Privacy Policy
With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process for which purposes and to what extent within the scope of providing our application.
The terms used are not gender-specific.
Status: January 1, 2024
Table of Contents:
- Preamble
- Controller
- Overview of processing activities
- Relevant legal bases
- Security measures
- Transfer of personal data
- International data transfers
- Rights of data subjects
- Use of cookies
- Business services
- Provision of online offers and web hosting
- Blogs and publication media
- Contact and inquiry management
- Newsletters and electronic notifications
- Promotional communication via email, mail, fax, or telephone
- Web analysis, monitoring, and optimization
- Online marketing
- Customer reviews and rating procedures
- Presences in social networks (social media)
- Plugins and embedded functions and content
Controller:
Overview of processing activities:
The following overview summarizes the types of data processed, the purposes of their processing, and refers to the data subjects concerned.
Types of data processed:
- Inventory data.
- Payment data.
- Location data.
- Contact data.
- Content data.
- Contract data.
- Usage data.
- Meta, communication, and procedural data.
Categories of data subjects:
- Customers.
- Prospective customers.
- Communication partners.
- Users.
- Business and contractual partners.
Purposes of processing:
- Provision of contractual services and fulfillment of contractual obligations.
- Contact requests and communication.
- Security measures.
- Direct marketing.
- Audience measurement.
- Tracking.
- Office and organizational procedures.
- Management and response to inquiries.
- Feedback.
- Marketing.
- Profiles with user-related information.
- Provision of our online offer and user-friendliness.
- Information technology infrastructure.
Relevant legal bases:
Relevant legal bases under GDPR: Below you will find an overview of the legal bases under GDPR on which we process personal data. Please note that in addition to the GDPR regulations, national data protection regulations may apply in your or our country of residence. If more specific legal bases are relevant in individual cases, we will inform you about these in the privacy policy.
- Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.
- Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
- Legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
- Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
National data protection regulations in Germany: In addition to the GDPR, national data protection regulations apply in Germany, particularly the Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG). The BDSG contains specific provisions on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission, as well as automated individual decision-making, including profiling. In addition, state data protection laws of individual federal states may apply.
Notice on the applicability of GDPR and Swiss DSG: This privacy notice serves both as information under the Swiss Federal Data Protection Act (Swiss DSG) and under the GDPR. Therefore, please note that the terms used in this policy follow the terminology of the GDPR for broader territorial application and comprehensibility. Particularly, terms like "processing" of "personal data," "legitimate interests," and "special categories of data" under GDPR are used instead of "processing" of "personal data," "overriding interest," and "particularly sensitive personal data" under Swiss DSG. However, the legal meaning of the terms under Swiss DSG is determined by Swiss law.
Security measures:
We take appropriate technical and organizational measures in accordance with the legal requirements, considering the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.
These measures include securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transfer, securing availability, and their separation. Furthermore, we have procedures in place to ensure the exercise of data subjects' rights, the deletion of data, and responses to data breaches. Additionally, we take into account the protection of personal data during the development or selection of hardware, software, and procedures following the principle of data protection by design and by default.
Transfer of personal data:
In the context of our processing of personal data, data may be transferred to other entities, companies, legally independent organizational units, or persons, or disclosed to them. Recipients of this data may include IT service providers or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, enter into appropriate contracts or agreements that serve to protect your data with the recipients of your data.
International data transfers:
Processing of data in third countries: If we process data in a third country (i.e., outside the European Union (EU), European Economic Area (EEA)) or if processing occurs as part of the use of third-party services or disclosure or transfer of data to other persons, entities, or companies, this is done only in compliance with legal requirements. If the level of data protection in the third country has been recognized by an adequacy decision (Art. 45 GDPR), this serves as the basis for data transfers. Otherwise, data transfers occur only if the level of data protection is ensured otherwise, particularly through standard contractual clauses (Art. 46 para. 2 lit. c GDPR), explicit consent, or in the case of contractual or legally required transmission (Art. 49 para. 1 GDPR). Furthermore, we inform you of the grounds for the third-country transfer in the case of individual providers from third countries, with adequacy decisions taking precedence. Information on third-country transfers and existing adequacy decisions can be found in the EU Commission's information offering: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de.