Privacy
Privacy Policy
This privacy policy informs you about the type, scope, and purpose of the processing of personal data (hereinafter "data") within our online offerings and associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as the "online offering"). For the terminology used, such as "processing" or "controller," we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Data Protection Officer / Responsible Party
Niklas Krämer
c/o weitergedacht UG (limited liability)
Gerichtstr. 23, 13447 Berlin
Types of Data Processed
- Master data (e.g., names, addresses)- Contact data (e.g., email addresses, phone numbers)
- Content data (e.g., text entries, photographs, videos)
- Usage data (e.g., visited pages, interest in content, access time
- Meta / communication data (e.g., device information, IP addresses)
Purpose of Processing
- Provision of the online offering, its functions, and content
- Responding to contact inquiries and communication with users
- Security mesures
- Reach measurement / marketing
Terminology
"Personal data" refers to any information relating to an identified or identifiable natural person (hereinafter "data subject"); a natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier (e.g., cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
"Processing" means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and practically includes any handling of data.
The "Controller" is the natural or legal person, authority, agency, or other body that alone or jointly with others determines the purposes and means of processing personal data.
Legal Basis
Pursuant to Art. 13 GDPR, we inform you of the legal basis for our data processing. Unless otherwise stated in the privacy policy, the legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR; the legal basis for processing to fulfill our services, execute contractual measures, or respond to inquiries is Art. 6(1)(b) GDPR; the legal basis for processing to fulfill legal obligations is Art. 6(1)(c) GDPR; and the legal basis for processing to protect our legitimate interests is Art. 6(1)(f) GDPR. If processing is necessary to protect vital interests of the data subject or another natural person, Art. 6(1)(d) GDPR serves as the legal basis.
Security Measures
We encourage you to regularly review the content of our privacy policy. We update the privacy policy whenever changes in our data processing make it necessary. We will inform you if any action on your part (e.g., consent) or other individual notification becomes necessary.
Cooperation with Processors and Third Parties
If, within the scope of our processing, we disclose data to other persons or companies (processors or third parties), transmit it to them, or otherwise grant them access, this only occurs based on a legal permission (e.g., if transmission to third parties such as payment service providers is required under Art. 6(1)(b) GDPR to fulfill a contract), your consent, a legal obligation, or our legitimate interests (e.g., use of contractors, web hosting providers, etc.). If we engage third parties for data processing under a so-called "data processing agreement," this is based on Art. 28 GDPR.
Transfers to Third Countries
If we process data in a third country (i.e., outside the European Union (EU) or European Economic Area (EEA)) or this occurs in the context of using third-party services, disclosure, or transmission of data to third parties, this only happens if it is necessary for the fulfillment of our (pre)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we only process or allow processing in a third country under the special conditions of Arts. 44 ff. GDPR. That is, processing may occur, for example, based on special guarantees, such as an officially recognized determination of an EU-equivalent data protection level (e.g., for the USA via the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
Rights of Data Subjects
You have the right to request confirmation of whether personal data concerning you is being processed and to obtain access to this data, along with further information and a copy, in accordance with Art. 15 GDPR. You have the right under Art. 16 GDPR to request the completion or correction of inaccurate data concerning you. Pursuant to Art. 17 GDPR, you have the right to request that your data be deleted without undue delay, or alternatively, under Art. 18 GDPR, to request a restriction of processing. You also have the right to receive the data you provided to us in accordance with Art. 20 GDPR and to request its transmission to another controller. Further, under Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.
You have the right to revoke any consent given under Art. 7(3) GDPR with effect for the future. You can object to the future processing of your personal data at any time under Art. 21 GDPR. This objection can specifically apply to processing for direct marketing purposes.
Privacy Policy for the Use of Google Analytics (with Anonymization Function)
The controller has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, gathering, and evaluation of data about the behavior of visitors to websites. A web analysis service collects, among other things, data about which website a data subject came from (so-called referrers), which subpages of the website were accessed, or how often and for how long a subpage was viewed. Web analysis is predominantly used to optimize a website and for cost-benefit analysis of online advertising.The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The controller uses the addition "_gat._anonymizeIp" for web analysis via Google Analytics. With this addition, the IP address of the data subject's internet connection is shortened and anonymized by Google when accessing our website from a member state of the European Union or from another contracting state of the Agreement on the European Economic Area. The purpose of the Google Analytics component is the analysis of visitor flows on our website. Google uses the collected data and information, among other things, to evaluate the use of our website, to compile online reports for us showing the activities on our websites, and to provide further services related to the use of our website.
Google Analytics sets a cookie on the data subject's information technology system. What cookies are has already been explained above. By setting the cookie, Google enables an analysis of the use of our website. With each call of one of the individual pages of this website, which is operated by the controller and on which a Google Analytics component is integrated, the internet browser on the data subject's information technology system is automatically instructed by the respective Google Analytics component to transmit data to Google for online analysis purposes.
In the context of this technical procedure, Google gains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to trace the origin of visitors and clicks and subsequently to enable commission accounting. Through the cookie, personal information is stored, for example, the access time, the location from which an access originated, and the frequency of the data subject's visits to our website. On each visit to our websites, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected through the technical procedure to third parties.
The data subject can prevent the setting of cookies by our website, as already explained above, at any time by making the corresponding setting in the internet browser used and thereby permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Google from setting a cookie on the data subject's information technology system. In addition, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.
Furthermore, the data subject has the option to object to the collection of data generated by Google Analytics relating to the use of this website and the processing of this data by Google and to prevent such collection. To do this, the data subject must download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout. This browser add-on communicates to Google Analytics via JavaScript that no data and information about visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as an objection.
If the data subject's information technology system is deleted, formatted, or reinstalled at a later date, the data subject must reinstall the browser add-on to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person attributable to their sphere of influence, it can be reinstalled or reactivated.
Further information and the applicable privacy policies of Google can be accessed at https://www.google.de/intl/de/policies/privacy/ and at https://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at this link: https://www.google.com/intl/de_de/analytics/.
Objection to Data Collection
You can prevent the collection of your data by Google Analytics by activating an add-on in your browser. You can download this at the following link: https://tools.google.com/dlpage/gaoptout. More information on handling user data with Google Analytics can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de
Cookies and Right to Object to Direct Advertising
"Cookies" are small files that are stored on users' computers. Different information can be stored within cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit within an online service. Temporary cookies, or "session cookies" or "transient cookies," are cookies that are deleted after a user leaves an online service and closes their browser. Such a cookie can, for example, store the contents of a shopping cart in an online shop or a login status.
"Permanent" or "persistent" cookies are cookies that remain stored even after the browser is closed. For example, the login status can be stored if users access the website again after several days. Similarly, a cookie can store user interests, which are used for reach measurement or marketing purposes.
"Third-party cookies" are cookies offered by providers other than the controller operating the online service (otherwise, if it is only the controller's cookies, these are called "first-party cookies").
We may use temporary and permanent cookies and inform about this within the scope of our privacy policy. If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. The exclusion of cookies may lead to functional limitations of this online service.
A general objection to the use of cookies employed for online marketing purposes can be made for many services, especially in the case of tracking, via the U.S. page https://www.aboutads.info/choices/ or the EU page https://www.youronlinechoices.com/. Furthermore, cookie storage can be prevented by disabling them in the browser settings. Please note that not all functions of this online service may be usable in that case.
Deletion of Data
The data we process is deleted or restricted in processing in accordance with Articles 17 and 18 of the GDPR. Unless explicitly stated otherwise in this privacy policy, data stored by us is deleted as soon as it is no longer required for its purpose and there are no statutory retention obligations opposing deletion. If the data is not deleted because it is required for other legally permissible purposes, its processing is restricted. That means the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
According to statutory requirements in Germany, retention is particularly for 10 years in accordance with §§ 147 (1) AO, 257 (1) No. 1 and 4, (4) HGB (books, records, management reports, booking documents, commercial books, tax-relevant documents, etc.) and 6 years according to § 257 (1) No. 2 and 3, (4) HGB (commercial letters). According to statutory requirements in Austria, retention is particularly 7 years according to § 132 (1) BAO (accounting documents, receipts/invoices, accounts, documents, business papers, statement of income and expenses, etc.), 22 years in connection with real estate, and 10 years for documents related to electronically provided services, telecommunications, broadcasting, and television services provided to non-entrepreneurs in EU member states, for which the Mini One-Stop-Shop (MOSS) is used.
Hosting
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage and database services, security services, and technical maintenance services, which we use for the operation of this online service.
In this context, we or our hosting provider process master data, contact data, content data, contract data, usage data, metadata, and communication data of customers, prospects, and visitors of this online service based on our legitimate interest in efficiently and securely providing this online service in accordance with Art. 6 (1) lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).
Collection of Access Data and Log Files
We, or our hosting provider, collect data on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR on every access to the server on which this service is located (so-called server log files). Access data includes the name of the requested web page, file, date and time of access, transferred data volume, message about successful retrieval, browser type and version, user operating system, referrer URL (previously visited page), IP address, and requesting provider.
Logfile information is stored for security reasons (e.g., to clarify misuse or fraud) for a maximum of 7 days and then deleted. Data whose further retention is required for evidentiary purposes is exempt from deletion until the respective case is finally resolved.
Provision of Contractual Services
We process master data (e.g., names and addresses as well as user contact data), contract data (e.g., services used, names of contact persons, payment information) for the fulfillment of our contractual obligations and service provision pursuant to Art. 6 (1) lit. b GDPR. Entries marked as mandatory in online forms are required for contract conclusion.
In the context of using our online services, we store the IP address and the time of the respective user action. Storage occurs on the basis of our legitimate interests as well as the user's interest in protection against misuse and other unauthorized use. A transfer of this data to third parties generally does not occur unless required to assert our claims or there is a legal obligation pursuant to Art. 6 (1) lit. c GDPR.
We process usage data (e.g., the web pages visited on our online service, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile to display, for example, product recommendations based on services previously used. Deletion of the data occurs after the expiration of statutory warranty and similar obligations; the necessity of retaining data is reviewed every three years. In the case of statutory archiving obligations, deletion occurs after their expiration. Information in any customer account remains until its deletion.
Administration, Accounting, Office Organization, Contact Management
We process data in the context of administrative tasks as well as the organization of our operations, accounting, and compliance with legal obligations such as archiving. Here, we process the same data as in the provision of our contractual services. The processing bases are Art. 6 (1) lit. c GDPR, Art. 6 (1) lit. f GDPR.
Customers, prospects, business partners, and website visitors are affected by the processing. The purpose and our interest in processing lie in administration, accounting, office organization, and data archiving—tasks that serve to maintain our business operations, perform our duties, and provide our services. The deletion of data concerning contractual services and communication corresponds to the information stated for these processing activities.
We disclose or transfer data to tax authorities, advisors such as tax consultants or auditors, as well as other fee offices and payment service providers. Furthermore, we store information about suppliers, organizers, and other business partners based on our business interests, e.g., for later contact purposes. These predominantly company-related data are generally stored permanently.
Business Analyses and Market Research
To operate our business economically and recognize market trends, customer, and user needs, we analyze the data available to us regarding business transactions, contracts, inquiries, etc. We process master data, communication data, contract data, payment data, usage data, and metadata based on Art. 6 (1) lit. f GDPR, with the affected persons being customers, prospects, business partners, visitors, and users of the online service.
The analyses are carried out for the purpose of business evaluations, marketing, and market research. We can include the profiles of registered users with information, e.g., about their purchase activities. The analyses serve to increase user-friendliness, optimize our offering, and improve business efficiency. The analyses serve only us and are not disclosed externally, unless they are anonymous analyses with aggregated values.
If these analyses or profiles are personal, they are deleted or anonymized upon the user's termination, otherwise after two years from contract conclusion. In addition, overall business analyses and general trend determinations are created anonymously whenever possible.
Contact
When contacting us (e.g., via contact form, email, phone, or social media), user information is processed to handle the inquiry and its processing pursuant to Art. 6 (1) lit. b GDPR. User data may be stored in a Customer Relationship Management system ("CRM system") or a comparable inquiry organization. We delete inquiries if they are no longer required. We review the necessity every two years; statutory archiving obligations also apply.
Newsletter
The following information informs you about the content of our newsletter, as well as the registration, sending, and statistical evaluation procedures, and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the described procedures.
Content of the Newsletter: We send newsletters, emails, and other electronic notifications with advertising information (hereinafter "newsletter") only with the consent of the recipients or a legal permission. If the content of a newsletter is specifically described during registration, this is decisive for the user's consent. Otherwise, our newsletters contain information about our services and us.
Double Opt-In and Logging: Registration for our newsletter occurs via a so-called double opt-in procedure. That means you receive an email after registration asking you to confirm your registration. This confirmation is necessary to ensure that no one can register using someone else's email address. Registrations for the newsletter are logged to document the registration process according to legal requirements. This includes storing the registration and confirmation time, as well as the IP address. Changes to your data stored by the sending service provider are also logged.
Registration Data: To register for the newsletter, it is sufficient to provide your email address. Optionally, we ask for first names for personal addressing in the newsletter.
Germany: Sending the newsletter and the associated success measurement is based on the recipient's consent pursuant to Art. 6 (1) lit. a, Art. 7 GDPR in conjunction with §7 (2) No. 3 UWG or based on legal permission pursuant to §7 (3) UWG.
Logging of the registration process is based on our legitimate interests pursuant to Art. 6 (1) lit. f GDPR. Our interest is in using a user-friendly and secure newsletter system that serves both our business interests and the users' expectations, and allows us to demonstrate consents.
Cancellation/Withdrawal: You can cancel receiving our newsletter at any time, i.e., revoke your consent. A link to cancel the newsletter can be found at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to prove previously given consent. Processing of this data is limited to the purpose of possible defense against claims. Individual deletion requests are possible at any time, provided that the previous existence of consent is confirmed.
The newsletter is sent using the sending service provider Mailchimp.