Let’s Talk
Page Header Background
Data protection

Data protection

The protection of your personal data and your right to informational self-determination have always been of great importance within DEVSPIRE GmbH. In the following, we would like to inform you in accordance with Art. 13, 14 and 21 of the European General Data Protection Regulation (GDPR) about how your personal data is processed by us and what rights you have as a data subject. The following general information is valid from 25.05.2018 and replaces any previous information. For special processing situations, you will receive separate or supplementary information if this is necessary. This includes, for example, the data protection declarations on our websites, conditions of participation for events or information in the context of declarations of consent. The following general information will be updated as required.

  1. WHO IS RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA AND HOW CAN YOU CONTACT THE DATA PROTECTION OFFICER?
    Controller within the meaning of Art. 4 No. 7 GDPR:
    Devspire GmbH
    Emil-Figge-Str. 76-80
    44227 Dortmund
    Dortmund, Germany
    Phone: 0231 97615625
    E-mail: [email protected]
    DEVSPIRE GmbH is a member of the TOPMOTIVE Group
    Contact details data protection officer
    DVSE GmbH
    c/o Data Protection Officer
    Lise-Meitner-Straße 4
    22941 Bargteheide
    Germany
    E-mail: [email protected]

  1. WHAT CATEGORIES OF PERSONAL DATA DO WE PROCESS AND WHERE DO THEY COME FROM?
    We collect a large part of the personal data directly from you or the data arises directly from the respective business relationship. However, it may be necessary to use personal data from other sources as part of the processing mentioned under point 3. This will of course be done in compliance with data protection regulations. In such cases, the personal data may originate from publicly accessible sources (e.g. commercial registers, registers of associations, population registers, land registers, debtor directories, press publications and internet searches), from affiliated companies or from other third parties (e.g. credit agencies, address publishers and authorities). Depending on the processing activity and purpose, the following data is processed, for example Personal master data (e.g. name, date of birth), contact and address data (e.g. address, e-mail address, telephone no.), bank details, order data (e.g. type and quantity of goods ordered or services used), historical data on the business relationship at DEVSPIRE GmbH or data in the context of ongoing contact maintenance such as data on communication that has taken place including date and time as well as purpose. If you access DEVSPIRE GmbH websites or use other electronic services provided by us, various IT-specific information will be processed by us. In addition to the type, time and duration of access, this also includes the IP addresses you use, data about the end devices you use, such as the operating system and browser, and the amount of data transmitted. So-called “cookies” are also used as part of the processing mentioned under point 3. You can find more detailed information in the specific data protection information for the respective website or electronic service. The information for the website can be found at the end of this document.
  2. FOR WHAT PURPOSES IS YOUR PERSONAL DATA PROCESSED AND ON WHAT LEGAL BASIS?
    Your personal data is processed in accordance with the provisions of the European General Data Protection Regulation (GDPR), the Federal Data Protection Act in the version dated June 30, 2017 (BDSG-new) and any other applicable data protection regulations.
    3.1 Processing for the performance of a contract or for pre-contractual measures pursuant to Art. 6 para. 1 sentence 1 letter b) GDPR
    A large part of the personal data is processed by us in order to be able to fulfill contracts with you or to carry out pre-contractual measures at your request. The legal basis for this is Art. 6 para. 1 sentence 1 letter b) GDPR. The processing activities, including the associated purposes, result in particular from the respective contract. Also required in this context are order-related communication, the documentation of transactions, the booking of business transactions and the processing of complaints, including the fulfillment of any warranty claims.
    3.2 Processing for the fulfillment of legal obligations or for the fulfillment of public interests pursuant to Art. 6 para. 1 sentence 1 letter c) and letter e) GDPR
    DEVSPIRE GmbH, like any other company, must fulfill a wide variety of legal obligations. This also requires the processing of personal data. The legal basis for this is Art. 6 para. 1 sentence 1 letter c) GDPR. Furthermore, personal data may have to be processed to fulfill public interests. The legal basis for this is Art. 6 para. 1 sentence 1 letter e) GDPR. The requirements and the resulting processing activities and purposes arise in particular from commercial and tax law, but also from other regulatory or official requirements. The retention periods for business documents require, for example, that a large number of documents, including the personal data they contain, are stored for the long term. Other processing activities based on legal regulations may include the prevention of money laundering, the prevention, combating and investigation of terrorist financing, the fulfillment of tax control and reporting obligations, identity verification and comparison with anti-terror lists. Judicial or official measures may make it necessary for personal data to be processed and, in particular, disclosed. These include measures in the context of criminal prosecution, the gathering of evidence, the enforcement of or defense against civil law claims or audits by tax and/or supervisory authorities.
    3.3 Processing for the purposes of the legitimate interests pursued by DEVSPIRE or by third parties pursuant to Art. 6 (1) sentence 1 (f) GDPR
    As a customer or business partner, you are accustomed to a trusting working relationship. In addition to the fulfillment of contracts with you, the implementation of pre-contractual measures and the fulfillment of legal obligations or the protection of public interests, we process personal data in order to protect the legitimate interests of us or third parties. The legal basis for this is Art. 6 para. 1 sentence 1 letter f) GDPR. The processing activities primarily include
    ⦁ General contact management within the framework of an existing business relationship
    ⦁ General internal and external communication
    ⦁ Compliance measures including internal and external investigations to prevent and, if necessary, uncover criminal offenses or other violations
    ⦁ Data exchange with affiliated companies to optimize the range of goods and services and to improve processes and structures
    ⦁ Restricted storage of personal data instead of deletion in accordance with Section 35 BDSG-new
    ⦁ Obtaining offers for credit insurance and taking out credit insurance to reduce the economic risk
    ⦁ Obtaining information and exchanging data with credit agencies, including to reduce economic risk and grant payment terms
    ⦁ Assertion, exercise or defense of legal claims
    ⦁ Ensuring IT and data security, including measures to safeguard the confidentiality, integrity and availability of data
    ⦁ Corporate management measures such as recording costs, controlling, internal and external reporting, internal auditing
    ⦁ In individual cases, listening in on telephone calls for training purposes or as part of quality control
    ⦁ Quality management, monitoring and optimization of business processes
    ⦁ Risk and emergency management and various security measures, including measures to safeguard domiciliary rights
    ⦁ Statistical evaluations and demand analyses to optimize the range, availability of goods and services and to address customers directly
    ⦁ Statistical evaluations to measure the reach of newsletters (e.g. opening rate)
    ⦁ Activities in the interest of building and system security, including access control and logging
    ⦁ Video surveillance in the context of safeguarding domiciliary rights, to prevent and prosecute criminal offenses and to protect the property of DEVSPIRE and third parties
    In order to safeguard our own legitimate interests, we may supplement the data stored by us with data stored in publicly accessible sources or with data collected from third parties (e.g. credit agencies, address publishers or authorities).
    We also process personal data for marketing purposes and for market or opinion research. We contact you for advertising purposes in person, by telephone and by post. If you have purchased goods or services from us, we may process your e-mail address in order to send you information about similar products and services by e-mail. We will obtain your consent where this is required by law. We also exchange personal data with affiliated companies within the scope of the statutory provisions. Processing in the context of a balancing of interests only takes place if you have not objected to this and if the legislator does not require explicit consent. We will inform you separately below about your right to object in accordance with Art. 21 GDPR.
    3.4 Processing on the basis of your explicit consent pursuant to Art. 6 (1) sentence 1 letter a) GDPR
    Certain processing activities may make it necessary for us to obtain your consent. The legal basis for such processing activities is Art. 6 para. 1 sentence 1 letter a) GDPR. Consents given before 25.05.2018 generally remain valid. If we require your consent, we will inform you of the planned processing before granting consent. You can revoke both new consent and consent granted in the past at any time with effect for the future. However, the withdrawal of consent does not affect the lawfulness of processing up to the time of withdrawal.
  3. WHICH CATEGORIES OF RECIPIENTS HAVE ACCESS TO YOUR PERSONAL DATA OR TO WHOM IS THIS DATA TRANSMITTED?
    Within DEVSPIRE GmbH, those departments have access to personal data that require this data as part of their professional activities and to carry out the processing described under point 3. Your personal data will only be passed on to bodies outside DEVSPIRE GmbH if this is permitted by law and is necessary in the context of the processing described under point 3. Your personal data will not be sold for advertising purposes or for the purposes of market and opinion research.
  4. HOW LONG WILL YOUR PERSONAL DATA BE STORED BY DEVSPIRE?
    DEVSPIRE GmbH processes your personal data for as long as is necessary within the scope of the business relationship, including pre-contractual measures and to fulfill legal obligations.
    In addition, DEVSPIRE GmbH is obliged to observe retention periods under commercial and tax law. These result in particular from the German Commercial Code, the German Fiscal Code and the German Money Laundering Act and are up to 10 years after the end of the business relationship or the initiation of the contract.
    Additional statutory provisions may require further storage for the preservation of evidence. Sections 195 of the German Civil Code provide for limitation periods of up to 30 years, whereby the regular limitation period is three years.
    Once the above-mentioned periods have expired, the personal data is regularly deleted. Exceptions to this only arise if further processing is necessary in the context of a legitimate interest in accordance with point 3 c). According to Section 35 BDSG-new, such an interest may also exist if deletion is not possible or only possible with disproportionately high effort due to the special type of storage and the interest of the data subject in deletion is to be regarded as low. Instead of erasure, processing is restricted by means of suitable technical and organizational measures.
  5. WILL YOUR PERSONAL DATA BE TRANSFERRED TO A THIRD COUNTRY OR TO AN INTERNATIONAL ORGANIZATION?
    The processing of personal data by DEVSPIRE GmbH generally takes place in Germany or in the European Union. A transfer to service providers, affiliated companies or other third parties outside the European Union only takes place within the framework of the legal regulations if:
    ⦁ you have given us specific consent for this
    ⦁ it is necessary for the performance of a contract with you or for pre-contractual measures (e.g. delivery to an address outside the European Union)
    ⦁ it is necessary for the conclusion or fulfillment of a contract that is in your interest
    ⦁ a corresponding legal obligation or an important public interest
    ⦁ it is necessary for the assertion, exercise or defense of legal claims
    ⦁ it is necessary in the context of the legitimate interests of DEVSPIRE GmbH or an affiliated company (appropriate level of protection)
    ⦁ it is an order processing (adequate level of protection)
  6. WHAT DATA PROTECTION RIGHTS DO YOU HAVE?
    As a data subject, you have various rights that you can assert against DEVSPIRE GmbH under certain conditions. These include
    ⦁ the right of access (Art. 15 GDPR)
    ⦁ the right to rectification (Art. 16 GDPR)
    ⦁ the right to erasure (Art. 17 GDPR)
    ⦁ the right to restriction of processing (Art. 18 GDPR)
    ⦁ the right to data portability (Art. 20 GDPR)
    Restrictions apply to the rights to information and erasure in accordance with Sections 34 and 35 BDSG-new.
    You can object to processing based on legitimate interest (Art. 21 (1) GDPR). In this case, we will stop the processing unless there are compelling legitimate grounds for the processing or the processing serves the establishment, exercise or defense of legal claims. This applies analogously to the processing of your personal data for the purpose of direct marketing (Art. 21 para. 2 GDPR). You can withdraw your consent at any time in accordance with Art. 7 para. 3 GDPR. This also applies to consent given before 25.05.2018. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
    In addition, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG-new). If you wish to exercise your rights, please contact the data protection officer of DEVSPIRE GmbH, preferably in writing. You will find the contact details under point 1.
  7. ARE YOU OBLIGED TO PROVIDE PERSONAL DATA?
    You must provide the personal data required for the establishment and implementation of the business relationship, for the implementation of pre-contractual measures and for the fulfillment of the associated contractual obligations. You must also provide the data that DEVSPIRE GmbH is legally obliged to process. Without this information, we will regularly not be able to conclude or fulfill the respective contract with you. Such an obligation to provide personal data may only arise in the further course of a business relationship. The provision of other personal data is voluntary.
  8. AUTOMATED DECISION MAKING IN INDIVIDUAL CASES (INCLUDING PROFILING)
    DEVSPIRE GmbH uses automated individual decision-making in accordance with Art. 22 GDPR in the performance of contracts. In the event of repeated payment default, the option to purchase with a payment term is automatically blocked. This measure is intended to reduce payment defaults. Data subjects have the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision. In the context of recruitment procedures, there is no automated decision-making in individual cases within the meaning of Art. 22 GDPR, i.e. the decision on your application is not based solely on automated processing.
    In some cases, personal data is also processed automatically in order to evaluate certain personal aspects (so-called profiling). In order to provide you with targeted information about products and services and to be able to make you offers tailored to your needs, evaluation mechanisms are used that take into account, among other things, your industry affiliation and product group-specific sales in the past.
    Special categories of personal data in accordance with Art. 9 GDPR and data about your nationality are not used.
  9. INFORMATION ABOUT YOUR RIGHT TO OBJECT ACCORDING TO ART. 21 GDPR
    Right to object in individual cases
    If you object, DEVSPIRE GmbH will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

Right to object to the processing of personal data for the purpose of direct marketing
DEVSPIRE GmbH may use your personal data for the purpose of direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. This also applies to profiling insofar as it is associated with such direct advertising. If you object to the processing for direct marketing purposes, DEVSPIRE GmbH will no longer process your personal data for these purposes.
The objection can be made informally and should be addressed to:
Devspire GmbH
Emil-Figge-Str. 76-80
44227 Dortmund
Dortmund, Germany

E-mail: [email protected]

ADDITIONAL INFORMATION ON THE USE OF THIS WEBSITE
It is possible to use our website without providing personal data. Different regulations may apply to the use of individual services on our website, which are explained separately below. Your personal data (e.g. name, address, e-mail, telephone number, etc.) will only be processed by us in accordance with the provisions of German data protection law. Data is personal if it can be clearly assigned to a specific natural person. In this respect, the following regulations inform you about the type, scope and purpose of the collection, use and processing of personal data
We would like to point out that Internet-based data transmission is subject to security vulnerabilities, making complete protection against access by third parties impossible.

COOKIES
We use so-called cookies on our website to recognize multiple use of our offer by the same user/internet connection owner. Cookies are small text files that your Internet browser stores on your computer. They are used to optimize our website and our offers. These are mostly so-called “session cookies”, which are deleted again at the end of your visit. In some cases, however, these cookies provide information to recognize you automatically. This recognition is based on the IP address stored in the cookies. The information obtained in this way is used to optimize our services and make it easier for you to access our website. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website.

SERVER DATA
For technical reasons, the following data, which your Internet browser transmits to us or to our web space provider, is recorded (so-called server log files):
⦁ Browser type and version
⦁ Operating system used
⦁ Website from which you visit us (referrer URL)
⦁ Website you visit
⦁ Date and time of your access
⦁ Your Internet Protocol (IP) address.
This anonymous data is stored separately from any personal data you may have provided and therefore does not allow any conclusions to be drawn about a specific person. They are evaluated for statistical purposes in order to optimize our website and our offers.

CONTACT POSSIBILITY
On our website, we offer you the opportunity to contact us by e-mail and/or via a contact form. In this case, the information provided by the user is stored for the purpose of processing the contact. It will not be passed on to third parties. The data collected in this way is also not compared with data that may be collected by other components of our website.
HOSTING
Our websites are hosted by OVH GmbH, Christophstraße 19, 50670 Cologne, Germany, a subsidiary of the OVH SA Group based at 2, Rue Kellermann, 59100 Roubaix, France. The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in the reliable presentation and high-performance accessibility of our website.
Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR. Also available here: https://www.ovhcloud.com/de/terms-and-conditions/contracts/. Further information on data protection at Host Europe GmbH can be found at: https://www.ovhcloud.com/de/personal-data-protection/

CDN SECURITY
Cloudflare
We use the “Cloudflare” service. The provider is Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, USA (hereinafter referred to as “Cloudflare”).
Cloudflare offers a globally distributed content delivery network with DNS. Technically, the information transfer between your browser and our website is routed via Cloudflare’s network. This enables Cloudflare to analyze the data traffic between your browser and our website and to serve as a filter between our servers and potentially malicious data traffic from the Internet. Cloudflare may also use cookies or other technologies to recognize Internet users, but these are used solely for the purpose described here.
The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f GDPR).
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.cloudflare.com/privacypolicy/.
Further information on security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/.
Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

DATA SUMMARY
Consent with Cookiebot
Our website uses Cookiebot’s consent technology to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document this in accordance with data protection regulations. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter “Cookiebot”).
When you enter our website, a connection is established to the Cookiebot servers in order to obtain your consent and other declarations regarding the use of cookies. Cookiebot then stores a cookie in your browser in order to be able to assign the consents you have given or revoke them. The data collected in this way is stored until you ask us to delete it, delete the Cookiebot cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected.
Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.
Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

SOCIAL MEDIA
Facebook
Elements of the social network Facebook are integrated on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.
You can find an overview of the Facebook social media elements here: https://developers.facebook.com/docs/plugins/?locale=de_DE.
When the social media element is active, a direct connection is established between your device and the Facebook server. Facebook receives the information that you have visited this website with your IP address.
website you have visited. If you click on the Facebook “Like” button while you are logged into your Facebook account, you can link the content of this website to your Facebook profile.
This allows Facebook to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information on this can be found in Facebook’s privacy policy at: https://de-de.facebook.com/privacy/explanation.
If consent has been obtained, the above-mentioned service is used on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, the service is used on the basis of our legitimate interest in the widest possible visibility in social media.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.

Instagram
Functions of the Instagram service are integrated on this website. These functions are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram thereby receives information about your visit to this website.
If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.
If consent has been obtained, the above-mentioned service is used on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, the service is used on the basis of our legitimate interest in the widest possible visibility in social media.
Insofar as personal data is collected on our website using the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook or Instagram. The processing carried out by Facebook or Instagram after forwarding is not part of the joint responsibility.
The obligations incumbent on us jointly were set out in an agreement on joint processing. You can find the wording of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook and Instagram products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
You can find more information on this in Instagram’s privacy policy: https://instagram.com/about/legal/privacy/ .

Analysis tools and advertising
Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.
The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
https://developers.google.com/tag-platform/security?hl=de

Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor.
We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data records and uses machine learning technologies for data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/.
IP anonymization
This website uses functions for IP anonymization. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. As a result, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/.
Browser plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Google signals
This website uses Google Signals. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. When you visit our website, Google Analytics records your location, search history, YouTube history and demographic data (visitor data), among other things. This data can be used for personalized advertising with the help of Google Signal. If you have a Google account, the visitor data from Google Signal is linked to your Google account and used for personalized advertising messages. The data is also used to compile anonymous statistics on the user behavior of our users.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/.
Demographic characteristics in Google Analytics
This website uses the “demographic features” function of Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, in order to be able to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be generated that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google and from visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section “Objection to data collection”.
Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Meta Pixel (formerly Facebook Pixel)
This website uses the Facebook/Meta visitor action pixel to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.
This allows the behavior of site visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.
The data collected is anonymous for us as the operator of this website; we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy (https://de-de.facebook.com/about/privacy/). This allows Facebook to place advertisements on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.
We use the advanced matching function within the meta pixels.
Advanced matching enables us to transmit various types of data (e.g. place of residence, state, zip code, hashed email addresses, name, gender, date of birth or telephone number) of our customers and prospects that we collect via our website to Meta (Facebook). This activation allows us to tailor our advertising campaigns on Facebook even more precisely to people who are interested in our offers. In addition, the extended matching improves the allocation of website conversions and expands Custom Audiences.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
You can find further information on protecting your privacy in Facebook’s privacy policy: https://de-de.facebook.com/about/privacy/.
You can also deactivate the remarketing function “Custom Audiences” in the settings for advertisements at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged in to Facebook to do this.
If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

Google Optimize
We have integrated Google Optimize on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter Google Optimize).
Google Optimize enables us to optimize our website by carrying out tests (A/B testing) and personalizing the website. For this purpose, Google Optimize processes the IP address of website visitors. The personal data collected can then be processed by other analysis tools.
The use of Google Optimize is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the optimal design of its online presence. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. for device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Further details can be found in the provider’s privacy policy at: https://business.safety.google/adsprocessorterms/.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Newsletter and postal advertising
Mailchimp
This website uses the services of Mailchimp to send newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
Mailchimp is a service that can be used to organize and analyse the sending of newsletters, among other things. If you enter data for the purpose of subscribing to the newsletter (e.g. email address), this data is stored on Mailchimp’s servers in the USA.
With the help of Mailchimp, we can analyze our newsletter campaigns. When you open an email sent with Mailchimp, a file contained in the email (known as a web beacon) connects to Mailchimp’s servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
If you do not wish to be analyzed by Mailchimp, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.
The data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://mailchimp.com/eu-us-data-transfer-statement/ and https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
For more information, please refer to Mailchimp’s privacy policy at: https://mailchimp.com/legal/terms/.
Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Plugins and tools
YouTube
This website embeds videos from the YouTube website. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube may store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts.
After the start of a YouTube video, further data processing operations may be triggered over which we have no influence.
The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
You can find more information about data protection at YouTube in their privacy policy at: https://policies.google.com/privacy?hl=de, Opt-Out: https://adssettings.google.com/authenticated

Google Maps
This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform display of fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
You can find more information on the handling of user data in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to check whether data is entered on this website (e.g. in a contact form) by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.
The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
For more information about Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

Gravity Forms
The forms on our website use the “Gravity Forms” service. This is offered by Rocketgenius, Inc, 1620 Centerville Turnpike #102, Virginia Beach, VA 23464, USA. The use is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f) GDPR, as we intend to make our online offer user-friendly, which also includes a contact form for easy contact.
Entered form data is sent to us, the website operator, by email and thus stored on our self-hosted mail server. In addition, the data is stored in the WordPress database to provide proof of the request.
The documentation section of the company website confirms that the plugin is GDPR-compliant: https://docs.gravityforms.com/wordpress-gravity-forms-and-gdpr-compliance/ . Data is not passed on or stored on the servers of Rocketgenius, Inc. or on the gravityforms.com website! Further information on the collection and use of data by Gravity Forms can be found in the Rocketgenius, Inc. privacy policy: https://www.gravityforms.com/privacy/.