Data protection

Privacy Policy

1. Introduction

The following information is intended to provide you, as a “data subject”, with an overview of how we process your personal data and your rights under data protection legislation. In principle, it is possible to use our website without providing any personal data. However, if you wish to make use of specific services offered by our company via our website, the processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally seek your consent.

The processing of personal data, such as your name, address or email address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to “DewertOkin GmbH”. Through this privacy policy, we wish to inform you about the scope and purpose of the personal data we collect, use and process.

As the data controller, we have implemented numerous technical and organisational measures to ensure the most comprehensive possible protection of the personal data processed via this website. Nevertheless, internet-based data transmissions may, in principle, be subject to security vulnerabilities, meaning that absolute protection cannot be guaranteed. For this reason, you are free to provide us with personal data via alternative channels, such as by telephone or post.

You too can take simple and easy-to-implement measures to protect yourself against unauthorised access to your data by third parties. We would therefore like to provide you with some guidance on the secure handling of your data:

Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with secure passwords.
Only you should have access to the passwords.
Ensure that you only ever use your passwords for a single account (login, user or customer account).
Do not use the same password for different websites, applications or online services.
The following applies in particular when using publicly accessible IT systems or those shared with others: you must log out after every session on a website, application or online service.

Passwords should consist of at least 12 characters and be chosen so that they cannot be easily guessed. Therefore, they should not contain common everyday words, your own name or the names of relatives, but should include upper and lower case letters, numbers and special characters.

2. Data Controller

The controller within the meaning of the GDPR is:

DewertOkin GmbH

Weststr. 1, 32278 Kirchlengern, Germany

Telephone: 05223-979-0

Fax: 05223-75182

Email: info@dewertokin.de

Representative of the data controller: Dirk Flören

3. Data Protection Officer

You can contact the Data Protection Officer as follows:

Thomas Otten

Telephone: 05221 87292-08

Fax: 05221 87292-49

Email: datenschutz-dewertokin@audatis.de

You can contact our Data Protection Officer directly at any time with any questions or suggestions regarding data protection.

4. Definitions

This privacy policy is based on the terminology used by the European legislators and regulators when enacting the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easy to read and understand for the general public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

In this privacy policy, we use the following terms, amongst others:

1. Personal data

Personal data is any information relating to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).

3. Processing

Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, erasure or destruction.

4. Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their future processing.

5. Profiling

Profiling is any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or movements.

6. Pseudonymisation

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

7. Data processor

A data processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

8. Recipients

A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, irrespective of whether they are a third party or not. However, public authorities which may receive personal data in the course of a specific inquiry mandate under Union law or the law of the Member States shall not be regarded as recipients.

9. Third party

A third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data.

10. Consent

Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

5. Legal basis for processing

Article 6(1)(a) of the GDPR (in conjunction with Section 25(1) of the TDDDG (formerly the TTDSG)) serves as the legal basis for our company in relation to processing operations where we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations required for the delivery of goods or the provision of other services or consideration, the processing is based on Article 6(1)(b) of the GDPR. The same applies to processing operations necessary for the implementation of pre-contractual measures, such as in cases of enquiries regarding our products or services.

If our company is subject to a legal obligation requiring the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Article 6(1)(c) of the GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and their name, age, health insurance details or other vital information subsequently had to be disclosed to a doctor, a hospital or other third parties. In such cases, the processing would be based on Article 6(1)(d) of the GDPR.

Finally, processing operations may be based on Article 6(1)(f) of the GDPR. This legal basis applies to processing operations not covered by any of the aforementioned legal bases, where the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not override those interests. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this regard, the legislator took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47, sentence 2 of the GDPR).

Our services are generally aimed at adults. Persons under the age of 16 may not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and young people, do not collect such data and do not pass it on to third parties.

6. Transfer of data to third parties

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only disclose your personal data to third parties if:

1. you have given us your explicit consent to do so in accordance with Article 6(1)(a) of the GDPR,

2. the transfer is permitted under Article 6(1)(f) of the GDPR to safeguard our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,

3. there is a legal obligation to disclose the data under Article 6(1)(c) of the GDPR, and

4. this is legally permissible and necessary under Article 6(1)(b) of the GDPR for the performance of contractual relationships with you.

To protect your data and, where necessary, to enable us to transfer data to third countries (outside the EU/EEA), we have entered into data processing agreements based on the European Commission’s Standard Contractual Clauses. Where the Standard Contractual Clauses are insufficient to ensure an adequate level of security, your consent pursuant to Article 49(1)(a) of the GDPR may serve as the legal basis for the transfer to third countries. This does not apply, however, to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Article 45 of the GDPR.

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only disclose your personal data to third parties if:

1. you have given us your explicit consent to do so in accordance with Article 6(1)(a) of the GDPR,

2. the disclosure is permitted under Article 6(1)(f) of the GDPR to safeguard our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,

3. there is a legal obligation to disclose the data under Article 6(1)(c) of the GDPR, and

4. this is legally permissible and necessary under Article 6(1)(b) of the GDPR for the performance of contractual relationships with you.

As part of the processing operations described in this privacy policy, personal data may be transferred to the USA. Companies in the USA only have an adequate level of data protection if they have been certified under the EU-US Data Privacy Framework and the EU Commission’s adequacy decision pursuant to Article 45 of the GDPR therefore applies. We have explicitly stated this in the privacy policy for the relevant service providers. To protect your data in all other cases, we have entered into data processing agreements based on the European Commission’s Standard Contractual Clauses. Where the Standard Contractual Clauses are insufficient to ensure an adequate level of security, your consent pursuant to Article 49(1)(a) of the GDPR may serve as the legal basis for the transfer to third countries. This does not apply, however, to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Article 45 of the GDPR.

7. Technology

7.1 SSL/TLS encryption

This website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login details or contact enquiries, which you send to us as the operator. You can recognise an encrypted connection by the fact that the address bar of your browser displays "https://" instead of "http://", and by the padlock symbol in your browser bar.

We use this technology to protect the data you transmit.

7.2 Data collection when visiting the website

When you use our website for information purposes only – i.e. if you do not register, do not otherwise provide us with information, or do not give consent to processing operations requiring consent – we collect only those data that are technically essential for the provision of the service. These are typically data that your browser transmits to our server (in so-called server log files). Our website collects a range of general data and information each time you or an automated system accesses a page. This general data and information is stored in the server’s log files. The following may be collected:

1. browser types and versions used,

2. the operating system used by the accessing system,

3. the website from which an accessing system reaches our website (so-called referrer),

4. the subpages accessed on our website via an accessing system,

5. the date and time of access to the website,

6. a truncated Internet Protocol address (anonymised IP address) and,

7. the internet service provider of the accessing system.

We do not draw any conclusions about your identity when using this general data and information. Rather, this information is required in order to

1. deliver the content of our website correctly,

2. optimise the content of our website and the advertising on it,

3. ensure the continued functionality of our IT systems and the technology of our website, and

4. provide law enforcement agencies with the information necessary for criminal prosecution in the event of a cyber attack.

We therefore analyse this collected data and information both for statistical purposes and with the aim of enhancing data protection and data security within our company, ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data from the server log files is stored separately from any personal data provided by a data subject.

The legal basis for data processing is Article 6(1)(f) of the GDPR. Our legitimate interest arises from the purposes of data collection listed above.

7.3 Encrypted payment transactions

If, following the conclusion of a contract involving a fee, there is an obligation to provide us with your payment details (e.g. your account number when granting a direct debit authorisation), these details are required for payment processing.

Payment transactions via standard payment methods (Visa/MasterCard or direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address bar of your browser changes from "http://" to "https://" and by the padlock symbol in your browser bar.

We use this technology to protect the data you submit.

7.4 Hosting by Mittwald

We host our website with Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp (hereinafter referred to as Mittwald).

When you visit our website, your personal data (e.g. IP addresses in log files) is processed on Mittwald’s servers.

The use of Mittwald is based on Article 6(1)(f) of the GDPR. We have a legitimate interest in ensuring that our website is presented, provided and secured as reliably as possible.

We have concluded a data processing agreement (DPA) with Mittwald in accordance with Article 28 of the GDPR. This is a contract required under data protection law, which ensures that Mittwald processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Further information on Mittwald’s data protection policy can be found at: www.mittwald.de/datenschutz

8. Cookies

8.1 General information on cookies

Cookies are small files that your browser creates automatically and which are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site.

The cookie stores information relating to the specific device used. However, this does not mean that we thereby gain direct knowledge of your identity.

The use of cookies serves to make your experience of our website more pleasant. For example, we use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted when you leave our site.

In addition, to optimise user-friendliness, we also use temporary cookies that are stored on your device for a specific, defined period. If you visit our site again to use our services, the system automatically recognises that you have previously visited us and recalls the entries and settings you made, so that you do not have to enter them again.

We also use cookies to collect statistical data on the use of our website and to evaluate our offering for you for the purpose of optimisation. These cookies enable us to automatically recognise that you have already visited our website when you visit it again. The cookies set in this way are automatically deleted after a defined period of time. The respective storage duration of the cookies can be found in the settings of the consent tool used.

8.2 Legal basis for the use of cookies

The data processed by the cookies, which is required for the proper functioning of the website, is therefore necessary to safeguard our legitimate interests and those of third parties in accordance with Article 6(1)(f) of the GDPR.

For all other cookies, you have given your consent via our opt-in cookie banner in accordance with Article 6(1)(a) of the GDPR.

8.3 Usercentrics (Consent Management Tool)

We use the consent management tool “Usercentrics” provided by Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. This service enables us to obtain and manage website users’ consent to data processing.

Usercentrics collects data generated by end users who use our website. When an end user gives their consent, Usercentrics automatically logs the following data:

Browser information.
Date and time of access.
Device information.
The URL of the page visited.
Geographical location.
Page path of the website.
The end user’s consent status, which serves as proof of consent.

The consent status is also stored in the end user’s browser, enabling the website to automatically read and comply with the end user’s consent for all subsequent page requests and future end user sessions for up to 12 months. The consent data (consent and withdrawal of consent) is stored for three years. The retention period corresponds to the standard limitation period in accordance with Section 195 of the German Civil Code (BGB). The data is then deleted immediately or, upon request, passed on to the data subject in the form of a data export.

The functionality of the website cannot be guaranteed without the processing described. The user has no right to object as long as there is a legal obligation to obtain the user’s consent for certain data processing operations (Art. 7(1), 6(1) sentence 1(c) of the GDPR).

Usercentrics is the recipient of your personal data and acts as a data processor on our behalf.

Detailed information on the use of Usercentrics can be found at: usercentrics.com/privacy-policy/.

9. Content of our website

9.1 Data processing when opening a customer account and for contract fulfilment

In accordance with Article 6(1)(b) of the GDPR, personal data is collected and processed when you provide it to us for the performance of a contract or when opening a customer account. The data collected is indicated in the relevant input forms. You may delete your customer account at any time, for example by sending a message to the above-mentioned address of the controller. We store and use the data you provide for the purpose of contract fulfilment. Once the contract has been fully processed or your customer account has been deleted, your data will be blocked in accordance with retention periods under tax and commercial law and deleted upon expiry of these periods, unless you have expressly consented to further use of your data or we have reserved the right to further use your data as permitted by law, about which we will inform you below.

9.2 Data processing for order fulfilment

The personal data we collect is passed on to the transport company commissioned with the delivery as part of contract processing, insofar as this is necessary for the delivery of the goods. We pass on your payment details to the commissioned credit institution as part of payment processing, insofar as this is necessary for payment processing. Where payment service providers are used, we provide explicit information on this below. The legal basis for the transfer of data in this context is Article 6(1)(b) of the GDPR.

9.3 Concluding contracts via the online shop, retailers and goods dispatch

We only transfer personal data to third parties where this is necessary for the performance of the contract, for example to the companies responsible for delivering the goods or the bank commissioned to process the payment. No further transfer of data takes place, or only if you have expressly consented to such transfer. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The legal basis for data processing is Article 6(1)(b) of the GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

9.4 Contact / Contact form

When you contact us (e.g. via the contact form or by email), personal data is collected. The specific data collected when using a contact form is indicated on the form itself. This data is stored and used solely for the purpose of responding to your enquiry, establishing contact, and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your enquiry in accordance with Article 6(1)(f) of the GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR. Your data will be deleted once your enquiry has been fully processed; this is the case when it is clear from the circumstances that the matter in question has been conclusively resolved and there are no legal retention obligations preventing deletion.

9.5 Application management / Job board

We collect and process the personal data of applicants for the purpose of handling the application process. Processing may also take place electronically. This is particularly the case where an applicant submits the relevant application documents to us electronically, for example by email or via a web form on the website. If we enter into an employment or service contract with an applicant, the data provided will be stored for the purpose of managing the employment relationship in accordance with statutory provisions. If we do not enter into a contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that no other legitimate interests on our part preclude such deletion. An example of such a legitimate interest is the burden of proof in proceedings under the General Equal Treatment Act (AGG).

The legal basis for the processing of your data is Article 6(1)(b) and Article 88 of the GDPR in conjunction with Section 26(1) of the Federal Data Protection Act (BDSG).

10. Newsletter distribution

10.1 Sending newsletters to existing customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to send you regular offers by email for similar goods or services to those you have already purchased from our range. For this purpose, we are not required to obtain your separate consent in accordance with Section 7(3) of the Unfair Competition Act (UWG). Data processing in this regard is carried out solely on the basis of our legitimate interest in personalised direct marketing in accordance with Article 6(1)(f) of the GDPR. If you initially objected to the use of your email address for this purpose, we will not send you any emails. You are entitled to object to the use of your email address for the aforementioned advertising purposes at any time with future effect by notifying the controller named at the beginning. You will only incur transmission costs in accordance with standard rates. Upon receipt of your objection, the use of your email address for advertising purposes will be discontinued immediately.

10.2 Advertising newsletter

On our website, you are given the opportunity to subscribe to our company’s newsletter. The personal data transmitted to us when you subscribe to the newsletter is determined by the input form used for this purpose.

We inform our customers and business partners about our offers at regular intervals via a newsletter. You can generally only receive our company’s newsletter if

1. you have a valid email address and

2. you have registered to receive the newsletter.

For legal reasons, a confirmation email is sent to the email address you initially provided for the newsletter using the double opt-in procedure. This confirmation email serves to verify that you, as the owner of the email address, have authorised the receipt of the newsletter.

When you subscribe to the newsletter, we also store the IP address of the IT system you were using at the time of registration, as assigned by your Internet Service Provider (ISP), as well as the date and time of registration. The collection of this data is necessary to enable us to trace any (potential) misuse of your email address at a later date and therefore serves to protect us legally.

The personal data collected when you subscribe to the newsletter is used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter may be informed by email where this is necessary for the operation of the newsletter service or for registration purposes, as might be the case with changes to the newsletter content or alterations to the technical conditions. No personal data collected in connection with the newsletter service will be passed on to third parties. You may cancel your subscription to our newsletter at any time. The consent you have given us to store personal data for the purpose of sending the newsletter may be withdrawn at any time. A link for this purpose is included in every newsletter. Furthermore, you may unsubscribe from the newsletter at any time directly on our website or notify us in another manner.

The legal basis for data processing for the purpose of sending the newsletter is Article 6(1)(a) of the GDPR.

10.3 CleverReach

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, (CRASH Building), Schafjückenweg 2, 26180 Rastede. CleverReach is a service that enables the organisation and analysis of newsletter distribution. The data you provide for the purpose of subscribing to the newsletter (e.g. your email address) is stored on CleverReach’s servers in Germany or Ireland.

Our newsletters sent via CleverReach enable us to analyse the behaviour of newsletter recipients. This allows us to analyse, amongst other things, how many recipients opened the newsletter and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it is also possible to analyse whether a predefined action (e.g. the purchase of a product on our website) took place after clicking on a link in the newsletter. Further information on data analysis by CleverReach newsletters is available at: www.cleverreach.com/de/funktionen/reporting-und-tracking/.

Data processing is carried out on the basis of your consent (Art. 6(1)(a) GDPR). You may withdraw this consent at any time by unsubscribing from the newsletter. The lawfulness of data processing operations already carried out remains unaffected by the withdrawal.

If you do not wish to have your data analysed by CleverReach, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. You can also unsubscribe from the newsletter directly on the website.

You may withdraw the consent you have given at any time. You may also prevent processing at any time by unsubscribing from the newsletter. You may also prevent the storage of cookies by adjusting the settings in your web browser. You can also prevent the storage and transmission of personal data by disabling JavaScript in your web browser or by installing a JavaScript blocker (e.g. noscript.net or www.ghostery.com). Please note that these measures may mean that not all functions of our website are available.

The data you have provided to us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from both our servers and the servers of CleverReach once you have unsubscribed. Data stored by us for other purposes (e.g. email addresses for the members’ area) remains unaffected by this.

You can view CleverReach’s privacy policy at: www.cleverreach.com/de/datenschutz/.

11. Our activities on social media

To enable us to communicate with you on social media and keep you informed about our services, we maintain our own pages there. When you visit one of our social media pages, we are jointly responsible for the processing operations triggered thereby, within the meaning of Article 26 of the GDPR, together with the provider of the respective social media platform.

We are not the original provider of these pages, but merely use them within the scope of the options offered to us by the respective providers.

We therefore wish to point out, as a precaution, that your data may also be processed outside the European Union or the European Economic Area. Using these platforms may therefore involve data protection risks for you, as it may be difficult to exercise your rights, e.g. to access, erasure, objection, etc., and processing on social networks is often carried out directly by the providers for advertising purposes or to analyse user behaviour, without us being able to influence this. Where the provider creates user profiles, cookies are often used, or your usage behaviour is linked to the social media profile you have created.

The processing of personal data described above is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider, in order to be able to communicate with you in a modern manner and to inform you about our services. If you are required to give your consent to data processing as a user with the respective providers, the legal basis is Article 6(1)(a) of the GDPR in conjunction with Article 7 of the GDPR.

As we have no access to the providers’ data sets, we would like to point out that it is best to exercise your rights (e.g. to access, rectification, erasure, etc.) directly with the respective provider. We have provided further information on the processing of your data on social networks below for each social network provider we use:

11.1 LinkedIn

(Joint) controller for data processing in Europe:

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

www.linkedin.com/legal/privacy-policy

11.2 X (Twitter)

(Joint) Data Controller in Europe:

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland

twitter.com/de/privacy

Information about your data:

twitter.com/settings/your_twitter_data

11.3 XING (New Work SE)

(Joint) controller for data processing in Germany:

New Work SE, Am Strandkai 1, 20457 Hamburg, Germany

privacy.xing.com/de/datenschutzerklaerung

Information requests for XING members:

www.xing.com/settings/privacy/data/disclosure

11.4 YouTube

(Joint) Data Controller in Europe:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

policies.google.com/privacy

12. Web analytics

12.1 Google Analytics 4 (GA4) – Additional information on Consent Mode, simple implementation

Under the Digital Markets Act, Google is required to obtain users’ consent before processing user data for personalised advertising. Google complies with this requirement through ‘Consent Mode’. Users are required to implement this and thereby demonstrate that they have obtained the consent of website visitors.

Google offers two implementation modes: simple and advanced implementation.

We use the simple implementation method of Google Consent Mode. Only if you give your consent to the use of Google Analytics (see above) will a connection to Google be established, a Google code executed, and the processing described above carried out. If you refuse to give your consent, Google will simply receive a notification that consent has not been given. The Google code is not executed and no Google Analytics cookies are set.

13. Advertising

13.1 Google Ads with enhanced conversions

We have integrated Google Ads into this website. The operator of the Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads is an online advertising service that allows advertisers to place adverts both in Google’s search results and on the Google Display Network. The purpose of Google Ads is to promote our website by displaying interest-based advertising on third-party websites and in Google search results, and to display third-party advertising on our website.

If you arrive at our website via a Google advert, Google places a so-called conversion cookie on your IT system. A conversion cookie expires after thirty days and is not used to identify you. Provided the cookie has not yet expired, the conversion cookie is used to track whether certain subpages, such as the shopping basket of an online shop system, have been accessed on our website. The conversion cookie enables both us and Google to track whether a user who arrived at our website via a Google Ads advertisement generated a sale, i.e. completed or abandoned a purchase.

We use the enhanced conversions feature of Google Ads. To do this, we transmit personal data collected by us, such as telephone numbers or email addresses, to Google. This data is matched with event data relating to Google Ads in order to track more conversions.

Consequently, every time you visit our website, personal data, including the IP address of the internet connection you are using, is transmitted to Google in the United States of America. Google may pass on this personal data, collected via the technical process, to third parties.

These processing operations take place exclusively upon the granting of express consent in accordance with Article 6(1)(a) of the GDPR.

The parent company, Google LLC, is a US company certified under the EU-US Data Privacy Framework. An adequacy decision pursuant to Article 45 of the GDPR is therefore in place, meaning that personal data may be transferred even without further guarantees or additional measures.

You can view the privacy policy and further information from Google Ads at: www.google.de/intl/de/policies/privacy/ or support.google.com/adspolicy/answer/9755941.

14. Partner and affiliate programmes

14.1 DoubleClick

This website contains components from DoubleClick by Google. DoubleClick is a brand of Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), under which specialised online marketing solutions are marketed to advertising agencies and publishers.

DoubleClick by Google transmits data to the DoubleClick server with every impression, as well as with clicks or other activities. Each of these data transmissions triggers a cookie request to your browser. If the browser accepts this request, DoubleClick sets a cookie on your IT system. The purpose of the cookie is to optimise and display advertising. Among other things, the cookie is used to serve and display user-relevant advertising, as well as to generate reports on advertising campaigns or to improve them. Furthermore, the cookie serves to prevent the same advertisement from being displayed multiple times.

DoubleClick uses a cookie ID, which is necessary for the technical process. The cookie ID is required, for example, to display an advertisement in a browser. DoubleClick can also use the cookie ID to track which advertisements have already been displayed in a browser, in order to prevent duplicate displays. Furthermore, the cookie ID enables DoubleClick to track conversions.

A DoubleClick cookie does not contain any personal data. However, a DoubleClick cookie may contain additional campaign identifiers. A campaign identifier is used to identify the campaigns with which you have already come into contact.

Each time you visit one of the individual pages of this website, which is operated by us and on which a DoubleClick component has been integrated, the internet browser on your IT system is prompted by the respective DoubleClick component to transmit data to Google for the purposes of online advertising and the settlement of commissions. As part of this technical process, Google obtains data which Google also uses to generate commission statements. Among other things, Google can track that you have clicked on certain links on our website.

These processing operations take place exclusively upon the granting of express consent in accordance with Article 6(1)(a) of the GDPR.

You can view the privacy policy of DoubleClick by Google at: www.google.com/intl/de/policies/.

15. Plugins and other services

15.1 Google Maps

We use Google Maps (API) on our website. The operator of Google Maps is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for displaying interactive (land) maps to present geographical information visually. By using this service, you can, for example, view our location and find it easier to get here.

As soon as you visit any subpages on which the Google Maps map is embedded, information about your use of our website (such as your IP address) is transmitted to Google’s servers in the USA and stored there, provided you have given your consent within the meaning of Article 6(1)(a) of the GDPR. In addition, Google Maps loads Google Web Fonts, Google Photos and Google Stats. The provider of these services is also Google Ireland Limited. When you visit a page that embeds Google Maps, your browser loads the web fonts and images required to display Google Maps into your browser cache. For this purpose, too, the browser you are using establishes a connection to Google’s servers. This enables Google to ascertain that our website has been accessed via your IP address. This occurs regardless of whether Google provides a user account through which you are logged in, or whether no user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not wish your data to be associated with your Google profile, you must log out of your Google user account. Google stores your data (even for users who are not logged in) as usage profiles and analyses them. You have the right to object to the creation of these user profiles; to exercise this right, you must contact Google.

If you do not consent to the future transmission of your data to Google in connection with the use of Google Maps, you also have the option of completely deactivating the Google Maps web service by disabling JavaScript in your browser. Google Maps, and consequently the map display on this website, cannot then be used.

These processing operations take place exclusively upon the granting of explicit consent in accordance with Article 6(1)(a) of the GDPR.

You can view Google’s Terms of Service at www.google.de/intl/de/policies/terms/regional.html; the additional Terms of Service for Google Maps can be found at www.google.com/intl/de_US/help/terms_maps.html.

You can view the Google Maps privacy policy at: ("Google Privacy Policy"): www.google.de/intl/de/policies/privacy/.

15.2 Google Photos

We use the Google Photos service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to store images embedded on our website.

Embedding refers to the integration of specific third-party content (text, video or image data) provided by another website (Google Photos) and subsequently displayed on our own website (our website). A so-called embed code is used for embedding. If we have integrated an embed code, the external content from Google Photos is displayed immediately by default as soon as one of our web pages is visited.

Through the technical implementation of the embed code, which enables the display of images from Google Photos, your IP address is transmitted to Google Photos. Furthermore, Google Photos records our website, the browser type used, the browser language, the time and duration of the visit. In addition, Google Photos may collect information about which of our subpages you have visited and which links you have clicked on, as well as other interactions you have carried out whilst visiting our site. This data may be stored and analysed by Google Photos.

These processing operations take place exclusively upon the granting of explicit consent in accordance with Article 6(1)(a) of the GDPR.

This US company is certified under the EU-US Data Privacy Framework. An adequacy decision pursuant to Article 45 of the GDPR is hereby in place, meaning that personal data may be transferred even without further guarantees or additional measures.

You can view Google’s privacy policy at: www.google.com/policies/privacy/.

15.3 Google Tag Manager

We use the Google Tag Manager service on this website. The operator of Google Tag Manager is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This tool allows “website tags” (i.e. keywords embedded in HTML elements) to be implemented and managed via a user interface. By using Google Tag Manager, we can automatically track which button, link or personalised image you have actively clicked on and can then record which content on our website is of particular interest to you.

The tool also triggers other tags, which may in turn collect data. Google Tag Manager does not access this data. If you have disabled tracking at domain or cookie level, this setting will apply to all tracking tags implemented using Google Tag Manager.

These processing operations take place exclusively upon the granting of explicit consent in accordance with Article 6(1)(a) of the GDPR.

Further information on Google Tag Manager and Google’s privacy policy can be found at: www.google.com/intl/de/policies/privacy/.

15.4 Google Web Fonts

Our website uses so-called web fonts to ensure a consistent display of fonts. Google WebFonts are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

These processing operations take place exclusively upon the granting of explicit consent in accordance with Article 6(1)(a) of the GDPR.

Further information on Google WebFonts and Google’s privacy policy can be found at: developers.google.com/fonts/faq ; www.google.com/policies/privacy/.

15.5 Microsoft Teams

We use the tool “Microsoft Teams” (“MS Teams”) to conduct our communications both in written form (chat) and in the form of telephone conferences, online meetings and video conferences. The operator of the service is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (“Microsoft”).

When using MS-Teams, the following personal data is processed:

Meetings, chats, voicemails, shared files, recordings and transcripts.
Data shared about you. Examples include your email address, profile picture and telephone number.
A detailed history of the phone calls you make.
Call quality data.
Support/feedback data: information relating to troubleshooting tickets or feedback sent to Microsoft.
Diagnostic and service data: Diagnostic data related to service usage.

To enable video display and audio playback, data from your device’s microphone and video camera is processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the “Microsoft Teams” application.

Where consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR. In the context of an employment relationship, such data processing is carried out on the basis of Section 26 of the Federal Data Protection Act (BDSG). The legal basis for the use of "MS Teams" within the context of contractual relationships is Article 6(1)(b) of the GDPR. In all other cases, the legal basis for the processing of your personal data is Article 6(1)(f) of the GDPR. In this context, our interest lies in the effective conduct of online meetings.

If we record online meetings, we will inform you of this before the meeting begins and, where necessary, ask for your consent to the recording. If you do not wish this, you may leave the online meeting.

As a cloud-based service, "MS Teams" processes the aforementioned data in the course of providing the service. To the extent that "MS Teams" processes personal data in connection with Microsoft’s legitimate business operations, Microsoft is the independent data controller for this use and, as such, is responsible for complying with applicable laws and the obligations of a data controller. Where you access the MS Teams website, Microsoft is responsible for data processing. Accessing the website is necessary to download the MS Teams software.

Microsoft generally processes data within the European Union within the so-called EU Data Boundary. In order to provide and secure the services, as well as to fulfil legal obligations, Microsoft Ireland may transfer personal data to affiliated companies of Microsoft Corporation (Redmond, Washington, USA). Intra-group data transfers are carried out on the basis of standard contractual clauses in accordance with Article 46(2)(c) of the GDPR, as well as supplementary technical and organisational measures, as set out in the Microsoft Data Protection Addendum.

Microsoft Corporation is also certified under the EU–US Data Privacy Framework (DPF). This means that an adequacy decision pursuant to Article 45 of the GDPR is in place for data transfers to the USA. Transfers of personal data to Microsoft in the USA are therefore permissible even without further guarantees or additional measures.

Detailed information on data protection at Microsoft, in connection with "MS Teams", can be found at: docs.microsoft.com/de-de/microsoftteams/teams-privacy.

16. Your rights as a data subject

16.1 Right to confirmation

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

16.2 Right of access (Article 15 of the GDPR)

You have the right to obtain from us, free of charge, information at any time regarding the personal data stored about you, as well as a copy of this data in accordance with the statutory provisions.

16.3 Right to rectification Art. 16 GDPR

You have the right to request the rectification of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

16.4 Erasure (Art. 17 GDPR)

You have the right to request that we erase personal data concerning you without undue delay, provided that one of the grounds provided for by law applies and insofar as the processing or storage is not necessary.

16.5 Restriction of processing Art. 18 GDPR

You have the right to request that we restrict processing if one of the legal conditions is met.

16.6 Data portability Art. 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller to whom the personal data has been provided, without hindrance from us, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Article 20(1) of the GDPR, you have the right to have the personal data transmitted directly from one controller to another controller, provided this is technically feasible and does not adversely affect the rights and freedoms of others.

16.7 Objection under Article 21 of the GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) (data processing in the public interest) or (f) (data processing based on a balancing of interests) of the GDPR.

This also applies to profiling based on these provisions within the meaning of Article 4(4) of the GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where the processing serves to establish, exercise or defend legal claims.

In individual cases, we process personal data for the purposes of direct marketing. You may object at any time to the processing of your personal data for the purposes of such marketing. This also applies to profiling insofar as it is related to such direct marketing. If you object to us processing your data for direct marketing purposes, we will no longer process your personal data for these purposes.

Furthermore, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

You are free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

16.8 Withdrawal of consent under data protection law

You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

16.9 Complaint to a supervisory authority

You have the right to lodge a complaint with a supervisory authority responsible for data protection regarding our processing of personal data.

17. Routine storage, erasure and blocking of personal data

We process and store your personal data only for the period necessary to fulfil the purpose of storage or insofar as this is required by the legal provisions to which our company is subject.

If the purpose of storage ceases to apply or a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.

18. Duration of storage of personal data

The criterion for the duration of storage of personal data is the respective statutory retention period. Once the period has expired, the relevant data is routinely deleted, provided it is no longer required for the performance of a contract or for entering into a contract.

19. Validity and amendments to the privacy policy

This privacy policy is currently valid and is dated: March 2026.

Due to the further development of our website and services, or as a result of changes to legal or regulatory requirements, it may become necessary to amend this privacy policy. You can access and print the current version of the privacy policy at any time on the website under “”.

This privacy policy was created with the support of the data protection software: audatis MANAGER.