party cookies. On our website we use what are known as “session cookies” and “persistent cookies”. Session cookies are automatically deleted when you end your internet session and close the browser. Persistent cookies remain stored on your end device for a longer period of time. Your consent is not required if cookies are necessary for the technical operation of our website. All other cookies that are not technically required are only set if you have actively consented to the use of cookies via our consent tool. We use the “Cookiebot” service, which is operated by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark, to obtain and document consent. The consent tool stores your selection itself in a cookie on your end device. This means that you do not need to make a decision relating to cookies again when you revisit our website.

You can consult the settings of the consent tool to check which cookies are used on our website and for what purpose, how long they are stored on your device and what consent you may have already given.

7.2 Purpose

1. We use cookies to make our website more user-friendly and to offer the functions described in section 7.1.

7.3 Basis in law

The processing is necessary in order to protect the overriding legitimate interests of the controller with regard to technically required cookies and the use of the consent tool (Art. 6(1)(f) of the EU General Data Protection Regulation (GDPR) in conjunction with Section 25(2) of the German Telecommunications and Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetz - TTDSG. Our legitimate interest is based on the purpose stated in section 7.2. The legal basis for processing all other cookies – i.e. cookies that are not technically necessary – is consent (Art. 6(1)(a) GDPR in conjunction with Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetz - TTDSG. Any such consent is voluntary.

7.4 Storage period, withdrawal of consent

Cookies are automatically deleted at the end of a session or at the end of the specified storage period. Due to cookies being stored on your end device, you as the user have full control of the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your web browser. Cookies that have already been saved can be deleted. This can be done automatically as well. If cookies for our website are disabled, deleted or restricted, it may no longer be possible to make full use of all of the website’s functions or to use the website at all. You can, at any time, use the consent tool settings to withdraw any consent you have given to the use of cookies. The consent is withdrawn with effect for the future (it is not retroactive).

7.5 Recipients

If third-party cookies are used, data may be transmitted to the respective providers of these third-party services. This may also involve the transfer of data to third countries that are outside the European Union or the European Economic Area. We provide details of data recipients and transfers to third countries in the settings of the consent tool or in the relevant section on the third-party service in this Privacy Policy. If required, personal data is also transmitted to the service provider of the consent tool “Cookiebot”, Cybot A/S.

8. Email Contact

8.1 Description of data processing 

In order to contact us, you can write to us via the email address provided on the website. In this case, the personal data transmitted along with the email will be processed by us.

8.2 Purpose

The data transmitted both via and in your email are used exclusively for handling and responding to your enquiry.

8.3 Basis in law

The processing is necessary in order to protect the overriding legitimate interests of the controller (Art. 6(1)(f) GDPR). Our legitimate interest is based on the purpose stated in section 8.2. If the intention of the email contact is the conclusion or performance of a contract, the data is processed so as to ensure performance of the contract (Art. 6(1)(b) GDPR).

8.4 Storage period

The data is deleted by us as soon as it is no longer required to achieve the purpose for which it was collected. This is generally the case if relevant communication with you has been completed. The communication will have ended when it is evident from the circumstances that matter concerning you has been conclusively resolved. If statutory retention periods prevent deletion of the data, it will be deleted immediately upon expiry of the statutory retention period in question.

9. Social networks

9.1 Description of processing

Our website does not use any social media plugins. The LinkedIn and YouTube logos displayed on our website are linked solely to the corresponding profiles of our company on these social networks. No data is transferred to the social networks as a result of the incorporation of the logos. If you click on one of the logos, you will be directed solely to the external website of the social network in question.

However, our profiles within the social networks do involve data processing. If you are logged in to such social networks when you visit one of these profiles, this information will be attributed to your user account for the relevant social network. If you interact with our profile, e.g. comment on, “share”, “like” or “retweet” a post, this information will also be stored in your user account. We also generally have access to your interactions with our profile.

9.2

On the LinkedIn social network, we have the option of obtaining statistical data on how our LinkedIn profile is used via the “Insights” function.

The social networks you communicate with store your data using pseudonyms as user profiles and use these for the purposes of advertising and market research. For example, you may be shown adverts within the social network and on other third-party websites that correspond to what are purported to be your interests. As a rule, cookies are used for this purpose which are stored on your end device by the social network. You are entitled to object to the creation of these user profiles; to exercise this right, you must contact the social networks directly.

9.3 Purpose

We maintain profiles on the social networks referred to above for the purposes of publicity and corporate communication with customers and interested parties. We use the “Insights” function to assess the reach of our posts on the social network and to optimise their appeal for our visitors in the future.

9.4 Legal basis

The legal basis for the processing of data in the case of our profiles on social networks is the protection of our overriding legitimate interests (Art. 6(1)(f) GDPR). Our legitimate interest is based on the purpose stated in section 9.3.. If you are asked for consent by the operator of a social network, the legal basis is provided by Art. 6(1)(a) of the GDPR. In relation to our presence on LinkedIn, data processing is also undertaken on the basis of joint responsibility in accordance with Art. 26 GDPR.

9.5 Recipients and transfer to third countries

The social networks in question are operated by the companies listed below. Further information on data privacy with regard to our profile on the social networks can be found in the links to the privacy policies.

• YouTube: YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is presented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policies of YouTube/Google: www.google.com/policies/privacy/partners/?hl=de.
• LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland. Privacy policy: www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy. The Data Processing Agreement with LinkedIn is available at www.linkedin.com/legal/l/dpa. The Joint Controller Addendum can be accessed via legal.linkedin.com/pages-joint-controller-addendum . 

The social networks also process your personal data in the USA.

10. Matomo

10.1 Description of the processing 

Our website uses “Matomo”, a web analytics service provided by Innocraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. Matomo is an open source software that we have installed on our server. Matomo uses cookies (see section 7) which enable us to analyse your use of our customer portal. The statistics produced by Matomo record in particular how many users visit our website, the country or location from which they access it, which pages and subpages they visit and which links or search terms visitors use to access our website. The information collected is transferred to our server, where it is stored. This data is not passed on to third parties – in particular not to Innocraft Ltd. Your IP address is only collected in truncated form so that it cannot be traced to you (IP masking).

10.2 Purpose

We process data so that we can analyse the use of our customer portal. The information obtained is used to improve and customise our website.

10.3 Legal basis

The basis in law for this processing is provided by consent provided in accordance with Art. 6(1)(a) GDPR. We obtain this consent through the consent tool “Cookiebot” (see section 7.1.). Any such consent is voluntary.

10.4 Storage period and right to object, withdrawal of consent

We have explained the storage period and your control and setting options for cookies in section 7. You can, at any time, use the consent tool settings to revoke the consent you have given relating to Matomo with future effect. You can also object to the processing of data by Matomo at any time by removing the following tick which enables the opt-out plug-in: Matomo iFrame. The analysis data processed and stored with Matomo is automatically deleted by us after one year.

11. Font substitution

Our website substitutes the standard fonts of your device with other fonts. This is done in order to make the text on our website easier to read and more aesthetically appealing. We have chosen a data protection-friendly solution for font replacement. We do not use external services such as Google Fonts or Adobe Fonts. We instead store the fonts to be substituted locally on our server. This has the advantage that when you visit our website, your browser does not send a request to external font replacement services and therefore no data, especially not your IP address in conjunction with the address of our website, is transmitted to third parties.

13.2 Rectification (Art. 16 GDPR)

You have the right to obtain from us, without undue delay, the rectification of inaccurate personal data concerning you and, where applicable, the completion of incomplete personal data.

13.3 Erasure (Art. 17 GDPR)

You have the right to obtain from us the erasure of personal data concerning you without undue delay, where one of the grounds listed in Art. 17 GDPR applies, for example where your data is no longer necessary in relation to the purposes for which we collected it.

13.4 Restriction of data processing (Art. 18 GDPR)

You have the right to obtain from us the restriction of processing if one of the criteria listed in Art. 18 GDPR applies, e.g. if you contest the accuracy of your personal data, data processing will be restricted for a period enabling us to verify the accuracy of your data.

13.5 Data portability(Art. 20 GDPR)

You have the right, under the premises set out in Art. 20 GDPR, to receive the data concerning you in a structured, commonly used and machine-readable format.

13.6 Withdrawal of consent (Art. 7 (3) GDPR)

Where processing is dependent on consent, you have the right to withdraw your consent at any time. The withdrawal of consent is effective from the time it is asserted. In other words, it has effect for the future. This means that withdrawal of consent does not affect the lawfulness of processing based on consent performed before consent is withdrawn.

13.7 Right to lodge a complaint 

You have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR. You can exercise this right by lodging your complaint with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.

13.8 Prohibited automated individual decision-making/profiling (Art. 22 GDPR)

You have the right not to be subject to decision-making based solely on automated processing of personal data, including profiling, which have legal consequences for you or which significantly affect you. We hereby inform you that we do not use automated decision-making, including profiling, in relation to your personal data.

13.9 Right to object (Art. 21 GDPR)

If we process personal data concerning you based on Art. 6(1)(f) GDPR (for the protection of overriding legitimate interests), you have the right, under the conditions set out in Art. 21 GDPR, to object to this processing at any time to us. This right to object only applies, however, if there are grounds relating to your particular situation. Following your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. We are also not obliged to cease processing the data if the processing serves the establishment, exercise or defence of legal claims. You always have the right – regardless of whether a particular situation exists – to object at any time to the processing of your personal data for direct marketing purposes.

Updated: January 2025