Intro­duc­tion and Overview

This pri­vacy pol­icy explains, in accor­dance with the pro­vi­sions of the Gen­eral Data Pro­tec­tion Reg­u­la­tion (EU) 2016/679 and applic­a­ble national laws, which per­sonal data (data for short) we as the con­troller – and the proces­sors com­mis­sioned by us (e.g. providers) – process, will process in the future and what legal options you have. The terms used are to be con­sid­ered gender-neutral.

This pri­vacy pol­icy is intended to describe the most impor­tant details to you as sim­ply and trans­par­ently as pos­si­ble. So long as it aids trans­parency, tech­ni­cal terms are explained in a reader-friendly man­ner and links to fur­ther infor­ma­tion are pro­vided. We are thus inform­ing in clear and sim­ple lan­guage that we only process per­sonal data in the con­text of our busi­ness activ­i­ties if there is a legal basis for it. This is cer­tainly not pos­si­ble with brief, unclear and legal-technical state­ments, as is often stan­dard on the inter­net when it comes to data pro­tec­tion.

If you still have ques­tions, we kindly ask you to con­tact us, fol­low the exist­ing links and look at fur­ther infor­ma­tion on third-party sites. You can of course also find our con­tact details in the imprint.

Scope and Stor­age Period

This pri­vacy pol­icy applies to all per­sonal data processed by our com­pany and to all per­sonal data processed by com­pa­nies com­mis­sioned by us (proces­sors). With the term per­sonal data, we refer to infor­ma­tion within the mean­ing of Arti­cle 4 No. 1 GDPR, such as the name, email address and postal address of a per­son. The pro­cess­ing of per­sonal data ensures that we can offer and invoice our ser­vices and prod­ucts, be it online or offline. The scope of this pri­vacy pol­icy includes:

  • All online pres­ences (web­sites) that we oper­ate
  • Social media pres­ences and email com­mu­ni­ca­tion

It is a gen­eral cri­te­rion for us to store per­sonal data only for as long as is absolutely nec­es­sary for the pro­vi­sion of our ser­vices and prod­ucts. This means that we delete per­sonal data as soon as any rea­son for the data pro­cess­ing no longer exists. In some cases, we are legally obliged to keep cer­tain data stored even after the orig­i­nal pur­pose no longer exists, such as for account­ing pur­poses.

If you want your data to be deleted or if you want to revoke your con­sent to data pro­cess­ing, the data will be deleted as soon as pos­si­ble, pro­vided there is no oblig­a­tion to con­tinue its stor­age.

Legal Bases

In the fol­low­ing pri­vacy pol­icy, we pro­vide you with trans­par­ent infor­ma­tion on the legal prin­ci­ples and reg­u­la­tions, i.e. the legal bases of the Gen­eral Data Pro­tec­tion Reg­u­la­tion, which enable us to process per­sonal data. When­ever EU law is con­cerned, we refer to REG­U­LA­TION (EU) 2016/679 OF THE EURO­PEAN PAR­LIA­MENT AND OF THE COUN­CIL of April 27, 2016. You can of course access the Gen­eral Data Pro­tec­tion Reg­u­la­tion of the EU online at EUR-Lex.

We only process your data if at least one of the fol­low­ing con­di­tions applies:

  1. Con­sent (Arti­cle 6 Para­graph 1 lit. a GDPR): You have given us your con­sent to process data for a spe­cific pur­pose. An exam­ple would be the stor­age of data you entered into a con­tact form.
  2. Con­tract (Arti­cle 6 Para­graph 1 lit. b GDPR): We process your data in order to ful­fill a con­tract or pre-contractual oblig­a­tions with you. For exam­ple, if we con­clude a sales con­tract with you, we need per­sonal infor­ma­tion in advance.
  3. Legal oblig­a­tion (Arti­cle 6 Para­graph 1 lit. c GDPR): If we are sub­ject to a legal oblig­a­tion, we will process your data. For exam­ple, we are legally required to keep invoices for our book­keep­ing. These usu­ally con­tain per­sonal data.
  4. Legit­i­mate inter­ests (Arti­cle 6 Para­graph 1 lit. f GDPR): In the case of legit­i­mate inter­ests that do not restrict your basic rights, we reserve the right to process per­sonal data. For exam­ple, we have to process cer­tain data in order to be able to oper­ate our web­site securely and eco­nom­i­cally. There­fore, the pro­cess­ing is a legit­i­mate inter­est.

Other con­di­tions such as mak­ing record­ings in the inter­est of the pub­lic, the exer­cise of offi­cial author­ity as well as the pro­tec­tion of vital inter­ests do not occur with us. Should such a legal basis be rel­e­vant, it will be dis­closed in the appro­pri­ate place. In addi­tion to the EU reg­u­la­tion, national laws also apply. In Aus­tria, this is the Aus­trian Data Pro­tec­tion Act (Daten­schutzge­setz).

Rights in Accor­dance with the GDPR

In accor­dance with Arti­cles 13, 14 of the GDPR, we inform you about the fol­low­ing rights you have to ensure fair and trans­par­ent pro­cess­ing of data:

  • Accord­ing to Arti­cle 15 GDPR , you have the right to infor­ma­tion about whether we are pro­cess­ing data about you. If this is the case, you have the right to receive a copy of the data and to know the fol­low­ing infor­ma­tion:
    • for what pur­pose we are pro­cess­ing;
    • the cat­e­gories, i.e. the types of data that are processed;
    • who receives this data and if the data is trans­ferred to third coun­tries, how secu­rity can be guar­an­teed;
    • how long the data will be stored;
    • the exis­tence of the right to rec­ti­fi­ca­tion, era­sure or restric­tion of pro­cess­ing and the right to object to pro­cess­ing;
    • that you can lodge a com­plaint with a super­vi­sory author­ity;
    • the ori­gin of the data if we have not col­lected it from you;
    • Whether pro­fil­ing is car­ried out, i.e. whether data is auto­mat­i­cally eval­u­ated to arrive at a per­sonal pro­file of you.
  • You have a right to rec­ti­fi­ca­tion of data accord­ing to Arti­cle 16 GDPR, which means that we must cor­rect data if you find errors.
  • You have the right to era­sure (“right to be for­got­ten”) accord­ing to Arti­cle 17 GDPR, which specif­i­cally means that you may request the dele­tion of your data.
  • Accord­ing to Arti­cle 18 of the GDPR, you have the right to restric­tion of pro­cess­ing, which means that we may only store the data but not use it fur­ther.
  • Accord­ing to Arti­cle 20 of the GDPR, you have the right to data porta­bil­ity, which means that we will pro­vide you with your data in a stan­dard for­mat upon request.
  • Accord­ing to Arti­cle 21 DSGVO, you have the right to object, which entails a change in pro­cess­ing after enforce­ment.
    • If the pro­cess­ing of your data is based on Arti­cle 6(1)(e) (pub­lic inter­est, exer­cise of offi­cial author­ity) or Arti­cle 6(1)(f) (legit­i­mate inter­est), you may object to the pro­cess­ing. We will then check as soon as pos­si­ble whether we can legally com­ply with this objec­tion.
    • If data is used to con­duct direct adver­tis­ing, you may object to this type of data pro­cess­ing at any time. We may then no longer use your data for direct mar­ket­ing.
    • If data is used to con­duct pro­fil­ing, you may object to this type of data pro­cess­ing at any time. We may no longer use your data for pro­fil­ing there­after.
  • Accord­ing to Arti­cle 22 of the GDPR, you may have the right not to be sub­ject to a deci­sion based solely on auto­mated pro­cess­ing (for exam­ple, pro­fil­ing).
  • You have the right to lodge a com­plaint under Arti­cle 77 of the GDPR. This means that you can com­plain to the data pro­tec­tion author­ity at any time if you believe that the data pro­cess­ing of per­sonal data vio­lates the GDPR.

If you believe that the pro­cess­ing of your data vio­lates data pro­tec­tion law or your data pro­tec­tion rights have been vio­lated in any other way, you can com­plain to the super­vi­sory author­ity. For Aus­tria, this is the data pro­tec­tion author­ity:

Aus­tria Data pro­tec­tion author­ity
Address: Barich­gasse 4042, 1030 Wien
Phone num­ber.: +43 1 52 1520
E-mail address: This email address is being pro­tected from spam­bots. You need JavaScript enabled to view it.
Web­site: https://www.dsb.gv.at/

Con­tact Details of the Data Pro­tec­tion Con­troller

If you have any ques­tions about data pro­tec­tion, you will find the con­tact details of the respon­si­ble per­son or con­troller on our Con­tact page.

Secu­rity of Data Pro­cess­ing Oper­a­tions

In order to pro­tect per­sonal data, we have imple­mented both tech­ni­cal and organ­i­sa­tional mea­sures. We encrypt per­sonal data wher­ever this is pos­si­ble. Thus, we make it as dif­fi­cult as we can for third par­ties to extract per­sonal infor­ma­tion from our data.

Arti­cle 25 of the GDPR refers to “data pro­tec­tion by tech­ni­cal design and by data protection-friendly default” which means that both soft­ware (e.g. forms) and hard­ware (e.g. access to server rooms) appro­pri­ate safe­guards and secu­rity mea­sures shall always be placed.

We use HTTPS (Hyper­text Trans­fer Pro­to­col Secure) to securely trans­fer data on the Internet.This means that the entire trans­mis­sion of all data from your browser to our web server is secured – nobody can “lis­ten in”. We have thus intro­duced an addi­tional layer of secu­rity and meet pri­vacy require­ments through tech­nol­ogy design Arti­cle 25 Sec­tion 1 GDPR). With the use of TLS (Trans­port Layer Secu­rity), which is an encryp­tion pro­to­col for safe data trans­fer on the inter­net, we can ensure the pro­tec­tion of con­fi­den­tial infor­ma­tion.

Com­mu­ni­ca­tions

If you con­tact us and com­mu­ni­cate with us via phone, email or online form, your per­sonal data will be processed. The data will be processed for han­dling and pro­cess­ing your request and for the related busi­ness trans­ac­tion. The data is stored for this period of time or for as long as is legally required.

When you call us, the call data is stored on the respec­tive ter­mi­nal device, as well as by the telecom­mu­ni­ca­tions provider that is being used. In addi­tion, data such as your name and tele­phone num­ber may be sent via email and stored for answer­ing your inquiries. The data will be erased as soon as the busi­ness case has ended and the legal require­ments allow for its era­sure.

If you com­mu­ni­cate with us via email, your data is stored on the respec­tive ter­mi­nal device (com­puter, lap­top, smart­phone, …) as well as on the email server. The data will be deleted as soon as the busi­ness case has ended and the legal require­ments allow for its era­sure.

If you com­mu­ni­cate with us using an online form, your data is stored on our web server and, if nec­es­sary, for­warded to our email address. The data will be erased as soon as the busi­ness case has ended and the legal require­ments allow for its era­sure.

Legal Bases

Data pro­cess­ing is based on the fol­low­ing legal bases:

  • Art. 6 para. 1 lit. a GDPR (con­sent): You give us your con­sent to store your data and to con­tinue to use it for the pur­poses of the busi­ness case;
  • Art. 6 para. 1 lit. b GDPR (con­tract): For the per­for­mance of a con­tract with you or a proces­sor such as a tele­phone provider, or if we have to process the data for pre-contractual activ­i­ties, such as prepar­ing an offer;
  • Art. 6 para. 1 lit. f GDPR (legit­i­mate inter­ests): We want to con­duct our cus­tomer inquiries and busi­ness com­mu­ni­ca­tion in a pro­fes­sional man­ner. Thus, cer­tain tech­ni­cal facil­i­ties such email pro­grams, Exchange servers and mobile net­work oper­a­tors are nec­es­sary to effi­ciently oper­ate our com­mu­ni­ca­tions.

Cook­ies

Our web­site uses HTTP-cookies to store user-specific data. Cook­ies store cer­tain user data about you, such as lan­guage or per­sonal page set­tings. When you re-open our web­site to visit again, your browser sub­mits these “user-related” infor­ma­tion back to our site. Thanks to cook­ies, our web­site knows who you are and offers you the set­tings you are famil­iar to. In some browsers, each cookie has its own file, while in oth­ers, such as Fire­fox, all cook­ies are stored in one sin­gle file.

There are both first-party cook­ies and third-party cook­ies. First-party cook­ies are cre­ated directly by our site, while third-party cook­ies are cre­ated by partner-websites (e.g. Google Ana­lyt­ics). Each cookie must be eval­u­ated indi­vid­u­ally, as each cookie stores dif­fer­ent data. The expiry time of a cookie also varies from a few min­utes to a few years. Cook­ies are not soft­ware pro­grams and do not con­tain viruses, tro­jans or other mal­ware. Cook­ies also can­not access your computer’s infor­ma­tion.

Stor­age Period of Cook­ies

The stor­age period depends on the respec­tive cookie — some cook­ies are erased after less than an hour, while oth­ers can remain on a com­puter for sev­eral years. You can also influ­ence the stor­age dura­tion your­self. You can man­u­ally erase all cook­ies at any time in your browser (also see “Right of objec­tion” below). Fur­ther­more, the lat­est instance cook­ies based on con­sent will be erased is after you with­draw your con­sent. The legal­ity of stor­age will remain unaf­fected until then.

Right of Objec­tion

You can decide for your­self how and whether you want to use cook­ies. Regard­less of which ser­vice or web­site the cook­ies orig­i­nate from, you always have the option of eras­ing, deac­ti­vat­ing or only par­tially accept­ing cook­ies. You can for exam­ple block third-party cook­ies but allow all other cook­ies.

If you want to find out which cook­ies have been stored in your browser, or if you want to change or erase cookie set­tings, you can find this option in your browser set­tings:

If you gen­er­ally do not want to use cook­ies, you can set up your browser in a way to notify you when­ever a cookie is about to be set. This gives you the oppor­tu­nity to man­u­ally decide to either per­mit or deny the place­ment of every sin­gle cookie. This pro­ce­dure varies depend­ing on the browser.

Legal Basis

The so-called “cookie direc­tive” has existed since 2009. It states that the stor­age of cook­ies requires your con­sent (Arti­cle 6 Para­graph 1 lit. a GDPR). Within coun­tries of the EU, how­ever, the reac­tions to these guide­lines still vary greatly. In Aus­tria, this direc­tive was imple­mented in Sec­tion 96 (3) of the Telecom­mu­ni­ca­tions Act (TKG). For absolutely nec­es­sary cook­ies, even if no con­sent has been given, there are legit­i­mate inter­ests (Arti­cle 6 (1) (f) GDPR), which in most cases are of an eco­nomic nature. We want to offer our vis­i­tors a pleas­ant user expe­ri­ence on our web­site.

Cus­tomer Data

In order to be able to offer our ser­vices and con­trac­tual ser­vices, we also process data from our cus­tomers and busi­ness part­ners. This data always includes per­sonal data. Cus­tomer data is all infor­ma­tion that is processed on the basis of con­trac­tual or pre-contractual agree­ments so that the offered ser­vices can be pro­vided. Cus­tomer data is there­fore all the infor­ma­tion we col­lect and process about our cus­tomers.

What Data is Processed?

Exactly which data is stored depends on which of our ser­vices you receive. In some cases, you may only give us your email address so that we can e. g. con­tact you or answer your ques­tions. In other instances, you may pur­chase one of our prod­ucts or ser­vices. Then we may need sig­nif­i­cantly more infor­ma­tion, such as your con­tact details, pay­ment details and con­tract details. Here is a list of poten­tial data we may receive and process:

  • Name
  • Con­tact address
  • Affil­i­a­tion
  • Email address
  • Phone num­ber
  • Pay­ment data (invoices, bank details, pay­ment his­tory, etc.)
  • Con­tract data (dura­tion, con­tents)
  • Usage data (web­sites vis­ited, access data, etc.)
  • Meta­data (IP address, device infor­ma­tion)

How Long is the Data Stored?

We erase cor­re­spond­ing cus­tomer data as soon as we no longer need it to ful­fill our con­trac­tual oblig­a­tions and pur­poses, and as soon as the data is also no longer nec­es­sary for pos­si­ble war­ranty and lia­bil­ity oblig­a­tions. This can for exam­ple be the case when a busi­ness con­tract ends. There­after, the lim­i­ta­tion period is usu­ally 3 years, although longer peri­ods may be pos­si­ble in indi­vid­ual cases. Of course, we also com­ply with the statu­tory reten­tion require­ments. Your cus­tomer data will cer­tainly not be passed on to third par­ties unless you have given your explicit con­sent.

Legal Basis

The legal basis for the pro­cess­ing of your data is Arti­cle 6 Para­graph 1 Let­ter a GDPR (con­sent), Arti­cle 6 Para­graph 1 Let­ter b GDPR (con­tract or pre-contractual mea­sures), Arti­cle 6 Para­graph 1 Let­ter f GDPR (legit­i­mate inter­ests) and in spe­cial cases (e. g. med­ical ser­vices) Art. 9 (2) lit. GDPR (pro­cess­ing of spe­cial cat­e­gories).

In the case of pro­tect­ing vital inter­ests, data pro­cess­ing is car­ried out in accor­dance with Arti­cle 9 Para­graph 2 Let­ter c. GDPR. For the pur­poses of health care, occu­pa­tional med­i­cine, med­ical diag­nos­tics, care or treat­ment in the health or social sec­tors or for the admin­is­tra­tion of sys­tems and ser­vices in health or social sec­tors, the pro­cess­ing of per­sonal data takes place in accor­dance with Art. 9 Para. 2 lit. h. GDPR. If you vol­un­tar­ily pro­vide data of these spe­cial cat­e­gories, the pro­cess­ing takes place on the basis of Arti­cle 9 Para­graph 2 lit. a GDPR.

Reg­is­tra­tion

If you reg­is­ter with us and pro­vide any per­sonal data, this data may be processed, pos­si­bly along with your IP address. Below you can explore what we mean by the rather broad term “per­sonal data”.

Please only enter the data we need for the reg­is­tra­tion. In case you are reg­is­ter­ing on behalf of a third party, please only enter data for which you have the approval of the party you are reg­is­ter­ing for. If pos­si­ble, use a secure pass­word that you don’t use any­where else and an email address that you check reg­u­larly.

Which Data is Processed?

Any data that you pro­vided dur­ing reg­is­tra­tion or login and any data that you may enter as part of man­ag­ing your account data. Dur­ing your reg­is­tra­tion, we process any data you enter, such as your user­name and pass­word, along with data that is col­lected in the back­ground such as your device infor­ma­tion and IP addresses.

When using your account, we process any data you enter while using the account, as well as any data that is cre­ated while you use our ser­vices.

User pro­files are pub­licly vis­i­ble, i.e. parts of the pro­files can also be viewed on the Inter­net with­out the need to enter a user­name and pass­word.

Stor­age Period

We store the entered data for at least as long as the account asso­ci­ated with the data exists with us and is in use – and as long as there are con­trac­tual oblig­a­tions between you and us. In case the con­tract ends, we retain the data until the respec­tive claims get time-barred. More­over, we store your data as long as we are sub­ject to legal stor­age oblig­a­tions, if applic­a­ble. Fol­low­ing that, we keep any account­ing records (invoices, con­tract doc­u­ments, account state­ments, etc.) of the con­tract for 10 years (§ 147 AO) and other rel­e­vant busi­ness doc­u­ments for 6 years (§ 247 HGB) after accrual.

Right to Object

Con­tact us to revoke your agree­ment to data pro­cess­ing. If you already have an account with us, you can eas­ily view and man­age your data and texts in your account.

Legal Basis

By com­plet­ing the reg­is­tra­tion process, you enter into a pre-contractual agree­ment with us, with the inten­tion to con­clude a con­tract of use for our plat­form (although there is no auto­matic pay­ment oblig­a­tion). You invest time to enter data and reg­is­ter and in return, we offer you our ser­vices after you log on to our sys­tem and view your cus­tomer account. We also meet our con­trac­tual oblig­a­tions. Finally, we need to be able to email reg­is­tered users about impor­tant changes. Arti­cle 6(1)(b) GDPR (imple­men­ta­tion of pre-contractual mea­sures, ful­fil­ment of a con­tract) applies.

Where applic­a­ble, we will ask for your con­sent, e.g. in case you vol­un­tar­ily pro­vide more data than is absolutely nec­es­sary, or in case we may ask you if we may send you adver­tis­ing. Arti­cle 6 para­graph 1 lit. a GDPR (con­sent) applies in this mat­ter.

We also have a legit­i­mate inter­est in know­ing who who our clients or cus­tomers are, in order to get in touch if required. We also need to know who is using our ser­vices and whether they are being used in accor­dance with our terms of use, i.e. Arti­cle 6(1)(f) GDPR (legit­i­mate inter­ests) applies in this mat­ter.

Web Host­ing

Every time you visit a web­site, cer­tain infor­ma­tion – includ­ing per­sonal data – is auto­mat­i­cally cre­ated and stored, includ­ing on this web­site. This data should be processed as spar­ingly as pos­si­ble, and only with good rea­son. By web­site, we mean the entirety of all web­sites on our domain nexperion.net (nexperion.eu, nexperion.science, nexperion.at).

The pur­poses of data pro­cess­ing are:

  1. Pro­fes­sional host­ing of the web­site and oper­a­tional secu­rity

  2. To main­tain the oper­a­tional as well as IT secu­rity

  3. Anony­mous eval­u­a­tion of access pat­terns to improve our offer, and if nec­es­sary, for pros­e­cu­tion or the pur­suit of claims.

Which data are processed?

Even while you are vis­it­ing our web­site, our web server, that is the com­puter on which this web­site is saved, usu­ally auto­mat­i­cally saves data such as

  • The full address (URL) of the accessed web­site (e. g., https://www.nexperion.net)
  • Browser and browser ver­sion (e.g. Chrome 87)
  • The oper­at­ing sys­tem used (e.g. Win­dows 10)
  • The address (URL) of the pre­vi­ously vis­ited page (refer­rer URL) (e. g., https://www.google.com/)
  • The host name and the IP address of the device from the web­site is being accessed from (e.g. COM­PUT­ER­NAME and 194.23.43.121)
  • Date and time

in so-called web server log files.

Stor­age Period

Gen­er­ally, the data men­tioned above are stored for two weeks and are then auto­mat­i­cally deleted. We do not pass these data on to oth­ers, but we can­not rule out the pos­si­bil­ity that this data may be viewed by the author­i­ties in the event of ille­gal con­duct.

Legal Basis

The law­ful­ness of pro­cess­ing per­sonal data in the con­text of web host­ing is jus­ti­fied in Art. 6 para. 1 lit. f GDPR (safe­guard­ing of legit­i­mate inter­ests), as the use of pro­fes­sional host­ing with a provider is nec­es­sary to present the com­pany in a safe and user-friendly man­ner on the inter­net, as well as to have the abil­ity to track any attacks and claims, if nec­es­sary.

Con­tact Data for Web Host­ing

host­tech GmbH
War­witzs­traße 9
5020 Salzburg
Öster­re­ich

You can learn more about the data pro­cess­ing at this provider in their pri­vacy pol­icy.

Web­site Builders/Joomla! Pri­vacy Pol­icy

For our web­site, we use Joomla!, which is a mod­u­lar web­site sys­tem or a con­tent man­age­ment sys­tem (CMS). The provider of this ser­vice is the Ger­man com­pany J and Beyond Verein zur Förderung freier Con­tent Man­age­ment Sys­teme e.V. (J and Beyond Asso­ci­a­tion for the Pro­mo­tion of Free Con­tent Man­age­ment Sys­tems) at Brüs­seler Ring 67, c/o Robert Deutz Busi­ness Solu­tion, 52074 Aachen, Ger­many. You can find out more about the data that is processed by using the Joomla! in their pri­vacy pol­icy.

Which data are stored by web­site builders?

Each web­site builder processes and col­lects dif­fer­ent data from web­site vis­i­tors. How­ever, tech­ni­cal usage infor­ma­tion such as users’ oper­at­ing sys­tem, browser, screen res­o­lu­tion, lan­guage and key­board set­tings, host­ing provider as well as the date of the web­site visit are usu­ally col­lected. More­over, track­ing data (e. g. browser activ­ity, click­stream activ­i­ties, ses­sion heat maps, etc.) may also be processed. The same goes for per­sonal data, since data such as con­tact infor­ma­tion e. g. email address, tele­phone num­ber (if you have pro­vided it), IP address and geo­graphic loca­tion data may also be processed and stored. In the respec­tive provider’s Pri­vacy Pol­icy you can find out exactly which of your data is get­ting stored.

How long and where are the data stored?

Pro­vided that we have any fur­ther infor­ma­tion on this, we will inform you below about the dura­tion of the data pro­cess­ing asso­ci­ated with the web­site builder we use. You can find detailed infor­ma­tion on this in the provider’s Pri­vacy Pol­icy. Gen­er­ally, we only process per­sonal data for as long as is absolutely nec­es­sary to pro­vide our ser­vices and prod­ucts. The provider may store your data accord­ing to their own spec­i­fi­ca­tions, over which we have no influ­ence.

Right to Object

You always retain the right to infor­ma­tion, rec­ti­fi­ca­tion and era­sure of your per­sonal data. If you have any ques­tions, you can also con­tact the respon­si­ble par­ties at the respec­tive web­site builder sys­tem at any time. You can find the cor­re­spond­ing con­tact details either in our Pri­vacy Pol­icy or on the web­site of the respec­tive provider.

What is more, in your browser you can clear, dis­able or man­age cook­ies that providers use for their func­tions. Depend­ing on the browser you use, this can be done in dif­fer­ent ways. Please note, that this may lead to not all func­tions work­ing as usual any­more.

Legal Bases

We have a legit­i­mate inter­est in using a web­site builder sys­tem to opti­mise our online ser­vice and present it in an effi­cient and user-friendly way. The cor­re­spond­ing legal basis for this is Arti­cle 6 (1) (f) GDPR (legit­i­mate inter­ests). How­ever, we only use the web­site builder sys­tem if you have con­sented to it.

If the pro­cess­ing of data is not absolutely nec­es­sary for the oper­a­tion of the web­site, your data will only be processed on the basis of your con­sent. This par­tic­u­larly applies to track­ing activ­i­ties. The legal basis for this is Arti­cle 6 (1) (a) GDPR.

With this Pri­vacy Pol­icy, we have made you more famil­iar with the most impor­tant gen­eral infor­ma­tion on data pro­cess­ing. If you want to find out more about this, you will find fur­ther infor­ma­tion – if avail­able – in the fol­low­ing sec­tion or in the Pri­vacy Pol­icy of the provider.

Email Mar­ket­ing

We use email mar­ket­ing to keep you up to date. If you agree to this or if it is per­mit­ted by law, your data will be processed and stored, and we will send you newslet­ters, sys­tem emails or other noti­fi­ca­tions via email. When­ever the term “newslet­ter” is used in the fol­low­ing text, it mainly refers to emails that are sent reg­u­larly.

Which data are processed?

In addi­tion to your IP and email address, your name, address and tele­phone num­ber may also be stored. How­ever, this will only be done if you agree to this data reten­tion. Any data marked as such are nec­es­sary so you can par­tic­i­pate in the offered ser­vice. Giv­ing this infor­ma­tion is vol­un­tary, but fail­ure to pro­vide it will pre­vent you from using this ser­vice. More­over, infor­ma­tion about your device or the type of con­tent you pre­fer on our web­site may also be stored. In the sec­tion “Auto­matic data stor­age” you can find out more about how your data is stored when you visit a web­site. We record your informed con­sent, so we can always prove that it com­plies with our laws.

Stor­age Period

If you unsub­scribe from our e-mail/newsletter dis­tri­b­u­tion list, we may store your address for up to three years on the basis of our legit­i­mate inter­ests, so we can keep proof your con­sent at the time. We are only allowed to process this data if we have to defend our­selves against any claims.

How­ever, if you con­firm that you have given us your con­sent to sub­scribe to the newslet­ter, you can sub­mit an indi­vid­ual request for era­sure at any time. Fur­ther­more, if you per­ma­nently object to your con­sent, we reserve the right to store your email address in a black­list. But as long as you have vol­un­tar­ily sub­scribed to our newslet­ter, we will of course keep your email address on file.

Can­cel­la­tion

You have the option to can­cel your newslet­ter sub­scrip­tion at any time. All you have to do is revoke your con­sent to the newslet­ter sub­scrip­tion. Con­tact us by email and we will imme­di­ately can­cel your newslet­ter sub­scrip­tion for you.

Legal Basis

Our newslet­ter is sent on the basis of your con­sent (Arti­cle 6 (1) (a) GDPR). This means that we are only allowed to send you a newslet­ter if you have actively reg­is­tered for it before­hand. More­over, we may also send you adver­tis­ing mes­sages on the basis of Sec­tion 7 (3) UWG (Unfair Com­pe­ti­tion Act), pro­vided you have become our cus­tomer and have not objected to the use of your email address for direct mail.

Pay­ment Providers

On our web­site we use online pay­ment sys­tems, which enable us as well as you to have a secure and smooth pay­ment process avail­able. Among other things, per­sonal data may also be sent to the respec­tive pay­ment provider, where it may also be stored and processed. Pay­ment providers are online pay­ment sys­tems that enable you to place an order via online bank­ing. The pay­ment pro­cess­ing is car­ried out by the pay­ment provider of your choice. We will then receive infor­ma­tion about the pay­ment. This method can be used by any user who has an active online bank­ing account with a PIN and TAN. There are hardly any banks that do not offer or accept such pay­ment meth­ods.

Which Data are Processed?

Gen­er­ally data such as name, address, bank details (account num­ber, credit card num­ber, pass­words, TANs, etc.) do get stored. This data is nec­es­sary for car­ry­ing out any trans­ac­tions. In addi­tion, any con­tract data and user data, such as when you have vis­ited our web­site, what con­tent you are inter­ested in or which sub-pages you have clicked, may also be stored. Most pay­ment providers also store your IP address and infor­ma­tion about the com­puter you are using.

Your data is usu­ally stored and processed on the pay­ment providers’ servers. We, so the web­site oper­a­tor, do not receive this data. We only get infor­ma­tion on whether the pay­ment has gone through or not. For iden­tity and credit checks, it may hap­pen for pay­ment providers to for­ward data to the appro­pri­ate body. The busi­ness and pri­vacy pol­icy prin­ci­ples of the respec­tive provider always apply to all pay­ment trans­ac­tions. There­fore, please always take a look at the gen­eral terms and con­di­tions and the pri­vacy pol­icy of the pay­ment provider. You e.g. also have the right to have data erased or rec­ti­fied at any time. Please con­tact the respec­tive ser­vice provider regard­ing your rights (right to with­draw, right of access and indi­vid­ual rights).

Stor­age Period

In gen­eral, we only process per­sonal data for as long as is absolutely nec­es­sary for pro­vid­ing our ser­vices and prod­ucts. This stor­age period may be exceeded how­ever, if it is required by law, for exam­ple for account­ing pur­poses. We keep any account­ing doc­u­ments of con­tracts (invoices, con­tract doc­u­ments, account state­ments, etc.) for 10 years (Sec­tion 147 AO) and other rel­e­vant busi­ness doc­u­ments for 6 years (Sec­tion 247 HGB).

Right to Object

You always have the right to infor­ma­tion, rec­ti­fi­ca­tion and era­sure of your per­sonal data. If you have any ques­tions, you can always con­tact the per­son that is respon­si­ble for the respec­tive pay­ment provider. You can find con­tact details for them either in our respec­tive pri­vacy pol­icy or on the rel­e­vant pay­ment provider’s web­site.

You can erase, deac­ti­vate or man­age cook­ies in your browser, that pay­ment providers use for their func­tions. How this works dif­fers a lit­tle depend­ing on which browser you are using. Please note, how­ever, that the pay­ment process may then no longer work.

Legal Basis

For the pro­cess­ing of con­trac­tual or legal rela­tion­ships (Art. 6 para. 1 lit. b GDPR), we offer other pay­ment ser­vice providers in addi­tion to the con­ven­tional banking/credit insti­tu­tions. In the pri­vacy pol­icy of the indi­vid­ual pay­ment providers (such as Ama­zon Pay­ments, Apple Pay or Dis­cover) you will find a detailed overview of data pro­cess­ing and data stor­age. In addi­tion, you can always con­tact the respon­si­ble par­ties should you have any ques­tions about data pro­tec­tion issues.

Mol­lie Pri­vacy Pol­icy

On our web­site we use the online pay­ment provider Mol­lie. The provider of this ser­vice is the Dutch com­pany Mol­lie B.V. Keiz­ers­gracht 126, 1015CW Ams­ter­dam, Nether­lands.

You can find out more about the data that is processed through the use of Mol­lie in their Pri­vacy Pol­icy at https://www.mollie.com/en/privacy.