Privacy Policy

We appreciate your interest in our services. Protecting your personal data is very important to the operator of this website. In general, you can use our online pages without providing personal information; however, if an individual wishes to access or use certain specific services offered through this website, the processing of personal data may become necessary. If such processing is required and there is no other legal basis available, we will normally request the explicit consent of the data subject.

Any processing of personal data, such as a name, address, email address or telephone number, is carried out in accordance with the General Data Protection Regulation (GDPR) and any other applicable national data protection laws. With this privacy notice, we aim to explain to visitors, users and applicants the type, scope and purpose of the personal data that we collect, use and process. In addition, this statement informs data subjects about the rights to which they are entitled.

As the controller, we have introduced various technical and organizational measures designed to ensure that the personal data processed through this website is protected as comprehensively as possible. However, data transmission over the Internet may still involve security risks, and absolute protection can never be fully guaranteed. For this reason, every data subject is free to contact us and share personal data using alternative means of communication, such as by telephone or other secure channels, if they prefer.

Definitions

This privacy policy is based on the terms and concepts used by the European legislator in the GDPR. Our goal is to ensure that the content is understandable and transparent to visitors, customers and business partners. To support this, we explain the main terminology used below.

“We”, “Us”, “Our”, “Administrator”, “Service Provider” and “the Company” refer to the operator of this website and its related pages.

In this privacy policy, we use, among others, the following terms:

a) Personal data

“Personal data” refers to any information relating to an identified or identifiable natural person (“data subject”). An identifiable person is someone who can be identified directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.

b) Data subject

The “data subject” is any identified or identifiable natural person whose personal data is processed.

c) Processing

“Processing” means any operation or set of operations performed on personal data or on sets of personal data, whether or not carried out by automated means. This includes, for example, collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

“Restriction of processing” refers to the marking of stored personal data with the intention of limiting their processing in the future.

e) Profiling

“Profiling” is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects regarding performance at work, financial situation, health, personal preferences, interests, reliability, behavior, location or movements.

f) Pseudonymization

“Pseudonymization” means the processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and protected by technical and organizational measures to ensure that the data is not linked to an identified or identifiable individual.

g) Controller

The “controller” or “controller responsible for the processing” is the natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of processing personal data.

h) Processor

A “processor” is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient

“Recipient” refers to a natural or legal person, public authority, agency or another body to which personal data is disclosed, whether a third party or not. Public authorities that may receive personal data in the framework of a particular inquiry under Union or Member State law are not considered recipients in this sense; their processing must comply with applicable data protection rules according to the purpose of the processing.

j) Third party

A “third party” is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are allowed to process personal data.

k) Consent

“Consent” of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or a clear affirmative action, signify agreement to the processing of personal data relating to them.

Processing of personal data

As a controller, we process personal data in a manner that ensures an appropriate level of security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using suitable technical and organizational measures, and in line with the following principles:

(a) The data is processed lawfully, fairly and transparently in relation to the data subject (“lawfulness, fairness and transparency”).

(b) Data is collected for specified, explicit and legitimate purposes and not further processed in a way that is incompatible with those purposes (“purpose limitation”).

(c) The data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (“data minimization”).

(d) The data is accurate and, where necessary, kept up to date.

(e) Data is not stored longer than needed for the purposes for which it is processed (“storage limitation”).

(f) The data is processed in a way that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).

We process personal data only if at least one of the following legal bases applies:

(a) Processing is necessary for the performance of a contract with the Company to which the data subject is party, or to take steps at the request of the data subject prior to entering into such a contract.

(b) Processing is necessary for compliance with a legal obligation to which we, as controller, are subject.

(c) The data subject has given consent for processing their personal data for one or more specific purposes. When processing is based solely on consent, the data subject may withdraw that consent at any time. Withdrawal does not affect processing that is based on other legal grounds, such as points (a) and (b) above.

We do not process personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, nor do we process genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data regarding a person’s sex life or sexual orientation, unless the data subject has provided explicit consent for such processing for one or more specific purposes, or another legal exemption under the GDPR applies.

Cookies

Our website uses cookies. Cookies are small text files stored on your device by your web browser.

Many websites and servers use cookies. A cookie typically contains a cookie ID, which is a unique identifier. This ID consists of a string of characters that allows web pages and servers to distinguish the specific browser of a user from other browsers that store different cookies. In this way, a particular browser can be recognized and identified using the cookie ID.

By using cookies, we can provide more user-friendly features and services that would not be possible without the cookie setting.

Cookies allow us to tailor the content and offers on our website to users’ needs. As mentioned above, cookies enable us to recognize returning visitors. This recognition helps make the use of our pages easier. For example, a user who has enabled cookies does not have to re-enter access data each time they visit, because the website and the cookie stored on the user’s device handle this for them. Another common example is the cookie used to store the contents of a virtual shopping cart in an online store.

Data subjects may at any time prevent the use of cookies by adjusting the settings of their web browser and may permanently disable cookies. Cookies that are already stored can be deleted at any time via the browser or other software tools. This is supported by most commonly used browsers. However, if cookies are deactivated, some functions of our website may not work properly or may be only partially available.

Collection of general data and information

When our website is accessed by a data subject or an automated system, a series of general data and information may be collected and stored in server log files. These may include: (1) the browser type and version used, (2) the operating system used by the accessing device, (3) the website from which our site was accessed (referrer), (4) sub-pages visited, (5) the date and time of access, (6) the Internet protocol (IP) address, (7) the internet service provider of the accessing system, and (8) other similar data and information that can assist in the event of attacks on our IT systems.

We do not draw conclusions about the data subject from this general information. Instead, this data is needed to (1) deliver the content of our site correctly, (2) optimize the content and advertising on our site, (3) ensure the long-term stability and security of our IT systems and website technology, and (4) provide information to law enforcement authorities in case of a cyber-attack.

We may analyze this data in an anonymized form for statistical purposes and to improve data protection and data security, thereby helping ensure an appropriate level of protection for the personal data we process. Anonymized log file data is stored separately from any personal data provided by data subjects.

Contact via the website

Our site includes options to contact us electronically, for example through a contact form or via email. If a data subject contacts us through one of these channels, the personal data voluntarily transmitted by the data subject is automatically stored.

Such personal data is stored for the purpose of handling the inquiry and for any follow-up communication with the data subject. This data is not passed on to third parties unless this is necessary for processing the request or required by law.

Comments in blog sections

We may provide a blog or similar section on the website where users can leave comments on specific articles or posts. A blog is a publicly accessible portal where individuals can publish posts and share their views.

If a data subject leaves a comment on the blog, the comment, the date and time of the comment, and any pseudonym chosen by the user may be stored and made visible. In addition, the IP address assigned by the internet service provider to the data subject may be logged.

This IP address is stored for security reasons, in case the data subject infringes the rights of third parties or posts illegal content in a comment. The storage of such data is therefore in our legitimate interest, to be able to demonstrate compliance or defend ourselves in the event of legal disputes. Data collected through comments will not be transferred to third parties unless required by law or needed for legal defense.

Routine erasure and blocking of personal data

We process and store personal data only for as long as is necessary to achieve the purposes for which they were collected, or as required by European or national legislation in laws or regulations to which we, as controller, are subject.

If the purpose of storage no longer applies, or a legally prescribed retention period expires, personal data will be routinely blocked or erased in accordance with legal requirements.

Rights of the data subject

Under the GDPR, every data subject has specific rights with respect to their personal data:

a) Right to confirmation

Each data subject has the right to obtain confirmation from the controller as to whether or not personal data concerning them is being processed. They may contact us at any time to exercise this right.

b) Right of access

Each data subject has the right to obtain free information about their stored personal data and a copy of that information, as well as the following details:

– the purposes of the processing;
– the categories of personal data concerned;
– the recipients or categories of recipients to whom the personal data has been or will be disclosed, especially recipients in third countries or international organizations;
– where possible, the envisaged period for which the data will be stored, or, if not possible, the criteria used to determine that period;
– the existence of the right to request rectification or erasure of personal data, or restriction of processing, or to object to such processing;
– the right to lodge a complaint with a supervisory authority;
– where the personal data is not collected directly from the data subject, any available information about its source;
– the existence of automated decision-making, including profiling, and meaningful information about the logic involved and the consequences of such processing.

Where personal data is transferred to a third country or international organization, the data subject also has the right to be informed of the safeguards relating to such transfer.

c) Right to rectification

Each data subject has the right to request the correction of inaccurate personal data concerning them without undue delay. Taking into account the purposes of processing, the data subject also has the right to have incomplete personal data completed, including by providing a supplementary statement.

d) Right to erasure (“right to be forgotten”)

Each data subject has the right to require the erasure of personal data concerning them without undue delay, where one of the following grounds applies and provided that processing is not necessary:

– The personal data is no longer needed in relation to the purposes for which it was collected or otherwise processed.
– The data subject withdraws consent and there is no other legal basis for the processing.
– The data subject objects to the processing and there are no overriding legitimate grounds for the processing.
– The personal data has been processed unlawfully.
– The personal data must be erased to comply with a legal obligation in Union or Member State law.
– The personal data has been collected in relation to the offer of information society services to a child.

If one of these reasons applies and a data subject wishes to have personal data erased, they may contact us at any time. We will arrange for the erasure to be carried out promptly, in accordance with legal obligations.

If we have made personal data public and are obliged to erase it, we will, taking into account available technology and implementation costs, take reasonable steps to inform other controllers processing the data that the data subject has requested the erasure of any links to, or copies of, that personal data, provided processing is not required.

e) Right to restriction of processing

Each data subject has the right to obtain restriction of processing where one of the following applies:

– The accuracy of the personal data is contested by the data subject for a period enabling verification of its accuracy.
– The processing is unlawful and the data subject opposes erasure and requests restriction instead.
– The controller no longer needs the personal data for the purposes of processing, but the data is required by the data subject for the establishment, exercise or defense of legal claims.
– The data subject has objected to processing pending verification of whether the legitimate grounds of the controller override those of the data subject.

If any of these conditions apply and a data subject wishes to request restriction, they may contact us at any time. We will then restrict processing accordingly.

f) Right to data portability

Each data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller to which the data was provided, where:

– processing is based on consent or on a contract; and
– processing is carried out by automated means.

Furthermore, the data subject has the right to have personal data transmitted directly from one controller to another, where technically feasible and where this does not adversely affect the rights and freedoms of others.

g) Right to object

Each data subject has the right to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning them which is based on legitimate interests or on a task carried out in the public interest, including profiling based on those provisions.

We will no longer process the personal data in case of such objection, unless we can demonstrate compelling legitimate grounds that override the interests, rights and freedoms of the data subject, or processing is necessary for the establishment, exercise or defense of legal claims.

If we process personal data for direct marketing purposes, data subjects have the right to object at any time to processing for such marketing, which includes profiling insofar as it is related to such direct marketing. If an objection is made to processing for direct marketing, we will cease processing for this purpose.

h) Automated decision-making, including profiling

Each data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects them, unless such decision:

– is necessary for entering into, or performance of, a contract;
– is authorized by Union or Member State law that also lays down suitable safeguards; or
– is based on explicit consent.

Where automated decision-making is used in these limited circumstances, we will implement appropriate measures to safeguard the data subject’s rights and freedoms, including the right to obtain human intervention, to express their point of view and to contest the decision.

i) Right to withdraw consent

Each data subject has the right to withdraw consent to the processing of personal data at any time when processing is based on consent. Withdrawal does not affect processing carried out before the withdrawal.

Requests to exercise any of these rights will be reviewed and answered within one month of receipt. In certain cases, this period may be extended by up to two further months, depending on the complexity and number of requests. In such cases, data subjects will be informed of any extension and the reasons for it within one month of receiving the request.

Use of third-party tools and services

On our website, we may integrate or use components and services provided by third parties such as social networks, analytics providers, advertising platforms and payment processors. These services may collect and process personal data, for example IP addresses, usage behavior, or device information, when users visit our pages or interact with embedded plugins (such as “Like” buttons, share buttons, embedded videos, etc.).

Examples of such third-party services include, but are not limited to:

– Social media platforms and their plug-ins;
– Web analytics tools;
– Advertising and remarketing services;
– Video hosting platforms;
– Security and performance plugins;
– Online payment service providers.

When a page containing such a component is loaded, the user’s browser may be instructed to retrieve content directly from the third-party provider. This allows the provider to receive information about which pages were visited and, if the user is logged in to the respective service, associate this with their account there. If users do not want these services to link website visits with their profiles, they must log out of those services before visiting our site and possibly clear cookies.

Further information about the purpose and scope of data collection and processing by third-party providers can generally be found in their respective privacy policies and settings pages, where users can also manage their preferences and opt out of certain data processing where available.

Payment methods and payment processors

We may offer online payment options through external payment service providers such as online payment platforms or credit card processors. When selecting such a payment option in the ordering process, personal data required for payment processing will be transmitted to the respective payment provider.

Depending on the service and payment method, this may include data such as: name, billing address, email address, IP address, payment details (e.g. credit card information), and transaction-related information.

The transmission of data to payment service providers is carried out for the purpose of processing payments, fulfilling contracts and preventing fraud. Payment providers may in turn forward data to banks, card networks, credit reference agencies or other service providers where required for payment processing, identity verification and fraud prevention, in accordance with their own privacy policies.

Data subjects can at any time contact the respective payment provider to exercise their data protection rights under applicable law, including the right to information, rectification, erasure or restriction, and to withdraw consent where processing is based on consent.

Legal basis for processing

We rely on different legal grounds for processing personal data, depending on the type and purpose of processing:

– Article 6(1)(a) GDPR: consent for one or more specific purposes;
– Article 6(1)(b) GDPR: processing necessary for performance of a contract with the data subject or to take steps at the data subject’s request prior to entering into a contract;
– Article 6(1)(c) GDPR: processing necessary for compliance with a legal obligation to which we are subject;
– Article 6(1)(d) GDPR: processing necessary to protect the vital interests of the data subject or another natural person;
– Article 6(1)(f) GDPR: processing necessary for the purposes of legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Our legitimate interests may include, for example, operating and improving the website and services, preventing fraud, securing our systems, and communicating with users about our services, provided these interests are balanced against the data subject’s rights and expectations.

Legitimate interests pursued by the controller or a third party

Where data processing is based on Article 6(1)(f) GDPR, our legitimate interest is generally the orderly, secure and efficient conduct of our business activities in a way that benefits our users, employees and stakeholders, and the protection of our services against misuse and security risks.

Duration of storage of personal data

The period for which personal data is stored is determined by the applicable statutory retention periods or by the time necessary to fulfill the purposes for which the data was collected. After expiry of the relevant retention period, or once the purpose has been achieved and no further retention is required (for example, for legal or contractual reasons), personal data is routinely deleted or anonymized in accordance with legal requirements.

Provision of personal data and possible consequences of non-provision

In some cases, the provision of personal data may be required by law (for instance, tax regulations) or may result from contractual obligations (for example, information required for the performance of a contract). In certain situations, concluding a contract may not be possible without the provision of specific personal data.

If a data subject chooses not to provide personal data that is required, this may result in us being unable to enter into or perform a contract or provide certain services. Before providing personal data, the data subject may contact us to clarify whether the provision is legally or contractually required, or necessary for the conclusion of a contract, and what consequences a failure to provide such data would have.

Existence of automated decision-making

We do not use automated decision-making, including profiling, that produces legal effects for data subjects or significantly affects them in a similar manner.