We are very pleased that you chose to visit our website. Data protection is especially important to us. In principle, you can use our website without needing to provide any personal data. However, if a data subject wants to use special services via our website, it may become necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain the consent of the data subject.
As the data controller, Peakboard GmbH has implemented numerous technical and organizational measures (TOM) to ensure that the personal data processed via this website is protected as much as possible. Nevertheless, Internet-based data transmissions may have security gaps, so that we cannot guarantee absolute protection. For this reason, every data subject is free to transmit personal data to us in alternative ways, such as by phone.
Name and address of the data controller
The data controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union, and other legal provisions related to data protection is:
Peakboard GmbHPatrick TheobaldNeckarstrasse 189-19170190 StuttgartGermany
Tel.: +49 711 46 05 99 60
Contact details of the data protection officer
Any data subject may contact our data protection officer directly at any time with any questions or suggestions that they may have regarding data protection. The data protection officer of the data controller is:
You may reach our data protection officer by mailing a letter addressed to the attention of “Data Protection Officer” to our aforementioned address or by email at: email@example.com
Collection of general data and information
Our website collects a series of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the log files of the server.
Examples of data that may be recorded include:
(1) the used browser types and versions,
(2) the operating system of the accessing system,
(3) the website from which an accessing system reached our website (the so-called referrer),
(4) the website that referred an accessing system to our website,
(5) the date and time of access to the website,
(6) an Internet Protocol address (IP address),
(7) the Internet service provider of the accessing system, and
(8) other similar data and information that serve to avert threats in the event of attacks on our information technology systems.
No conclusions are drawn about the data subject from the use of this general data and information.
Rather, this information is required in order to
(1) deliver and display the contents of our website correctly,
(2) optimize the content of our website as well as the advertising for it,
(3) ensure the long-term functionality of our information technology systems and the technology used to run our website, as well as
(4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack.
This anonymously collected data and information is therefore evaluated by the data controller both for statistical purposes and with the aim of increasing our data protection and data security in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
Legal basis for processing
Article 6 (1) (a) GDPR serves as the legal basis for processing operations under which we obtain consent for a specific processing purpose. If the processing of personal data is necessary to carry out a contract to which the data subject is a party – as is the case, for example, for processing operations necessary for the delivery of goods or the provision of any other service or consideration – the processing is based on Article 6 (1) (b) GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, such as when we receive inquiries about our products or services. If we are subject to a legal obligation that requires the processing of personal data, such as to fulfill tax obligations, the processing is based on Article 6 (1) (c) GDPR. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and their name, age, health insurance data, or other vital information had to be passed on to a doctor, hospital, or other third parties. Then the processing would be based on Article 6 (1) (d) GDPR. Ultimately, processing operations could be based on Article 6 (1) (f) GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard our legitimate interest or that of a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not take precedence. We are allowed to perform such processing operations in particular because they have been specifically granted under EU law. In this respect, it stipulates that a legitimate interest could be assumed to exist if the data subject is a customer of the data controller (Recital 47 Clause 2 GDPR). If the processing of personal data is based on Article 6 (1) (f) GDPR, our legitimate interest is to conduct our business activities for the benefit of the wellbeing of all our employees and our shareholders.
Period during which the personal data will be stored
The criterion used to determine the period of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data will be erased as a matter of course if it is no longer necessary for the conduct or initiation of the contract or if the erasure does not conflict with any additional legal requirements.
Data protection information for webinars
As the data controller, we process your personal data (including the following mandatory information: last name, first name, email address, and company) based on your webinar registration.
The purpose of data processing is to offer and conduct webinars as well as to contact you later for marketing purposes. We partly work with partner companies (hereinafter “partners”) to offer our webinars, whereby the webinars may contain product information and advice from our partners. We explicitly identify our respective partners at the time of webinar registration.
The legal basis for data processing is your consent in accordance with Section 25 (1) Telecommunications-Telemedia Data Protection Act (TTDSG) and Article 6 (1) (a) GDPR as well as our legitimate interest in offering you free and informative webinars, whereby the balance of interests in accordance with Article 6 (1) (f) GDPR has not resulted in any restriction of your rights and freedoms. If you do not provide the data, you will not be able to participate in the webinars.
If we work with a partner in a webinar, then depending on the agreement, we may pass on your data provided during registration to the respective partner to contact you and for marketing purposes. In this case, we conclude a joint data controller contract with our partners in accordance with the requirements of Article 26 (1) GDPR.
We will store the data and, in accordance with our data erasure concept, erase it no later than 2 years after the webinar has taken place, unless there are statutory storage requirements to the contrary. If a contractual relationship exists between you and us after the webinar has been held or one is about to be concluded, we will continue to store your personal data in our customer relationship management system (CRM) in accordance with Article 6 (1) (b) GDPR.
You have the right to information, correction, erasure, restriction of processing, objection, data portability, and revocation of consent. In these cases, please contact us in writing at firstname.lastname@example.org. You will receive prompt feedback after receipt of your message.
Routine erasure and blocking of personal data
We process and store the personal data of the data subject only for the period of time necessary to achieve the purpose of storage or if this has been provided for by EU directives and regulations or the applicable laws or regulations of another jurisdiction.
If the purpose of storage no longer applies or if the storage period stipulated under EU directives and regulations or other applicable law expires, the personal data will be blocked or erased as a matter of course and in accordance with the statutory provisions.
Statutory or contractual requirements for providing personal data
We clarify that the provision of personal data is partly required by law (e.g., under tax regulations) or may also result from contractual or pre-contractual regulations (e.g., information on the contractual partner). When concluding a contract, it may sometimes be necessary to collect personal data from a data subject and to then process this data. For example, the data subject must provide us with their personal data if we conclude a contract with them. Failure to provide this personal data would mean that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact one of our employees. Our employee explains to the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is needed for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences would be if the personal data were not provided.
Registration on our website / use of input masks and forms
The data subject has the option of registering on the website of the data controller used for processing by providing personal data or entering personal information in the input fields. This may be necessary, for example, to receive a newsletter, contact us via the contact form, register to participate in events, or exercise other similar registration options. The particular personal data that is transmitted to the data controller for processing is the data that was entered in the input fields during registration. The personal data entered by the data subject is collected and stored exclusively for internal use by the data controller for processing and for their own purposes. We may transmit the data to one or more processors, such as a parcel delivery service, which will also use the personal data exclusively for internal use attributable to the data controller.
If you contact us (e.g., via the contact form), personal data will be collected. This data is stored and used exclusively for the purpose of answering your request and conducting the associated technical administration tasks. The legal basis for processing the data is our legitimate interest in answering your inquiry in accordance with Article 6 (1) (f) GDPR. If you contact us for the purpose of concluding a contract, the additional legal basis for processing is Article 6 (1) (b) GDPR. Your data will be erased after your request has been finally processed. This is the case if it can be inferred that the matter in question has been fully clarified and provided that there are no statutory or legal storage requirements to prevent erasure.
When the data subject registers on the website of the data controller, the IP address assigned to the data subject by their Internet service provider (ISP) and the date and time of registration are also stored. The reason why this data is stored is that it provides the only way to prevent misuse of our services and, if necessary, to allow for any crimes that have been committed to be investigated. In this respect, the storage of this data is necessary to protect the data controller. In principle, this data will not be passed on to third parties unless there is a statutory or legal obligation to transmit it or if it must be shared as part of a criminal prosecution.
When the data subject registers and voluntarily provides personal data, this allows the data controller to offer the data subject content or services that can only be offered to registered users or those who explicitly request this due to the nature of the offering. These persons are free to edit the personal data that they provided at any time or to have it completely erased from the database of the data controller.
Upon request, we will provide every data subject with information about which personal data is stored about them at any time. Furthermore, we correct or erase personal data at the request or notice of the data subject, provided that there are no statutory or legal storage requirements to the contrary. The data subject may contact any of the employees of the data controller in this regard.
SSL or TLS encryption
This site uses SSL or TLS encryption for security purposes and to secure the transmission of confidential information, such as any inquiries that you send us in our capacity as the website operator. You can recognize that your connection is encrypted from the fact that the address line of the browser changes from “http://” to “https://” and from the lock symbol in your browser’s address bar.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Encrypted payment transactions on this website
If you must send us your payment data (e.g., account number for direct debit authorization) after concluding a fee-based contract, this data is needed for payment processing.
Typical payment methods (Visa/MasterCard, direct debit) are processed exclusively via an encrypted SSL or TLS connection. You can recognize that your connection is encrypted from the fact that the address line of the browser changes from “http://” to “https://” and from the lock symbol in your browser’s address bar.
If you use an encrypted communication channel, the data you transmit to us cannot be read by third parties.
Recipients or categories of recipients
Depending on the purpose for which the personal data is collected, we transmit this data to the following recipients or categories of recipients, for example, or they are directly involved in the processing of the personal data:
Transfer to a third country
Depending on the purpose of the personal data that is collected, the data is transferred to a third country as part of the following services:
Use of automated decision-making
As a data controller, we do not utilize automatic decision-making or profiling.
Data protection for job applications and during the job application process
We collect and process the personal data of job applicants for the purpose of handling their application process. The processing can also take place electronically. This is particularly the case if a job applicant sends the relevant application documents electronically, for example by email or via a submission form on the website, to the data controller. If we conclude an employment contract with a job applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the data controller does not conclude an employment contract with the job applicant, the application documents will be automatically erased no later than six months after notification of the rejection decision, provided that there are no other legitimate interests of those opposed to the data controller’s processing in accordance with Article 6 (1) (f) GDPR. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the German General Equal Treatment Act (AGG).
a) Personal data
“Personal data” is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular using an identifier, such as a name, identification number, location data, online identifier, or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural, or social identity of this natural person.
b) Data subject
“Data subject” is any identified or identifiable natural person whose personal data is processed by the data controller.
“Processing” is any process performed with or without the help of automated processes or any such series of processes in relation to personal data, such as collecting, recording, organizing, arranging, storing, adapting or changing, reading, querying, using, disclosing by transmission, distributing, or any other form of making available, matching, or linking, restriction, erasure, or destruction.
d) Restriction of processing
“Restriction of processing” is the marking of stored personal data with the aim of restricting its future processing.
“Profiling” is any type of automated processing of personal data that consists in using this personal data to evaluate certain personal aspects of a natural person, in particular those relating to work performance, economic situation, and health, and to analyze or predict personal preferences, interests, trustworthiness, behavior, location, or relocation of that natural person.
“Pseudonymization” is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.
g) File system
The “file system” is any structured collection of personal data that is accessible in accordance with certain criteria, regardless of whether this collection is centralized, decentralized, or organized in accordance with functional or geographical criteria.
h) Data controller
The “data controller” is the natural or legal person, public authority, agency, or other body that either alone or jointly with others decides on the purposes and means of personal data processing; if the purposes and means of this processing are specified under EU law or the law of the member states, then the data controller or the specific criteria used to determine this person may be provided for by EU law or the law of the member states.
i) Data processor
The “data processor” is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller.
“Recipient” is a natural or legal person, public authority, agency, or other body to which personal data is disclosed, whether a third party or not. However, authorities that may receive personal data as part of a specific investigation mandate under EU or member state law are not considered recipients.
k) Third party
A “third party” is a natural or legal person, public authority, agency, or body other than the data subject, data controller, processor, and persons who are directly authorized by the data controller or processor to process personal data.
The “consent” of the data subject is any voluntarily given, informed and unequivocal expression of will in the specific case in the form of a given statement or other clear affirmative action, by which the data subject indicates that they agree to the processing of their personal data.
A “company” is a natural or legal person engaged in economic activity, regardless of its legal form, including partnerships or associations that regularly engage in economic activity.
Rights of the data subject
a) Right to confirmation
Every data subject has the right under EU ordinances and regulations to request confirmation from the data controller as to whether their personal data is being processed. If a data subject wishes to exercise this right to confirmation, they can contact an employee of the data controller at any time.
b) Right to information
Every data subject affected by the processing of personal data has the right under EU ordinances and regulations to receive free information about the personal data that is stored about them along with a copy of this information from the data controller at any time. Furthermore, EU ordinances and regulations also grant the data subject access to the following information:
c) Right to rectification
Every data subject affected by the processing of personal data has the right under EU ordinances and regulations to demand the immediate correction of incorrect personal data concerning them. Furthermore, the data subject has the right, while taking into account the purposes of the processing, to request the supplementation of incomplete personal data, including also by means of the submission of a supplementary statement. If a data subject wishes to exercise this right to rectification, they can contact an employee of the data controller at any time.
d) Right to erasure (right to be forgotten)
Any data subject affected by the processing of personal data has the right under EU ordinances and regulations to demand that the data controller erase the personal data concerning them immediately if one of the following reasons applies and if the processing is not necessary:
If one of the above reasons applies and a data subject wishes to have personal data that we store erased, they can contact an employee of the data controller at any time. Our employee will ensure that the request for erasure is complied with immediately.
If we have made the personal data public and if we, as the data controller, are obliged to erase the personal data in accordance with Article 17 (1) GDPR, we shall take appropriate measures, including technical measures in accordance with the available technology and the implementation costs, to inform other data controllers who have processed the published data that the data subject has requested that they erase all links to this personal data or copies of this personal data, insofar as the processing is not necessary. Our employee will take the necessary steps in each individual case.
d) Right to restriction of processing
Any data subject affected by the processing of personal data has the right under EU ordinances and regulations to demand that the data controller restrict the processing if one of the following conditions is met:
If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by us, they can contact an employee of the data controller at any time. The employee will arrange for the restriction of processing.
f) Right to data portability
Every data subject affected by the processing of personal data has the right under EU ordinances and regulations to receive personal data relating to them and which the data subject has provided to a data controller in a structured and common machine-readable format. They also have the right to transmit this data to another data controller without interference from the data controller to whom the personal data was originally provided, as long as the processing is based on consent in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or under a contract in accordance with Article (6) (1) (b) GDPR and the processing is carried out using automated means, unless the processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been delegated to the data controller.
Furthermore, when exercising their right to data transferability in accordance with Article 20 (1) GDPR, the data subject has the right to request that the personal data be transmitted directly from one data controller to another data controller, insofar as this is technically feasible and this process does not violate the rights and freedoms of other persons. In order to assert the right to data transferability, the data subject may contact one of our employees at any time using the contact details given above.
g) Right to object
Any data subject affected by the processing of personal data has the right under EU ordinances and regulations to object at any time to the processing of their personal data on the basis of Article 6 (1) (e) or (f) GDPR due to reasons arising from their particular situation. This also applies to profiling based on these provisions.
We will no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights, and freedoms of the data subject, or the processing serves to assert, exercise, or defend against legal claims.
If we process personal data for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data for purposes of such marketing. This also applies to profiling, insofar as it is related to such direct advertising. If the data subject objects to the processing for direct marketing purposes, we will no longer process the personal data for these purposes.
In addition, the data subject has the right, for reasons arising from their particular situation, to object to the processing of their personal data, which we carry out for scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) GDPR, unless such processing is necessary to fulfill a task in the public interest.
In order to exercise the right to object, the data subject can contact one of our employees directly. In connection with the use of information broker services, the data subject is also free, notwithstanding Directive 2002/58/EC, to exercise their right to object using automated means in accordance with their technical specifications.
h) Automated decisions on a case-by-case basis, including profiling
Any data subject affected by the processing of personal data has the right under EU ordinances and regulations to not be subject to a decision based solely on automated processing, including profiling, where said decision will entail legal repercussions for them or significantly affect them in a similar way, unless the decision
(1) is not necessary for the conclusion or performance of a contract between the data subject and the data controller, or
(2) is permissible under the legal provisions of the EU or the member states to which the data controller is subject, and these legal provisions contain appropriate measures to safeguard the rights, freedoms, and legitimate interests of the data subject, or
(3) the data subject expressly consents to such a decision.
If the decision is
(1) necessary for the conclusion or performance of a contract between the data subject and the data controller, or
(2) made with the express consent of the data subject,
we will take appropriate measures to safeguard the rights, freedoms, and legitimate interests of the data subject, including at a minimum the right to request human review of the decision by the data controller, to express their opinion of the decision, and to contest the decision.
If a data subject wishes to exercise their rights related to automated decisions, they can contact an employee of the data controller at any time.
i) Right to revoke consent under data protection law
Every data subject affected by the processing of personal data has the right under EU ordinances and regulations to revoke their consent to the processing of their personal data at any time.
If a data subject wishes to exercise their rights related to revocation of their consent, they can contact an employee of the data controller at any time.
j) Right to file a complaint with the data protection supervisory authority
If you believe that the processing of your personal data violates the GDPR, you have the option, in accordance with Article 77 GDPR, to file a complaint with the above-mentioned data protection officer or a data protection supervisory authority.
The data protection supervisory authority that is responsible for us is:
The State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg
Postfach 10 29 32
However, you may also contact our data protection officer using the contact details provided under Item 2!
By using cookies, we can provide the users of this website with more user-friendly services that would not be possible if cookies were not enabled.
In order to be able to allow the storage of the aforementioned cookies by obtaining your consent to them along with any third-party connections (see the following section), we use a cookie consent tool, which is also known as the “cookie banner” or (corresponding) “consent banner.”
Use of other applications, plugins, and tools
You already know from our general offering that we would like to provide you with the best possible service. We have therefore integrated various applications, plugins, and tools on our website (hereinafter: “tools”). Depending on the function, these can, for example, optimize the loading times of our website, simplify use, help us to improve our offering, or increase security.
You can use this button to change the consent controlled by the consent tool:
Specific details on the used tools are explained below.
Data protection terms and conditions for the implementation and use of DoubleClick by Google
We have integrated the online marketing tool DoubleClick by Google from Google Inc. DoubleClick by Google is operated by Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
DoubleClick by Google transmits data to the DoubleClick server in the USA with each impression as well as through clicks or other activities. Each of these data transfers triggers a cookie request to your browser. If your browser accepts this request, DoubleClick sets a cookie on your system and stores various usage data in it.
We would like to point out that, according to the European Court of Justice (ECJ), there is currently no adequate level of protection for data transfer to the USA, and therefore there are various risks for the legality and security of data processing, including your data.
DoubleClick uses a cookie ID that is required to process the technical process. The cookie ID is required, for example, to display an advertisement in a browser. DoubleClick can also use the cookie ID to record which advertisements are already being displayed in a browser in order to avoid displaying duplicates. Furthermore, the cookie ID enables DoubleClick to record conversions. Conversions are recorded, for example, if a user has previously been shown a DoubleClick ad and then makes a purchase on the advertiser’s website using the same Internet browser.
A DoubleClick cookie does not contain any personally identifiable information. However, a DoubleClick cookie may contain additional campaign identifiers. A campaign identifier serves to identify the campaigns that the user has already interacted with.
Purposes of processing
We use this tool to optimize and display advertising. The cookie is used, among other things, to display user-relevant advertising and to create or improve reports on advertising campaigns. Furthermore, the cookie serves to avoid multiple insertions of the same advertisement.
In addition, each time one of the individual pages of this website is retrieved, which is operated by the data controller and on which a DoubleClick component has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and the billing of fees. As part of this technical procedure, Google gains knowledge of data that Google also uses to create fee statements. Google can understand, among other things, that the data subject has clicked on certain links on our website.
We require your consent to use the tool, which forms the legal basis in accordance with Section 25 (1) Telecommunications-Telemedia Data Protection Act (TTDSG) and Article 6 (1) (a) (informed consent). We obtain this consent through our previously described consent tool and also document this here.
We also have a legitimate interest in optimizing our offering technically and economically and in averting any damage to our company; in doing so we refer to Article 6 (1) (f) (legitimate interest).
Data transfer to the USA is based on the standard contractual clauses promulgated by the EU Commission. You can find the details here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
Google’s Terms of Service can be found at https://policies.google.com/terms?hl=de&gl=de.
Period of data storage
DoubleClick stores your usage data for an estimated period of 180 days.
Opportunity to object
You may revoke your consent at any time. Please select the appropriate settings by using our consent banner. In addition, at any time you can set, manage, and erase cookies in your browser as you wish and according to your knowledge. For example, if you do not want this tool to set cookies and collect information about you and possibly your behavior, you may decide to block all cookies in your browser settings at any time. In individual cases, however, this may prevent various features (such as shopping carts) from working on the websites you visit, even if you want them to.
Data protection terms and conditions for the implementation and use of Google Analytics
We have integrated the analysis tracking tool Google Analytics (GA) from Google Inc. Google Analytics is operated by Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA. For the European region, the company Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland, is the data controller for all Google services, whereby the supervisory authorities have determined that the two Google companies are joint data controllers.
Google Analytics is a traffic analysis or web analysis service. This consists of the collection and evaluation of data on the behavior of visitors to websites.
If you are visiting our website for the first time or if you have already erased existing cookies, the tool will assign you a unique ID the first time it is recognized, which (if one is set) is linked to the cookie you have set. If you visit our website again and the cookie is still there, you will be “recognized” as a returning user, and all newly added behavior and actions will be assigned to the existing ID and recorded. This makes it possible to create and evaluate pseudonymized user profiles.
The tool basically collects data about your actions in relation to our homepage, but also such data as which website you came to our website from (the so-called referrer), which subpages of the website you accessed, or how often and for how long you viewed a subpage. After you have provided your consent, these actions are stored, for example, in cookies and/or sent to Google Analytics servers in the USA and processed there. We receive reports from Google Analytics based on this, which we can use to optimize our offering.
If you already have a Google account, it is possible that Google will link these data records with each other. However, Google itself does not transmit any data collected by Google Analytics unless required by law.
The purpose of the Google Analytics component is to analyze visitor flows and user behavior on our website. Google uses the obtained data and information, among other things, to evaluate the use of our website, to compile online reports for us that show the types of activities on our websites, and to provide other services related to the use of our website.
We also have a legitimate interest in optimizing our offering technically and economically and in averting any damage to our company; in doing so we refer to Article 6 (1) (f) (legitimate interest). We may also use this tool to detect errors on the website, identify attacks, and improve profitability.
Google Analytics stores your usage data for an estimated period of 180 days (with Google Analytics 4, the retention period of your user data is fixed at 14 months, though you can choose a retention period of either 2 months or 14 months).
Data protection terms and conditions for the implementation and use of Google Tag Manager
We have integrated the code organization tool Google Tag Manager from Google Inc. Google Tag Manager is operated by Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA. For the European region, the company Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland, is the data controller for all Google services, whereby the supervisory authorities have determined that the two Google companies are joint data controllers.
“Tags” are short snippets of code. For example, they can be used to record (track) your activities on our website. By integrating the Google Tag Manager, we can centrally implement and manage the tags used on our website using various tracking tools. These do not have to be tags from Google itself, they can also be tags from other companies that can be integrated via the Tag Manager. This allows for a very extensive range of possible uses, which means that, for example, cookies can be set, user and browser data can be collected, or buttons can be integrated. However, the Tag Manager itself does not set any cookies or collect data, since it acts purely as a manager for the implemented tags.
Google reserves the right to collect anonymous data about our use of the Tag Manager, whereby no data is transmitted that is managed by the tool as part of its set of regular features.
As a precaution, we would like to point out that, according to the European Court of Justice (ECJ), there is currently no adequate level of protection for data transfer to the USA, and therefore there are various risks for the legality and security of data processing, including your data.
The purpose of the Google Tag Manager is to optimize our offering technically and economically and to prevent any harm to our company. To do this, we must implement and manage various source code at the core of our website, which can be a very time-consuming and error-prone process. The Google Tag Manager helps us do this, since it greatly simplifies and centralizes this process and largely helps us to avoid errors.
Google Tag Manager does not set any cookies itself and does not collect any personal data, which is why we cannot specify a storage period here. Please refer to the respective descriptions of the tools that it controls.
Data protection terms and conditions for the implementation and use of Google reCAPTCHA
We have integrated the Google reCAPTCHA tool from Google Inc. Google reCAPTCHA is operated by Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
Google reCAPTCHA allows us to protect ourselves from spam and thus ensure that we are not flooded with unwanted and unsolicited information. In contrast to other Captcha tools, which make you solve puzzles, with Google reCAPTCHA you only need to tick a box to verify that you are not a bot.
Google reCAPTCHA collects personal data from users so that it can determine whether actions on our website are actually performed by a person. Examples of the types of data that are collected here include IP addresses, as well as information about the operating system, screen resolution, and cookies that provide information about the actions taken by your mouse and keyboard.
We use this tool to protect ourselves from SPAM software and bots. Google reCAPTCHA is a good choice here, since we believe it offers you excellent user-friendliness and at the same time performs its function very well.
We also have a legitimate interest in optimizing and securing our online service and in averting any damage to our company; in doing so we refer to Article 6 (1) (f) (legitimate interest). However, we only use this tool if you have given us your consent to do so.
Google reCAPTCHA stores your usage data for an estimated period of 180 days.
Data protection terms and conditions for the implementation and use of Google Fonts
We use Google Fonts on our website. These are the “Google Fonts” of Google Inc. The company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is the data controller for all Google services in the European area.
You do not need to register or enter a password to use Google Fonts. Furthermore, no cookies are stored in your browser. The files (CSS, typefaces/fonts) are requested using the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, CSS and font requests are completely separate from all other Google services. If you have a Google account, you do not have to worry about your Google account data being transmitted to Google while using Google Fonts. Google records the use of CSS (Cascading Style Sheets) along with the used fonts and stores this data securely. The following information describes the data storage in detail.
Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google makes available to its users for free.
Many of these fonts are released under the SIL Open Font License, while others have been released under the Apache License. Both are free software licenses.
When you visit our website, the fonts are reloaded via a Google server. When this external query is made, data is transmitted to the Google servers. Google is also able to recognize from this data that you or your IP address is visiting our website. The Google Fonts API was designed to reduce the use, storage, and collection of end-user data to what is necessary for proper font delivery. Incidentally, API stands for “Application Programming Interface” and serves to transmit data for software, among other things.
Google Fonts securely stores CSS and font requests on Google and is therefore protected. The collected usage figures allow Google to determine how well the individual fonts are received. Google publishes the results on internal analysis pages, such as Google Analytics. Google also uses data from its own web crawler to determine which websites use Google Fonts. This data is published in the Google Fonts BigQuery database. Entrepreneurs and developers use the Google web service BigQuery to examine and move large amounts of data.
It should be noted, however, that with every Google Font request, information such as language settings and the IP address, browser version, browser screen resolution, and browser name are automatically transmitted to the Google servers. Whether this data is also stored cannot be clearly determined or is not clearly communicated by Google.
Google Fonts allows us to use fonts on our own website without having to upload them to our own server. Google Fonts is an important component in keeping the quality of our website high. All Google fonts are automatically optimized for the web. This saves data volume, which is a great advantage, especially for use on mobile devices. When you visit our site, the small file size ensures fast loading time. Furthermore, Google Fonts are secure web fonts. Different image synthesis (rendering) systems in different browsers, operating systems, and mobile devices can lead to errors. Such errors can partially distort text or entire websites. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, and Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, and iPod). We therefore use Google Fonts so that we can present our entire online service as beautifully and uniformly as possible.
If you have consented to the use of Google Fonts, the legal basis for the corresponding data processing is this consent. According to Article 6 (1) (a) GDPR (informed consent), this consent represents the legal basis for personal data processing, as may occur when data is collected by Google Fonts.
We also have a legitimate interest in using Google Fonts to optimize our online service. The corresponding legal basis for this is Article 6 (1) (f) GDPR (legitimate interests). However, we only use Google Fonts if you have given your informed consent.
Google processes your data, including also in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can entail various risks for the legality and security of data processing.
Google uses so-called standard contractual clauses (= Article 46 (2) and (3) GDPR) as the basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular in the USA) or when transferring data there. Standard contractual clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards if it is transferred to third countries (such as the USA) and stored there. In agreeing to these clauses, Google undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here along with other regulations: https://eurlex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
You can also read about which data is generally collected by Google and what this data is used for here: https://www.google.com/intl/de/policies/privacy/.
Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. This enables us to use the fonts using a Google style sheet. A style sheet is a template that you can use to quickly and easily change the design or font of a website, for example.
The font files are stored by Google for one year. Google is thus pursuing the goal of fundamentally improving the loading time of websites. When millions of websites refer to the same fonts, they are cached after the first visit and immediately reappear on all other websites visited later. Sometimes Google updates fonts to reduce their file size, add new language character sets, and improve the design.
The data that Google stores for a day or a year cannot simply be erased. The data is automatically transmitted to Google when the page is accessed. If you would like this data to be erased sooner, you must contact Google support at: https://support.google.com/?hl=de&tid=331659344536.
Data protection terms and conditions for the implementation and use of Facebook
We have integrated components of Facebook on this website. Facebook is a social network.
A social network is a social meeting place operated on the Internet, an online community that typically allows users to communicate with one another and to interact in virtual space. A social network can serve as a platform for exchanging opinions and experiences, and it also allows the Internet community to provide personal or company-related information. Facebook enables users of the social network to create private profiles, upload photos, and network with each other using friend requests, among other things.
Facebook is operated by Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the controller responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, however, the data collected is also transferred to the USA and other third countries.
Each time one of the individual pages of this website is retrieved, which is operated by the data controller and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Facebook component to download a representation of the relevant Facebook component from Facebook. For a complete overview of all Facebook plug-ins, see: https://developers.facebook.com/docs/plugins/?locale=de_DE. As part of this technical process, Facebook is informed about which specific subpage of our website is visited by the data subject.
If the data subject is logged on to Facebook at the same time, Facebook will recognize the specific subpage of our website that the data subject visits each time the data subject loads the website and for the entire duration of their visit to our website. This information is collected by the Facebook component and assigned to the respective Facebook account of the data subject by Facebook. If the data subject clicks on one of the Facebook buttons that has been integrated on our website, such as the “Like” button, or if the data subject makes a comment, Facebook associates this information with the personal Facebook user account of the data subject and stores this personal data.
Facebook always receives information via the Facebook component about whether the data subject has visited our website if the data subject is logged in to Facebook at the same time that they access our website; this takes place regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook in this way, they can prevent the transmission by logging out of their Facebook account before accessing our website.
We believe that Facebook is suitable for us because we firmly believe in our offering and our company. It is therefore essential for us that our company communicate our offering to the outside world. Since the social network has a strong focus on the business world, it provides us with a perfectly suitable communication channel.
We also have a legitimate interest in communicating what our company does along with our offering to the outside world, which is why we refer to Article 6 (1) (f) (legitimate interest).
If personal data is collected on our website and forwarded to Facebook via the tools we use, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are joint data controllers responsible for this data processing in accordance with Article 26 GDPR. This joint data controllership is limited exclusively to the collection of the data and its transfer or technical forwarding to Facebook. The processing by Facebook after it is forwarded does not part of our joint data controllership. The obligations that we share have been set out in a joint processing agreement, whose text you can find here: https://www.facebook.com/legal/controller_addendum. In accordance with this agreement, we are responsible for issuing data protection information when using the Facebook tool and for implementing the tool on our website in a secure manner and in accordance with data protection law, while Facebook is responsible for the data security of Facebook products. You may assert your rights (e.g., requests for information) regarding the data processed on Facebook directly on Facebook. If the data subject asserts their rights with us, we are obliged to forward this information to Facebook.
In addition, data transfer to the USA is based on the standard contractual clauses promulgated by the EU Commission. You can find the details here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The data policy published by Facebook, which can be accessed at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing, and use of personal data by Facebook. It also explains what setting options Facebook offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.
If Facebook collects data from other websites, this data will be erased after up to 30 days, unless there is a legal obligation to store the data longer. Facebook stores your usage data for an estimated period of 180 days.
Data protection terms and conditions for the implementation and use of LinkedIn
We have integrated the social network LinkedIn on our website. LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin, is the data controller responsible for data processing in the European Economic Area and Switzerland, whereby a joint data controllership can be assumed.
LinkedIn is an Internet-based social network that allows users to connect with their existing business contacts as well as to establish new ones. Over 400 million registered people use LinkedIn in more than 200 countries. LinkedIn is currently the largest platform for business networking and one of the most visited websites in the world.
No personal data or data about your web activities is transmitted to LinkedIn simply as the result of our integration of LinkedIn functionality. It is only by interacting with an integrated LinkedIn feature, for example by clicking a button, that data can be transmitted to LinkedIn, stored, and processed. User data is then stored, which may include, for example, your IP address, device data, or login data.
LinkedIn is suitable for us because we believe strongly in our offering and our company. It is therefore essential for us that our company communicate our offering to the outside world. Since the social network has a strong focus on the business world, it provides us with a perfectly suitable communication channel.
Data transfer to the USA is based on the standard contractual clauses promulgated by the EU Commission. You can find the details here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
If LinkedIn collects data from other websites, this data will be erased after up to 30 days, unless there is a legal obligation to store the data longer. LinkedIn stores your usage data for an estimated period of 180 days.
Data protection terms and conditions for the implementation and use of YouTube
We have incorporated videos from the video portal YouTube on our website. YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA, 94066, USA. It should be mentioned here that the video portal has been a subsidiary of Google since 2006. For the European region, the company Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland, is the data controller for all Google services, whereby the supervisory authorities have determined that the two Google companies are joint data controllers.
YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate, and comment on them free of charge. YouTube allows users to post all types of videos, which is why both complete film and TV programs as well as music videos, trailers, or videos made by users themselves can be accessed via the Internet portal.
When you visit our website, at least one cookie is set on the pages where a YouTube video is embedded. This cookie stores your IP address and our URL. If you are logged into YouTube while visiting our website, YouTube will usually associate these video interactions with your profile. The data stored here includes, for example, your approximate location, the duration of your session, the bounce rate, and technical information about your browser type. If you are not signed into your YouTube or Google account, Google stores data with a unique identifier associated with your device, browser, or app. For example, it remembers your preferred language settings. However, less usage data is stored because fewer cookies are set.
YouTube provides us with a suitable way of offering you high-quality content in a simple way. We can use videos to give you a better picture of us, present complex issues in a simplified manner, and offer you a better online experience on our website.
YouTube stores your usage data for an estimated period of 180 days. The cookie set by you is automatically deleted after 180 days if you have not deleted it yourself before this time has elapsed.
Data protection terms and conditions for the implementation and use of Matomo (formerly known as Piwik)
We use the web analysis tool Matomo to adapt the design of our website as needed. Matomo creates user profiles based on pseudonyms. In order to do this, it stores permanent cookies on your end device that we then read. In this way, we are able to recognize and count returning visitors. We also use the Heatmap & Session Recording modules. Matomo’s Heatmap service shows us the areas of our website where the mouse is moved most frequently or clicked most frequently. The session recording service records individual user sessions. We can play back recorded sessions, which thus helps us to analyze how our website is used. Data that is entered in forms is not recorded and is not visible at any time.
The web analytics service Matomo helps us primarily to optimize the website and to perform cost-benefit analyses. We also use Matomo to analyze the flow of visitors to the website. It is in our legitimate interest to make our website clear and user-friendly for you. By making IP addresses anonymous, we are able to take the user’s interest in protecting their personal data sufficiently into account.
We only process personal data for as long as is necessary. As soon as the purpose of data processing has been fulfilled, data is blocked and erased in accordance with the standards of the local erasure concept, unless legal provisions prevent this erasure.
Data protection terms and conditions for the implementation and use of Cloudflare
We have integrated the content delivery network (CDN) Cloudflare on our website. Cloudflare is operated by Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA.
Cloudflare is a service that makes it possible to reduce the loading times of websites. This service allows websites to be loaded quickly and in the best possible way, even during periods of high peak load. At the same time, Cloudflare protects its users’ websites with an additional firewall and DDOS protection service. In order to allow us to integrate Cloudflare, personally identifiable information may be sent from your browser to the service. The provider is therefore able to collect and store user data, such as your IP address, browser version, browser type, or the date of your visit to the site.
Since we cannot rule out that servers in the USA may also be used, as a precaution, we would like to point out that, according to the European Court of Justice (ECJ), there is currently no adequate level of protection for data transfer to the USA, and therefore there are various risks for the legality and security of data processing, including your data.
Cloudflare provides us with a suitable way of offering you a well-functioning experience on our website. Our website can be loaded much faster using Cloudflare, and at the same time Cloudflare increases our security against threats.
We also have a legitimate interest in optimizing our online service and making it more secure, which is why we refer to Article 6 (1) (f) (legitimate interest).
In general, Cloudflare stores user data for domains for a period of less than 24 hours. However, the storage period may also last up to 7 days in the case of company domains with activated Cloudflare logs. However, if your IP address triggers a security warning at Cloudflare, it can also lead to a longer storage period in such exceptional cases.
Data protection terms and conditions for the implementation and use of AWS CloudFront CDN
We have integrated the content delivery network (CDN) AWS CloudFront on our website.
AWS CloudFront CDN is operated by the American company Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA.
AWS CloudFront CDN is a service that allows static and dynamic data to be loaded faster and thus provided to the user faster.
AWS CloudFront provides us with a suitable way of offering you a well-functioning experience on our website. Our website can be loaded much faster using AWS CloudFront CDN.
However, we only use this tool if you have given us your consent to do so.
Amazon CloudFront stores your usage data for an estimated period of 180 days.
Data protection terms and conditions for the implementation and use of Bing/Microsoft Advertising
We have integrated the online marketing tool Microsoft Advertising into our website. Microsoft Advertising is operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft operates its own servers around the world. Most are located in the United States, so your information may be stored, maintained, and processed on servers located in the United States.
Microsoft Advertising is an online marketing tool that can be used to place, manage, and track advertising. Microsoft Advertising (formerly Bing Ads) is based on a pay-per-click system. This means that advertisers on Bing and Yahoo! can use the service to advertise. You pay for advertisements only when a user clicks on your ad. For the part mentioned above, the tracking, we have integrated a conversion tracking tool on our website, which also stores data that you provide. The reason for this is that if visitors are referred to our website via Microsoft advertising, we can use the conversion tracking tag (a small code snippet) to analyze the user behavior of website visitors who came to our site via advertising. We need this functionality in order to ensure that our advertising measures are cost-efficient. The Microsoft Advertising conversion tracking tag collects data on user behavior. This is data such as which advertisement brought you to our website, which keyword you used on Bing or Yahoo, what interactions you have with our website, and how much time you spend on our website. If you have a Microsoft account, Microsoft may link the collected data to your account.
Microsoft Advertising provides us with a suitable solution to analyze visitor flows and user behavior on our website. Microsoft uses the obtained data and information to evaluate the use of our website, compile online reports for us that show activities on our website, and provide other services related to the use of our website, among other things.
For search queries via Bing, Microsoft erases your saved search queries after 6 months by deleting your IP address. In principle, this also means that Microsoft keeps the personal data for as long as it is necessary for the provision of its own services and products or for legal purposes.
Data protection terms and conditions for the implementation and use of Clarity/Microsoft HeatMap
We have integrated the project and portfolio management tool Clarity on our website. It is operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Data is also transferred to the USA.
Microsoft Clarity is a project and portfolio management tool that allows for user analysis based on pseudonymous user identities and thus increases user analysis based on pseudonymous data, such as the evaluation of mouse movement data and performance data for certain websites.
On our website, usage data (websites visited, interest in content, access times, etc.), metadata/communication data (device information, IP address, etc.), location data (information about the geographical location of a device or a person), and movement data (mouse and scrolling movements) are collected in pseudonymized form. Microsoft has already configured the appropriate settings for this, so that the data collection by Microsoft is already pseudonymized, in particular due to IP masking (IP address pseudonymization).
We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can entail various risks for the legality and security of data processing.
Microsoft Clarity provides us with a suitable solution to analyze visitor flows and user behavior on our website. This allows us to target our marketing measures more efficiently and more economically as well as to reach even more people with our offering, for whom we can create real added value.
We also have a legitimate interest in optimizing our online service and marketing activities, which is why we refer to Article 6 (1) (f) (legitimate interest).
Microsoft Clarity stores your usage data for an estimated period of 180 days.
Data protection terms and conditions for the implementation and use of Active Campaign
We have integrated the Active Campaign service on our website. Active Campaign is operated by ActiveCampaign, LLC, 150 N. Michigan Ave Suite 1230, Chicago, IL, US, USA.
Active Campaign is a service that can be used to send newsletters. The service both organizes and analyzes newsletters.
Technical information, such as the time of retrieval, the IP address, as well as the browser type and the user’s operating system can be processed.
Active Campaign is a suitable solution that allows us to increase our customer service and to be able to offer our customers professional added value via the newsletter.
We also have a legitimate interest in optimizing our online service, which is why we refer to Article 6 (1) (f) (legitimate interest).
Active Campaign stores your usage data for an estimated period of 180 days.
Data protection terms and conditions for the implementation and use of Google Photos
We have integrated Google Photos on our website. Google Photos is operated by Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
Google Photos is a service that allows you to upload images to create image galleries. When accessing these image galleries, the user’s browser loads the desired images into the user’s browser cache.
Personal data, such as the IP address of the user, may be transmitted in this case.
Google Photos provides us with a suitable way of offering you a well-functioning experience on our website. Our website can be loaded much faster using Google Photos.
Google Photos stores your usage data for an estimated period of 180 days.
Data protection terms and conditions for the implementation and use of Google Videos
We have integrated videos on our website. Google Photos is operated by Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
Google Videos is a video hosting service from Google. Videos can be uploaded to our website from the cloud.
Google Videos provides us with a suitable way of offering you a well-functioning experience on our website. Our website can be loaded much faster using Google Videos.
Google Videos saves your usage data for approximately 180 days.
Data protection terms and conditions for the implementation and use of Gravatar
We have integrated Gravatar on our website. Gravatar is operated by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.
Gravatar stands for Globally Recognized Avatar. A “Gravatar” only has to be created once. By connecting your email address, the Gravatar is automatically inserted into a website comment area as well as other online presences.
Gravatar provides us with a suitable solution to design our online service better.
Gravatar stores your usage data for approximately 180 days.
Data protection terms and conditions for the implementation and use of Stripe
We have integrated the Stripe service on our website. Stripe is operated by Stripe Inc., 510 Townsend St. Francisco, CA 94103, USA.
Stripe is a payment provider that makes it easy to process online payments.
The data that the user enters to process the payment transaction is also processed by Stripe in order to ensure the provision of the service.
Stripe provides us with a suitable solution to optimize our online service and also to enable a simple and fast payment process via our website.
Stripe will store your usage data for approximately 180 days.