Privacy Policies

Last Updated: 10 Oct, 2024

With this privacy policy, we would like to inform you about the type, scope and purpose of the processing of personal data (hereinafter also referred to as “data”). Personal data are all data that have a personal reference to you, e.g. name, address, e-mail address or your user behavior. The data protection declaration applies to all data processing operations carried out by us both within the scope of our core activities and for the online media provided by us.

1. Who is responsible for data processing at our company

Responsible for data processing is:


Schopenhauerstraße 6
85579 Neubiberg,
E-Mail: info@empacto.eco
Register court: Amtsgericht München
Register number: HRB 293046
VAT ID: tbd.


Represented by the managing directors: Jonas Petry & Max Kaiser.

2. Processing of your data within the scope of the core activity of our company

If you are our customer or business partner or are interested in our services, the type, scope and purpose of processing your data depends on the contractual or pre-contractual relationship existing between us. In this sense, the data processed by us includes all data that is or was provided by you for the purpose of using the contractual or pre-contractual services and that is required to process your inquiry or the contract concluded between us. Unless otherwise stated in the further notes to this data protection declaration, the processing of your data and its transfer to third parties is limited to those data that are necessary and expedient to answer your inquiries and/or to fulfill the contract concluded between you and us, to protect our rights and to fulfill legal obligations. We will inform you which data is required for this before or in the course of data collection. Insofar as we use third-party providers to provide our services, the data protection notices of the respective third-party providers apply.


Data concerned:

  • Inventory data (e.g. names, addresses)

  • Payment data (e.g. bank details, invoices)

  • Contact data (e.g. e-mail address, telephone number, postal address)

  • Contract data (e.g. subject matter of contract, duration of contract)


Data subjects: Prospective customers, business and contractual partners


Purpose of processing: Processing of contractual services, communication as well as answering contact requests, office and organizational procedures.


Legal basis: Contract performance and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legal obligation, Art. 6 para. 1 lit. c GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR.

3. Your rights under the GDPR

According to the GDPR, you are entitled to the following rights, which you can assert at any time with the responsible person named in point 1. of this data protection declaration:


  • Right of access: You have the right to request information from us about whether and which data we process from you.

  • Right to rectification: You have the right to request the correction of inaccurate or completion of incomplete data.

  • Right to erasure: You have the right to request the erasure of your data.

  • Right to restriction: You have the right in certain cases to request that we process your data only in a restricted manner.

  • Right to data portability: You have the right to request that we transfer your data to you or another responsible party in a structured, common and machine-readable format.

  • Right of Complaint: You have the right to complain to a supervisory authority. The supervisory authority of your usual place of residence, your workplace or our company headquarters is responsible.


Right of revocation

You have the right to revoke your consent to data processing at any time.


Right of objection

You have the right to object at any time to the processing of your data, which we base on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. If you make use of your right to object, we ask you to explain the reasons. We will then no longer process your personal data unless we can prove to you that compelling reasons worthy of protection for the data processing outweigh your interests and rights.


Independently of the above, you have the right to object at any time to the processing of your personal data for the purposes of advertising and data analysis.


Please address your objection to the contact address of the data controller indicated above.

4. When do we delete your data?

We delete your data when we no longer need it or when you instruct us to do so. This means that – unless otherwise stated in the individual data protection notices of this privacy policy – we delete your data:


  • when the purpose of the data processing has ceased to exist and thus the respective legal basis stated in the individual data protection notices no longer exists, i.e., for example.

    • after termination of the contractual or membership relationship existing between us (Art. 6 para. 1 lit. a GDPR) or

    • after our legitimate interest in the further processing or storage of your data ceases to exist (Art. 6 para. 1 lit. f GDPR),

  • if you exercise your right of withdrawal and no other legal basis for processing within the meaning of Art. 6 (1) lit. b-f GDPR applies,

  • if you exercise your right of objection and there are no compelling legitimate grounds for deletion.


If, however, we still need to retain (certain parts of) your data for other purposes, for example because tax retention periods (generally 6 years for business correspondence or 10 years for accounting records) or the assertion, exercise or defense of legal claims arising from contractual relationships (up to four years) make this necessary, or if the data is needed to protect the rights of another natural or legal person, we will delete (that part of) your data only after these periods have expired. However, until the expiration of these periods, we limit the processing of this data to these purposes (fulfillment of retention obligations).

5. Cloud services

We use cloud services in particular:


  • for storing and processing documents,

  • to send documents by e-mail or to exchange files of any kind,

  • for our calendrical appointment management,

  • to prepare and execute presentations and spreadsheets,

  • for publishing files of any kind,

  • for internal and external communication by means of chats, audio and video conferences.


The software applications we use for these purposes are provided to us by the provider(s) listed below on their servers. We access these servers via the Internet. Insofar as you transmit your data to us in the course of communication with us or in other processes explained by us by means of this data protection declaration, we process this data in the cloud service used by us. This means that your data is stored on the servers of the third-party cloud service provider. The third-party providers process usage and metadata to secure their servers and to optimize their services. We process and store your contact, customer and contract data in particular.


If we make files of any kind publicly available via our internet presence by means of the cloud service we use, the respective third-party provider of the cloud service may store cookies on your computer system if you access these files. The service provider may process the data collected in this way to analyze your usage behavior or browser settings.


We would like to point out that, depending on the country of domicile of the service provider named below, the data named in more detail below may be transferred to and processed on servers outside the area of the European Union. In this case, there is a risk that the level of data protection prescribed by the GDPR will not be complied with and that the enforcement of your rights will not be possible or will be difficult. If the service provider we use offers to process the data exclusively within the EU, we intend – if currently not already implemented anyway – to process your data exclusively there.


Data concerned:

  • Inventory data (e.g. names, addresses),

  • Contact data (e.g. e-mail addresses, telephone and cell phone numbers)

  • Content data (e.g. photos, videos, texts),

  • Usage data (e.g. times of access, websites visited, interest in content),

  • metadata (e.g. IP address, computer system information).


Data subjects: Interested parties, communication partners, customers, employees (e.g. applicants, current and former employees)


Purpose of processing: Organization of office and administrative tasks


Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, contract performance and pre-contractual requests, Art. 6 para. 1 lit. b GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR.


Installed cloud service providers:


Google Cloud Services

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Website: https://cloud.google.com/
Privacy policy: https://www.google.com/policies/privacy
Data Processing Agreement: Data Processing Agreement


Notion

Service Provider: Notion Labs, Inc., 2300 Harrison Street Floor 2, San Francisco, CA 94110, USA
Website: https://www.notion.so
Privacy policy: https://www.notion.so/Privacy-Policy-3468d120cf614d4c9014c09f6adc9091
Data processing contract: Data processing contract

6. Web hosting

In order to maintain our Internet pages, we use a provider on whose server our Internet pages are stored and made available for retrieval on the Internet (hosting). In this context, the provider may process all data transmitted via the browser used by you that is generated when you use our Internet pages. This includes, in particular, your IP address, which the provider needs to deliver our online offer to the browser you use, as well as all entries you make on our website. In addition, the provider used by us may record:


  • the date and time of access to our website

  • time zone difference to Greenwich Mean Time (GMT)

  • access status (HTTP status)

  • the amount of data transferred

  • the Internet service provider of the accessing system

  • the type of browser you are using and its version

  • the operating system you are using

  • the website from which you may have accessed our website

  • the pages or sub-pages that you visit on our website.


The aforementioned data is stored as log files on the servers of our provider. This is necessary to ensure the stability and security of the operation of our website.


Data concerned:

  • Content data (e.g. posts, photos, videos).

  • Usage data (e.g. access times, web pages clicked on).

  • Communication data (e.g. information about the device used, IP address)


Data subjects: Users of our internet presence


Purpose of processing: Playing out our Internet pages, guaranteeing the operation of our Internet pages, data backup.


Legal basis: Legitimate interest, Art. 6 para. 1 lit. f GDPR


Web hoster(s) commissioned by us:


Amazon Web Services (AWS).

We use the cloud service Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg (hereinafter “AWS”) to provide the Website and its services. The server location of AWS is Frankfurt (am Main). Thus, AWS ensures that the data is not transferred to the USA. In addition, Amazon Web Service is certified to reliable security standards, including ISO 27001, SOC 1/2/2, and PCI DSS Level 1.
Data Processing Agreement: Data Processing Agreement
Standard Contractual Clauses: SCC

For more information, please visit: GDPR – Amazon Web Services (AWS)


Hetzner

Service Provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Website: https://www.hetzner.com
Privacy policy: https://www.hetzner.com/legal/privacy-policy/
Data processing contract: Data processing contract


OVH

Service Provider: OVH GmbH, Christophstraße 19, 50670 Cologne, Germany
Website: https://www.ovh.de
Privacy policy: https://www.ovh.de/schutz-personenbezogener-daten/ Data Processing Agreement: Data Processing Agreement

7. Content Delivery Network

We use a content delivery network (CDN) to serve our web pages. A CDN is a network of regionally distributed servers connected via the Internet. The CDN provides scalable storage and delivery capacities. This optimizes the loading times of our Internet pages and ensures optimal data throughput even during large load peaks. User requests on our Internet pages are routed via servers of the CDN. Statistics are created from these data streams. On the one hand, this serves to detect potential threats to our Internet pages from malware at an early stage and, on the other hand, to continuously improve our offer and make our Internet pages more user-friendly for you as a user.


We would like to point out that, depending on the country of domicile of the service provider mentioned below, the data collected via the service may be transmitted and processed outside the area of the European Union. In this case, there is a risk that the level of data protection required by the GDPR will not be complied with and that the enforcement of your rights may not be possible or may be difficult.


Data concerned:

  • Content data (e.g. posts, photos, videos).

  • Usage data (e.g. access times, web pages clicked on)

  • Communication data (e.g. information about the device used, IP address)


Purpose of processing: Technical optimization of the Internet presence, analysis of errors and user behavior.


Legal basis: Legitimate interest, Art. 6 para. 1 lit. f GDPR.


Installed CDN service provider:


Cloudflare

Service provider: Cloudflare Inc, 101 Townsend St, San Francisco, CA 94107, USA.
Website: https://www.cloudflare.com/
Privacy policy: https://www.cloudflare.com/privacypolicy/
Scope of data collection: https://blog.cloudflare.com/what-cloudflare-logs/
Data Processing Agreement: Data Processing Agreement

8. Contact

Insofar as you contact us via e-mail, social media, telephone, fax, mail, our contact form or otherwise and in doing so provide us with personal data such as your name, telephone number or e-mail address, or provide further information about yourself or your request, we process this data in order to respond to your inquiry within the framework of the pre-contractual or contractual relationship existing between us.


Data concerned:

  • Inventory data (e.g. names, addresses)

  • Contact data (e.g. e-mail address, telephone number, postal address)

  • Content data (texts, photos, videos)

  • Contract data (e.g. subject matter of the contract, duration of the contract)


Data subjects: Prospective customers, customers, business and contractual partners


Purpose of processing: Communication as well as answering contact requests, office and organization procedures.


Legal basis: Contract performance and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR.


Details of the third-party provider we use:


Hubspot

Service provider: HubSpot, Inc, 25 First Street, Cambridge, MA 02141 USA.
Headquarters in Europe: Hubspot Europe, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland
Headquarters in Germany: HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin, Germany
Website: https://www.hubspot.de/
Privacy policy: https://legal.hubspot.com/de/privacy-policy
Data processing contract: Data processing contract

9. Web analysis and statistics

In order to record and statistically evaluate the flow of visitors to our website, we use web analysis services. Such services record, among other things, data about the website from which you have accessed our website (so-called referrers), which pages of our website you have accessed, how long you have visited our pages and which interactions you have carried out there. In addition, data on the browser you use, computer system and type of device are collected. In addition, demographic information such as age or gender can be collected as pseudonymous values via such a service. If you have consented to the collection of your location data, this may also be processed, depending on the provider.


In order to collect and store this data, the web analysis service we use usually sets a cookie on the end device you use, which also collects the IP address assigned to you. However, this is shortened via a so-called IP masking procedure, so that the IP address can no longer be assigned to your visit to our website. In addition, no clear data such as names or e-mail addresses are stored. Neither we nor the service we use know the identity of visitors to our website.


We would like to point out that, depending on the country of domicile of the service provider mentioned below, the data collected via the service may be transmitted and processed outside the area of the European Union. In this case, there is a risk that the level of data protection prescribed by the GDPR may not be complied with and that the enforcement of your rights may not be possible or may be difficult.


Data concerned:

  • Usage data (e.g. access times, web pages clicked on).

  • Communication data (e.g. information about the device used, IP address).


Data subjects: Users of our online offers.


Purpose of processing: Reach measurement, success monitoring of campaigns, remarketing as well as interest and behavior-based marketing.


Legal basis: If we have asked you for your consent before using the respective service, this is the legal basis, Art. 6 para. 1 lit. a GDPR. Furthermore, we use the respective service on the basis of our legitimate interest in analyzing the flow of visitors to our website in order to be able to continuously improve the functions, offers and user experience, Art. 6 (1) f GDPR.


We use the following web analytics services:


Matomo Analytics (without cookies, self operated).

Service provider: InnoCraft Ltd. 150 Willis St, 6011 Wellington, New Zealand.
Website: https://matomo.org/
Privacy policy: https://matomo.org/privacy/

When using Matomo, the data collected via the analysis tool is not transmitted to the service provider, but rather remains on our server. In addition, no cookies are used in the variant we use. Rather, returning users are recognized with the help of a so-called “digital fingerprint”. This is stored anonymously and changed every 24 hours. Conclusions about the identity of individual users are not possible.


sentry (self operated)

Service provider: Functional Software, Inc. dba Sentry 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA.
Website: https://sentry.io
Privacy Policy: https://sentry.io/privacy/

We use Sentry to capture bugs in our software products. When using Sentry, the collected data is not transmitted to the service provider, but rather remains on our server. Conclusions about the identity of individual users are not possible.

10. Online meetings, video conferences and screen sharing

We use third-party services to facilitate online meetings, video and/or audio conferencing, and online seminars among employees and with prospective customers or clients. When you communicate with us through such a service, the data collected in that communication process is processed by both us and the third-party provider. The data that may be generated in such a communication process includes, in particular, your login and contact information, posts in the chat window, your video and audio posts, and shared screen content. The data processed by the third-party provider we use primarily includes user data as well as metadata (e.g., IP address, computer system information). As a rule, the third-party providers process this data in order to check and ensure the security of the service. In addition, findings from the data processing are to be used to optimize the third-party provider’s offer and to carry out corresponding marketing measures. Please refer to the data protection information of the third-party provider in this regard.


We would like to point out that, depending on the country of domicile of the service provider mentioned below, the data collected via the service may be transmitted and processed outside the area of the European Union. In this case, there is a risk that the level of data protection required by the GDPR may not be complied with and that the enforcement of your rights may not be possible or may be difficult.


Data concerned:

  • Inventory data (e.g. names, addresses).

  • Contact details (e.g. e-mail address, telephone number)

  • Shared content (e.g., photos, videos, texts, audio recordings).

  • User data (e.g. times of access, Internet pages visited, interest in content)

  • Meta and communication data (e.g. IP address, computer system information)


Data subjects: Interested parties, customers, communication partners


Purpose of processing: Processing of contact inquiries, internal and external communication with employees as well as interested parties and customers, fulfillment of our contractual services, service offer


Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, contract performance and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR.

11. Services used by us

Google Meet (formerly Google Hangout)

Services offered: video conferencing, chats, instant messaging.
Service provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
Parent company: Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Website: https://gsuite.google.com/intl/de/
Privacy Policy: https://policies.google.com/privacy?hl=de


Signal

Services offered: (group) chats, video conferencing, voice conferencing.
Service Provider: Privacy Signal Messenger, LLC, 650 Castro Street, Suite 120-223 Mountain View, CA 94041, USA
Website: https://signal.org
Privacy policy: https://signal.org/legal/#privacy-policy


Slack

Services offered: (group) chats, video conferencing, voice conferencing.
Service Provider: Slack Technologies, Inc., 500 Howard Street, San Francisco, CA 94105, USA
Website: https://slack.com/intl/de-de/
Privacy policy: https://slack.com/intl/de-de/privacy-policy Data processing agreement: Data processing agreement

12. Content services

We use certain services to be able to play out certain content or graphics (videos, images, music, fonts, maps) via our Internet presence. In doing so, the services we use process the IP address assigned to you at the time of your visit to our Internet pages, as this is the only way the respective content can be displayed in the browser you are using. In addition, the providers of these services may place further cookies on your terminal device, which are used to collect information about your usage behavior, your interests, the device and browser you are using, as well as the time and duration of your session. The providers regularly use this data for analysis, statistical and marketing purposes. In addition, this information may also be combined with information from other sources. This applies in particular if you yourself maintain an account with the service provider and are logged in there at the time of the session.


We would like to point out that, depending on the country of domicile of the service provider named below, the data named in more detail below may be transferred to and processed on servers outside the area of the European Union. In this case, there is a risk that the level of data protection prescribed by the GDPR will not be complied with and that the enforcement of your rights will not be possible or will be difficult.


Data concerned:

  • Usage data (e.g. access times, web pages clicked on).

  • Communication data (e.g. information about the device used, IP address).


Data subjects: Users of our internet presence


Purpose of processing: Playing out our Internet pages, offering content, ensuring the operation of our Internet pages.


Legal basis: Consent via cookie consent banner, Art. 6 para. 1 lit. a GDPR, legitimate interests, Art. 6 para. 1 lit. f GDPR.


We use the following content services:


Google Web Fonts

Google Web Fonts enable us to integrate fonts (web fonts) into the design of our website and to display them correctly when our web pages are displayed in your browser. The integration of these web fonts is done by a server call at Google. From there, the fonts are compressed and passed on to your browser, where they are unpacked. This server is usually located in the USA. If you visit one of our pages on which we embed Google Fonts, it is transmitted to Google which of our Internet pages you have visited.


Service provider: Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Headquarters in the EU: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Website: https://fonts.google.com/
Privacy policy: https://policies.google.com/privacy

13. Our online presence on social networks

We operate online presences within the social networks listed below. If you visit one of these presences, the data listed in more detail below will be collected and processed by the respective provider. As a rule, this data is collected for advertising and market research purposes and usage profiles are created with it. In the usage profiles, data can be stored regardless of the device you use. This is particularly the case if you are a member of the respective platform and logged in to it. The usage profiles can be used by the providers to play interest-based advertising to you. You have a right of revocation against the creation of user profiles. To exercise this right, you must contact the respective provider.


If you have an account with one of the providers listed below and are logged in there when you visit our website, the respective provider may collect data about your usage behavior on our website. To prevent such linking of your data, you can log out of the provider’s service before visiting our site.


For what purpose and to what extent data is collected by the provider, you can see the respective, in the following communicated, privacy statements of the providers.


We would like to point out that, depending on the country of domicile of the provider named below, the data collected via its platform may be transmitted and processed outside the area of the European Union. In this case, there is a risk that the level of data protection prescribed by the GDPR may not be complied with and that the enforcement of your rights may not be possible or may be difficult.


Data concerned:

  • Inventory and contact data (e.g., name, address, telephone number, e-mail address).

  • Content data (e.g. posts, photos, videos)

  • Usage data (e.g. access times, web pages clicked on)

  • Communication data (e.g. information about the device used, IP address).


Purpose of processing: Communication and marketing, tracking and analysis of user behavior.


Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, legitimate interests Art. 6 para. 1 lit. f GDPR.


Possibilities of objection: For the respective possibilities of objection (opt-out), we refer to the information of the providers linked below.


We maintain online presences on the following social networks:


LinkedIn

Service provider: LinkedIn Corporation, 1000 W Maude, Sunnyvale, CA 94085, USA.
Headquarters in Germany: LinkedIn, Hofstatt 4th Floor, Sendlinger Str. 12, 80331 Munich, Germany
Website: https://www.linkedin.com/?trk=nav_logo
Privacy policy: https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy

14. Registration, login and user account

You have the option of registering on our online medium in order to create a user account there. For this purpose, it is necessary to provide personal data, which can be found in the input mask. The data requested there includes, in particular, your name, your e-mail address, a user name, if applicable, and the password. This data is stored and processed by us in order to set up a user account for you and to enable (repeated) registration. The data can be changed or deleted by you at any time. The data will not be disclosed to third parties unless this serves the technical and organizational processing of the existing user contract between us. To protect you and us from abusive registrations, we store the IP address assigned to you at the time of registration, as well as the date and time of registration.


Data concerned:

  • Inventory data (e.g. names, addresses)

  • Contact data (e.g. e-mail address, telephone number, postal address)

  • Contract data (e.g. subject matter of the contract, duration of the contract)

  • Payment data (e.g. bank details, invoices)

  • Content data (e.g. posts, photos, videos)

  • Usage data (e.g. access times, web pages clicked on)

  • Communication data (e.g. information about the device used, IP address)


Purpose of processing: Processing of contractual services, communication as well as answering contact requests, security measures.


Legal basis: Contract fulfillment and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legal obligation, Art. 6 para. 1 lit. c GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR.


Deletion: See the point: “When do we delete your data? “. In addition, we would like to draw your attention to the fact that we will delete the data collected during registration and the content data stored in the account as soon as you delete your account, subject to any statutory retention obligations to the contrary. We therefore ask you, if you want or need to access the content data stored in your account even after the deletion of your account, to save it in another way before deleting the account.

15. Cookies

Our website uses cookies. Cookies are small text files consisting of a series of numbers and letters that are placed and stored on the terminal device you are using. Cookies are primarily used to exchange information between the end device you are using and our website. This includes, among other things, the language settings on a website, the login status or where a video was watched.


Two types of cookies are used when visiting our websites:


  • Temporary cookies (session cookies): These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. Session cookies are deleted when you log out or close your browser.

  • Permanent cookies: Permanent cookies remain stored even after you close your browser. This allows our website to recognize your computer again when you return to our website. In these cookies, for example, information about language settings or log-in information is stored. In addition, these cookies can be used to document and store your surfing behavior. This data can be used for statistical, marketing and personalization purposes.


In addition to the above classification, cookies can also be distinguished with regard to their purpose:


  • Necessary cookies: These are cookies that are absolutely necessary for the operation of our website to store logins or shopping carts for the duration of your session or cookies that are set for security reasons.

  • Statistics, marketing and personalization cookies: These are cookies that are used for analysis purposes or range measurement. In particular, information on search terms entered or the frequency of page views may be stored via such “tracking” cookies. In addition, the surfing behavior of an individual user (e.g. viewing of certain content, use of functions, etc.) can also be stored in a user profile. Such profiles are used to display content to users that corresponds to their potential interests. Insofar as we use services through which cookies are stored on your terminal device for statistical, marketing and personalization purposes, we will inform you separately about this in the following sections of our data protection declaration or in the context of obtaining your consent.


Data concerned:

  • Usage data (e.g. access times, web pages clicked on)

  • Communication data (e.g. information about the device used, IP address).


Data subjects: Users of our online offers.


Purpose of processing: Playing out our internet pages, ensuring the operation of our internet pages, improving our internet offer, communication and marketing.


Legal basis:


Legitimate interest, Art. 6 para. 1 lit. f GDPR.
Unless we obtain consent from you to set the cookies, we base the processing of your data on our legitimate interest in improving the quality and user-friendliness of our website, in particular its content and functions. You have via the security settings of your browser to object to the use of cookies set by us in the context of our legitimate interest. There you have the option of specifying whether you do not accept cookies from the outset or only on request, or whether you specify that cookies are deleted each time you close your browser. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

16. Your comments or ratings

You have the opportunity to comment on our posts, express your opinion or post content in the designated areas of our website. Since we can be held liable for infringing content of your comment (insult, defamation, incitement of the people, prohibited depiction of violence, etc.), we store your IP address for a period of 7 days in order to be able to determine your identity.


Legal basis: Art. 6 para. 1 lit. f GDPR


Data concerned:

  • Inventory data (e.g. names, addresses)

  • Content data (e.g. posts, photos, videos)

  • Usage data (e.g. access times, web pages clicked on)

  • Communication data (e.g. information about the device used, IP address)


Purpose of processing: Performance of contractual obligations, communication and processing of requests, obtaining feedback, security measures.


Subscribing to comments:

You have the option to subscribe to comments following your post. You will then be notified when other people comment on the same post. To do this, you must activate a checkbox provided for this purpose when submitting your comment and enter your e-mail address. In order to ensure that your e-mail address has not been misused during registration, you will first receive a confirmation e-mail containing a link. By clicking on the link, you activate the receipt of the notification. To prevent misuse, we store the date and time of registration as well as the IP address assigned to you at that time. We delete the e-mail address you have provided either if you have not clicked on the confirmation link 1 month after sending the confirmation e-mail in the double opt-in process or immediately after you revoke the subscription to the respective post.


Legal basis: Consent, Art. 6 para. 1 lit. a GDPR.


Revocation: You can revoke the subscription at any time. We will inform you upon conclusion of the subscription by which means you can declare the revocation – usually by e-mail to an e-mail address provided by us for this purpose. Even after revocation, we may store your email address for up to three years based on our legitimate interests before deleting it to prove that you have completed the subscription. We will store your email address after your revocation solely for this purpose, We will delete your email address early if you confirm that you previously consented to the subscription.

17. Security measures

We also take technical and organizational security measures in accordance with the state of the art to comply with the provisions of data protection laws and to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties.

18. Actuality and change of this privacy policy

This privacy policy is currently valid and has a status of May 2022. Due to changes in legal or regulatory requirements, it may become necessary to adapt this privacy policy.


This privacy policy was created with the help of the data protection generator of SOS Recht. SOS Recht is a service of Mueller.legal Rechtsanwälte Partnerschaft, based in Berlin, Germany.