Peakboard GmbH

Privacy policy.

We are very pleased that you chose to visit our website. Data protection is especially important to us. In principle, you can use our website without needing to provide any personal data. However, if a data subject wants to use special services via our website, it may become necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain the consent of the data subject.

Personal data, such as the name, address, email address, or phone number of a data subject, is always processed in accordance with the General Data Protection Regulation (GDPR) and the applicable country-specific data protection terms and conditions. We would like to use this Privacy Policy to inform you and the public about the type, scope, and purpose of the personal data that we collect, use, and process. Furthermore, we will inform the data subjects of the rights to which they are entitled under this Privacy Policy.

As the data controller, Peakboard GmbH has implemented numerous technical and organizational measures (TOM) to ensure that the personal data processed via this website is protected as much as possible. Nevertheless, Internet-based data transmissions may have security gaps, so that we cannot guarantee absolute protection. For this reason, every data subject is free to transmit personal data to us in alternative ways, such as by phone.

Name and address of the data controller

The data controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union, and other legal provisions related to data protection is:

Peakboard GmbH
Patrick Theobald
Neckarstrasse 189-191
70190 Stuttgart
Germany

Tel.: +49 711 46 05 99 60

Email: info@peakboard.com

Website: www.peakboard.com

Contact details of the data protection officer

Any data subject may contact our data protection officer directly at any time with any questions or suggestions that they may have regarding data protection. The data protection officer of the data controller is:

NetBull GmbH

Patrick Vaillant

You may reach our data protection officer by mailing a letter addressed to the attention of “Data Protection Officer” to our aforementioned address or by email at: datenschutz@peakboard.com

Collection of general data and information

Our website collects a series of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the log files of the server.

Examples of data that may be recorded include:

(1) the used browser types and versions,

(2) the operating system of the accessing system,

(3) the website from which an accessing system reached our website (the so-called referrer),

(4) the website that referred an accessing system to our website,

(5) the date and time of access to the website,

(6) an Internet Protocol address (IP address),

(7) the Internet service provider of the accessing system, and

(8) other similar data and information that serve to avert threats in the event of attacks on our information technology systems.

No conclusions are drawn about the data subject from the use of this general data and information.

Rather, this information is required in order to

(1) deliver and display the contents of our website correctly,

(2) optimize the content of our website as well as the advertising for it,

(3) ensure the long-term functionality of our information technology systems and the technology used to run our website, as well as

(4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack.

This anonymously collected data and information is therefore evaluated by the data controller both for statistical purposes and with the aim of increasing our data protection and data security in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

Legal basis for processing

Article 6 (1) (a) GDPR serves as the legal basis for processing operations under which we obtain consent for a specific processing purpose. If the processing of personal data is necessary to carry out a contract to which the data subject is a party – as is the case, for example, for processing operations necessary for the delivery of goods or the provision of any other service or consideration – the processing is based on Article 6 (1) (b) GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, such as when we receive inquiries about our products or services. If we are subject to a legal obligation that requires the processing of personal data, such as to fulfill tax obligations, the processing is based on Article 6 (1) (c) GDPR. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and their name, age, health insurance data, or other vital information had to be passed on to a doctor, hospital, or other third parties. Then the processing would be based on Article 6 (1) (d) GDPR. Ultimately, processing operations could be based on Article 6 (1) (f) GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard our legitimate interest or that of a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not take precedence. We are allowed to perform such processing operations in particular because they have been specifically granted under EU law. In this respect, it stipulates that a legitimate interest could be assumed to exist if the data subject is a customer of the data controller (Recital 47 Clause 2 GDPR). If the processing of personal data is based on Article 6 (1) (f) GDPR, our legitimate interest is to conduct our business activities for the benefit of the wellbeing of all our employees and our shareholders.

Period during which the personal data will be stored

The criterion used to determine the period of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data will be erased as a matter of course if it is no longer necessary for the conduct or initiation of the contract or if the erasure does not conflict with any additional legal requirements.

Data protection information for webinars

As the data controller, we process your personal data (including the following mandatory information: last name, first name, email address, and company) based on your webinar registration.

The purpose of data processing is to offer and conduct webinars as well as to contact you later for marketing purposes. We partly work with partner companies (hereinafter “partners”) to offer our webinars, whereby the webinars may contain product information and advice from our partners. We explicitly identify our respective partners at the time of webinar registration.

The legal basis for data processing is your consent in accordance with Section 25 (1) Telecommunications-Telemedia Data Protection Act (TTDSG) and Article 6 (1) (a) GDPR as well as our legitimate interest in offering you free and informative webinars, whereby the balance of interests in accordance with Article 6 (1) (f) GDPR has not resulted in any restriction of your rights and freedoms. If you do not provide the data, you will not be able to participate in the webinars.

If you are interested in our software and hardware solutions and would like to contact us again, we will store your data in our customer relationship management system (CRM). We use the cloud service Dynamics 365 from Microsoft as our CRM system. The contract for data processing consists of the online services terms (OSTs) and the data processing and security regulations contained in the Data Protection Addendum (DPA), both of which can be found here: https://www.microsoft.com/licensing/docs), which are defined for Microsoft online services. In addition, please review the Privacy Policy(https://privacy.microsoft.com/de-de/privacystatement) and Security Notice (https://www.microsoft.com/de-de/trust-center) provided by Microsoft.

If we work with a partner in a webinar, then depending on the agreement, we may pass on your data provided during registration to the respective partner to contact you and for marketing purposes. In this case, we conclude a joint data controller contract with our partners in accordance with the requirements of Article 26 (1) GDPR.

We will store the data and, in accordance with our data erasure concept, erase it no later than 2 years after the webinar has taken place, unless there are statutory storage requirements to the contrary. If a contractual relationship exists between you and us after the webinar has been held or one is about to be concluded, we will continue to store your personal data in our customer relationship management system (CRM) in accordance with Article 6 (1) (b) GDPR.

We use the online service “GoTo!” from LogMeIn for our webinars. For more details about the data processing of GoTo!, please see the respective terms of use and privacy policy of the provider (https://www.goto.com/de/company/trust).

You have the right to information, correction, erasure, restriction of processing, objection, data portability, and revocation of consent. In these cases, please contact us in writing at data.protection@theobald-software.com. You will receive prompt feedback after receipt of your message.

Routine erasure and blocking of personal data

We process and store the personal data of the data subject only for the period of time necessary to achieve the purpose of storage or if this has been provided for by EU directives and regulations or the applicable laws or regulations of another jurisdiction.

If the purpose of storage no longer applies or if the storage period stipulated under EU directives and regulations or other applicable law expires, the personal data will be blocked or erased as a matter of course and in accordance with the statutory provisions.

Statutory or contractual requirements for providing personal data

We clarify that the provision of personal data is partly required by law (e.g., under tax regulations) or may also result from contractual or pre-contractual regulations (e.g., information on the contractual partner). When concluding a contract, it may sometimes be necessary to collect personal data from a data subject and to then process this data. For example, the data subject must provide us with their personal data if we conclude a contract with them. Failure to provide this personal data would mean that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact one of our employees. Our employee explains to the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is needed for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences would be if the personal data were not provided.

Registration on our website / use of input masks and forms

The data subject has the option of registering on the website of the data controller used for processing by providing personal data or entering personal information in the input fields. This may be necessary, for example, to receive a newsletter, contact us via the contact form, register to participate in events, or exercise other similar registration options. The particular personal data that is transmitted to the data controller for processing is the data that was entered in the input fields during registration. The personal data entered by the data subject is collected and stored exclusively for internal use by the data controller for processing and for their own purposes. We may transmit the data to one or more processors, such as a parcel delivery service, which will also use the personal data exclusively for internal use attributable to the data controller.

If you contact us (e.g., via the contact form), personal data will be collected. This data is stored and used exclusively for the purpose of answering your request and conducting the associated technical administration tasks. The legal basis for processing the data is our legitimate interest in answering your inquiry in accordance with Article 6 (1) (f) GDPR. If you contact us for the purpose of concluding a contract, the additional legal basis for processing is Article 6 (1) (b) GDPR. Your data will be erased after your request has been finally processed. This is the case if it can be inferred that the matter in question has been fully clarified and provided that there are no statutory or legal storage requirements to prevent erasure.

When the data subject registers on the website of the data controller, the IP address assigned to the data subject by their Internet service provider (ISP) and the date and time of registration are also stored. The reason why this data is stored is that it provides the only way to prevent misuse of our services and, if necessary, to allow for any crimes that have been committed to be investigated. In this respect, the storage of this data is necessary to protect the data controller. In principle, this data will not be passed on to third parties unless there is a statutory or legal obligation to transmit it or if it must be shared as part of a criminal prosecution.

When the data subject registers and voluntarily provides personal data, this allows the data controller to offer the data subject content or services that can only be offered to registered users or those who explicitly request this due to the nature of the offering. These persons are free to edit the personal data that they provided at any time or to have it completely erased from the database of the data controller.

Upon request, we will provide every data subject with information about which personal data is stored about them at any time. Furthermore, we correct or erase personal data at the request or notice of the data subject, provided that there are no statutory or legal storage requirements to the contrary. The data subject may contact any of the employees of the data controller in this regard.

SSL or TLS encryption

This site uses SSL or TLS encryption for security purposes and to secure the transmission of confidential information, such as any inquiries that you send us in our capacity as the website operator. You can recognize that your connection is encrypted from the fact that the address line of the browser changes from “http://” to “https://” and from the lock symbol in your browser’s address bar.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website

If you must send us your payment data (e.g., account number for direct debit authorization) after concluding a fee-based contract, this data is needed for payment processing.

Typical payment methods (Visa/MasterCard, direct debit) are processed exclusively via an encrypted SSL or TLS connection. You can recognize that your connection is encrypted from the fact that the address line of the browser changes from “http://” to “https://” and from the lock symbol in your browser’s address bar.

If you use an encrypted communication channel, the data you transmit to us cannot be read by third parties.

Recipients or categories of recipients

Depending on the purpose for which the personal data is collected, we transmit this data to the following recipients or categories of recipients, for example, or they are directly involved in the processing of the personal data:

Provider
IT service provider
Other recipients depending on the tools used

Transfer to a third country

Depending on the purpose of the personal data that is collected, the data is transferred to a third country as part of the following services:

Active Campaign
Amazon CloudFront
Bing Ads
Calendly
Cloudflare
DoubleClick
Facebook
Google Analytics
Google Fonts
Google Photos
Google reCAPTCHA
Google Tag Manager
Google Video
Gravatar
LinkedIn
Microsoft Clarity
YouTube
Stripe

Use of automated decision-making

As a data controller, we do not utilize automatic decision-making or profiling.

Data protection for job applications and during the job application process

We collect and process the personal data of job applicants for the purpose of handling their application process. The processing can also take place electronically. This is particularly the case if a job applicant sends the relevant application documents electronically, for example by email or via a submission form on the website, to the data controller. If we conclude an employment contract with a job applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the data controller does not conclude an employment contract with the job applicant, the application documents will be automatically erased no later than six months after notification of the rejection decision, provided that there are no other legitimate interests of those opposed to the data controller’s processing in accordance with Article 6 (1) (f) GDPR. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the German General Equal Treatment Act (AGG).

Definitions

This Privacy Policy utilizes the terms of EU law as found in the General Data Protection Regulation (GDPR). Our Privacy Policy is written in a way that is understandable to the general public as well as to our customers and business partners. To ensure this, we would like to explain the terms used in advance.

We use the following terms, among others, in this Privacy Policy:

a) Personal data

“Personal data” is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular using an identifier, such as a name, identification number, location data, online identifier, or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural, or social identity of this natural person.

b) Data subject

“Data subject” is any identified or identifiable natural person whose personal data is processed by the data controller.

c) Processing

“Processing” is any process performed with or without the help of automated processes or any such series of processes in relation to personal data, such as collecting, recording, organizing, arranging, storing, adapting or changing, reading, querying, using, disclosing by transmission, distributing, or any other form of making available, matching, or linking, restriction, erasure, or destruction.

d) Restriction of processing

“Restriction of processing” is the marking of stored personal data with the aim of restricting its future processing.

e) Profiling

“Profiling” is any type of automated processing of personal data that consists in using this personal data to evaluate certain personal aspects of a natural person, in particular those relating to work performance, economic situation, and health, and to analyze or predict personal preferences, interests, trustworthiness, behavior, location, or relocation of that natural person.

f) Pseudonymization

“Pseudonymization” is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.

g) File system

The “file system” is any structured collection of personal data that is accessible in accordance with certain criteria, regardless of whether this collection is centralized, decentralized, or organized in accordance with functional or geographical criteria.

h) Data controller

The “data controller” is the natural or legal person, public authority, agency, or other body that either alone or jointly with others decides on the purposes and means of personal data processing; if the purposes and means of this processing are specified under EU law or the law of the member states, then the data controller or the specific criteria used to determine this person may be provided for by EU law or the law of the member states.

i) Data processor

The “data processor” is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller.

j) Recipient

“Recipient” is a natural or legal person, public authority, agency, or other body to which personal data is disclosed, whether a third party or not. However, authorities that may receive personal data as part of a specific investigation mandate under EU or member state law are not considered recipients.

k) Third party

A “third party” is a natural or legal person, public authority, agency, or body other than the data subject, data controller, processor, and persons who are directly authorized by the data controller or processor to process personal data.

l) Consent

The “consent” of the data subject is any voluntarily given, informed and unequivocal expression of will in the specific case in the form of a given statement or other clear affirmative action, by which the data subject indicates that they agree to the processing of their personal data.

m) Company

A “company” is a natural or legal person engaged in economic activity, regardless of its legal form, including partnerships or associations that regularly engage in economic activity.

Rights of the data subject

a) Right to confirmation

Every data subject has the right under EU ordinances and regulations to request confirmation from the data controller as to whether their personal data is being processed. If a data subject wishes to exercise this right to confirmation, they can contact an employee of the data controller at any time.

b) Right to information

Every data subject affected by the processing of personal data has the right under EU ordinances and regulations to receive free information about the personal data that is stored about them along with a copy of this information from the data controller at any time. Furthermore, EU ordinances and regulations also grant the data subject access to the following information:

Purposes of processing
Categories of personal data that are processed
Recipients or categories of recipients to whom the personal data have been or will be disclosed, including in particular recipients in third countries or international organizations
If possible, the planned period during which the personal data will be stored or, if this is not possible, the criteria used to determine that period
Whether there is a right to correct or erase the personal data concerning you or to restrict processing by the data controller or a right to object to this processing
Whether there is a right of appeal to a supervisory authority
If the personal data is not collected from the data subject: all available information about the origin of the data
Whether automated decision-making is used, including profiling in accordance with Article 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the utilized logic and the scope and intended effects of such processing for the data subject
Furthermore, the data subject has a right to information about whether personal data has been transmitted to a third country or to an international organization. If this is the case, the data subject has the right to receive information about the corresponding guarantees in connection with the transmission.
If a data subject wishes to exercise this right to information, they can contact an employee of the data controller at any time.

c) Right to rectification

Every data subject affected by the processing of personal data has the right under EU ordinances and regulations to demand the immediate correction of incorrect personal data concerning them. Furthermore, the data subject has the right, while taking into account the purposes of the processing, to request the supplementation of incomplete personal data, including also by means of the submission of a supplementary statement. If a data subject wishes to exercise this right to rectification, they can contact an employee of the data controller at any time.

d) Right to erasure (right to be forgotten)

Any data subject affected by the processing of personal data has the right under EU ordinances and regulations to demand that the data controller erase the personal data concerning them immediately if one of the following reasons applies and if the processing is not necessary:

The personal data was collected for purposes or otherwise processed for a reason that is no longer necessary.
The data subject revokes their consent on which the processing was based in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR and there is no other legal basis for the processing.
The data subject objects to the processing in accordance with Article 21 (1) GDPR, and there are no overriding legitimate reasons for the processing, or the data subject objects to the processing in accordance with Article 21 (2) GDPR.
The personal data has been unlawfully processed.
The erasure of the personal data is necessary to fulfill a legal obligation under EU ordinances and regulations to which the data controller is subject.
The personal data was collected in relation to the services of an information broker in accordance with Article 8 (1) GDPR.

If one of the above reasons applies and a data subject wishes to have personal data that we store erased, they can contact an employee of the data controller at any time. Our employee will ensure that the request for erasure is complied with immediately.

If we have made the personal data public and if we, as the data controller, are obliged to erase the personal data in accordance with Article 17 (1) GDPR, we shall take appropriate measures, including technical measures in accordance with the available technology and the implementation costs, to inform other data controllers who have processed the published data that the data subject has requested that they erase all links to this personal data or copies of this personal data, insofar as the processing is not necessary. Our employee will take the necessary steps in each individual case.

d) Right to restriction of processing

Any data subject affected by the processing of personal data has the right under EU ordinances and regulations to demand that the data controller restrict the processing if one of the following conditions is met:

The accuracy of the personal data is contested by the data subject for a period enabling the data controller to verify the accuracy of the personal data.
The processing is unlawful, and the data subject refuses to erase the personal data and instead requests the restriction of the use of the personal data.
The data controller no longer needs the personal data for the purposes of processing, but the data subject needs it to assert, exercise, or defend against legal claims.
The data subject has filed an objection to the processing in accordance with Article 21 (1) GDPR pending the verification of whether the legitimate interests of the data controller override those of the data subject.

If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by us, they can contact an employee of the data controller at any time. The employee will arrange for the restriction of processing.

f) Right to data portability

Every data subject affected by the processing of personal data has the right under EU ordinances and regulations to receive personal data relating to them and which the data subject has provided to a data controller in a structured and common machine-readable format. They also have the right to transmit this data to another data controller without interference from the data controller to whom the personal data was originally provided, as long as the processing is based on consent in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or under a contract in accordance with Article (6) (1) (b) GDPR and the processing is carried out using automated means, unless the processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been delegated to the data controller.

Furthermore, when exercising their right to data transferability in accordance with Article 20 (1) GDPR, the data subject has the right to request that the personal data be transmitted directly from one data controller to another data controller, insofar as this is technically feasible and this process does not violate the rights and freedoms of other persons. In order to assert the right to data transferability, the data subject may contact one of our employees at any time using the contact details given above.

g) Right to object

Any data subject affected by the processing of personal data has the right under EU ordinances and regulations to object at any time to the processing of their personal data on the basis of Article 6 (1) (e) or (f) GDPR due to reasons arising from their particular situation. This also applies to profiling based on these provisions.

We will no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights, and freedoms of the data subject, or the processing serves to assert, exercise, or defend against legal claims.

If we process personal data for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data for purposes of such marketing. This also applies to profiling, insofar as it is related to such direct advertising. If the data subject objects to the processing for direct marketing purposes, we will no longer process the personal data for these purposes.

In addition, the data subject has the right, for reasons arising from their particular situation, to object to the processing of their personal data, which we carry out for scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) GDPR, unless such processing is necessary to fulfill a task in the public interest.

In order to exercise the right to object, the data subject can contact one of our employees directly. In connection with the use of information broker services, the data subject is also free, notwithstanding Directive 2002/58/EC, to exercise their right to object using automated means in accordance with their technical specifications.

h) Automated decisions on a case-by-case basis, including profiling

Any data subject affected by the processing of personal data has the right under EU ordinances and regulations to not be subject to a decision based solely on automated processing, including profiling, where said decision will entail legal repercussions for them or significantly affect them in a similar way, unless the decision

(1) is not necessary for the conclusion or performance of a contract between the data subject and the data controller, or

(2) is permissible under the legal provisions of the EU or the member states to which the data controller is subject, and these legal provisions contain appropriate measures to safeguard the rights, freedoms, and legitimate interests of the data subject, or

(3) the data subject expressly consents to such a decision.

If the decision is

(1) necessary for the conclusion or performance of a contract between the data subject and the data controller, or

(2) made with the express consent of the data subject,

we will take appropriate measures to safeguard the rights, freedoms, and legitimate interests of the data subject, including at a minimum the right to request human review of the decision by the data controller, to express their opinion of the decision, and to contest the decision.

If a data subject wishes to exercise their rights related to automated decisions, they can contact an employee of the data controller at any time.

i) Right to revoke consent under data protection law

Every data subject affected by the processing of personal data has the right under EU ordinances and regulations to revoke their consent to the processing of their personal data at any time.

If a data subject wishes to exercise their rights related to revocation of their consent, they can contact an employee of the data controller at any time.

j) Right to file a complaint with the data protection supervisory authority

If you believe that the processing of your personal data violates the GDPR, you have the option, in accordance with Article 77 GDPR, to file a complaint with the above-mentioned data protection officer or a data protection supervisory authority.

The data protection supervisory authority that is responsible for us is:

The State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg

Postfach 10 29 32

70025 Stuttgart

However, you may also contact our data protection officer using the contact details provided under Item 2!

Cookies

Our web pages use cookies. Cookies are text files that are filed and stored on an information technology system (e.g., computer, notebook, smartphone, or tablet) by an Internet browser.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string that websites and servers can assign to the specific Internet browser where the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified using the unique cookie ID.

By using cookies, we can provide the users of this website with more user-friendly services that would not be possible if cookies were not enabled.

The information and offers on our website can be optimized for the user using cookies. As was already mentioned, cookies allow us to identify the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to check an option in the cookie banner every time they visit, for example, or re-enter their access credentials on the website, since the website will be able to read this information from the cookie stored on the user’s computer system. Another example is the shopping cart cookie used by online stores. The online store can use a cookie to remember the items that a customer has placed in their virtual shopping cart.

The data subject can prevent the storage of cookies by our website at any time by enabling a corresponding setting in their Internet browser to permanently disable the use of cookies. Furthermore, cookies that have already been set can be erased at any time using their Internet browser or another software program. This can be done in all commonly used Internet browsers. If the data subject disables cookies in their Internet browser, not all functions of our website may be fully usable.

Consent tool

In order to be able to allow the storage of the aforementioned cookies by obtaining your consent to them along with any third-party connections (see the following section), we use a cookie consent tool, which is also known as the “cookie banner” or (corresponding) “consent banner.”

Use of other applications, plugins, and tools

You already know from our general offering that we would like to provide you with the best possible service. We have therefore integrated various applications, plugins, and tools on our website (hereinafter: “tools”). Depending on the function, these can, for example, optimize the loading times of our website, simplify use, help us to improve our offering, or increase security.

You can use this button to change the consent controlled by the consent tool:

Specific details on the used tools are explained below.

Data protection terms and conditions for the implementation and use of DoubleClick by Google

We have integrated the online marketing tool DoubleClick by Google from Google Inc. DoubleClick by Google is operated by Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

DoubleClick by Google transmits data to the DoubleClick server in the USA with each impression as well as through clicks or other activities. Each of these data transfers triggers a cookie request to your browser. If your browser accepts this request, DoubleClick sets a cookie on your system and stores various usage data in it.

We would like to point out that, according to the European Court of Justice (ECJ), there is currently no adequate level of protection for data transfer to the USA, and therefore there are various risks for the legality and security of data processing, including your data.

DoubleClick uses a cookie ID that is required to process the technical process. The cookie ID is required, for example, to display an advertisement in a browser. DoubleClick can also use the cookie ID to record which advertisements are already being displayed in a browser in order to avoid displaying duplicates. Furthermore, the cookie ID enables DoubleClick to record conversions. Conversions are recorded, for example, if a user has previously been shown a DoubleClick ad and then makes a purchase on the advertiser’s website using the same Internet browser.

A DoubleClick cookie does not contain any personally identifiable information. However, a DoubleClick cookie may contain additional campaign identifiers. A campaign identifier serves to identify the campaigns that the user has already interacted with.

Purposes of processing

We use this tool to optimize and display advertising. The cookie is used, among other things, to display user-relevant advertising and to create or improve reports on advertising campaigns. Furthermore, the cookie serves to avoid multiple insertions of the same advertisement.

In addition, each time one of the individual pages of this website is retrieved, which is operated by the data controller and on which a DoubleClick component has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and the billing of fees. As part of this technical procedure, Google gains knowledge of data that Google also uses to create fee statements. Google can understand, among other things, that the data subject has clicked on certain links on our website.

Legal basis

We require your consent to use the tool, which forms the legal basis in accordance with Section 25 (1) Telecommunications-Telemedia Data Protection Act (TTDSG) and Article 6 (1) (a) (informed consent). We obtain this consent through our previously described consent tool and also document this here.

We also have a legitimate interest in optimizing our offering technically and economically and in averting any damage to our company; in doing so we refer to Article 6 (1) (f) (legitimate interest).

Data transfer to the USA is based on the standard contractual clauses promulgated by the EU Commission. You can find the details here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

For more information on how user data is handled, see Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.

Google’s Terms of Service can be found at https://policies.google.com/terms?hl=de&gl=de.

Period of data storage

DoubleClick stores your usage data for an estimated period of 180 days.

Opportunity to object

You may revoke your consent at any time. Please select the appropriate settings by using our consent banner. In addition, at any time you can set, manage, and erase cookies in your browser as you wish and according to your knowledge. For example, if you do not want this tool to set cookies and collect information about you and possibly your behavior, you may decide to block all cookies in your browser settings at any time. In individual cases, however, this may prevent various features (such as shopping carts) from working on the websites you visit, even if you want them to.

Data protection terms and conditions for the implementation and use of Google Analytics

We have integrated the analysis tracking tool Google Analytics (GA) from Google Inc. Google Analytics is operated by Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA. For the European region, the company Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland, is the data controller for all Google services, whereby the supervisory authorities have determined that the two Google companies are joint data controllers.

Google Analytics is a traffic analysis or web analysis service. This consists of the collection and evaluation of data on the behavior of visitors to websites.

If you are visiting our website for the first time or if you have already erased existing cookies, the tool will assign you a unique ID the first time it is recognized, which (if one is set) is linked to the cookie you have set. If you visit our website again and the cookie is still there, you will be “recognized” as a returning user, and all newly added behavior and actions will be assigned to the existing ID and recorded. This makes it possible to create and evaluate pseudonymized user profiles.

The tool basically collects data about your actions in relation to our homepage, but also such data as which website you came to our website from (the so-called referrer), which subpages of the website you accessed, or how often and for how long you viewed a subpage. After you have provided your consent, these actions are stored, for example, in cookies and/or sent to Google Analytics servers in the USA and processed there. We receive reports from Google Analytics based on this, which we can use to optimize our offering.

If you already have a Google account, it is possible that Google will link these data records with each other. However, Google itself does not transmit any data collected by Google Analytics unless required by law.

Purposes of processing

The purpose of the Google Analytics component is to analyze visitor flows and user behavior on our website. Google uses the obtained data and information, among other things, to evaluate the use of our website, to compile online reports for us that show the types of activities on our websites, and to provide other services related to the use of our website.

Legal basis

We also have a legitimate interest in optimizing our offering technically and economically and in averting any damage to our company; in doing so we refer to Article 6 (1) (f) (legitimate interest). We may also use this tool to detect errors on the website, identify attacks, and improve profitability.

For more information on how user data is handled, see Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.

Google’s Terms of Service can be found at https://policies.google.com/terms?hl=de&gl=de.

Period of data storage

Google Analytics stores your usage data for an estimated period of 180 days (with Google Analytics 4, the retention period of your user data is fixed at 14 months, though you can choose a retention period of either 2 months or 14 months).

Opportunity to object

Data protection terms and conditions for the implementation and use of Google Tag Manager

We have integrated the code organization tool Google Tag Manager from Google Inc. Google Tag Manager is operated by Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA. For the European region, the company Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland, is the data controller for all Google services, whereby the supervisory authorities have determined that the two Google companies are joint data controllers.

“Tags” are short snippets of code. For example, they can be used to record (track) your activities on our website. By integrating the Google Tag Manager, we can centrally implement and manage the tags used on our website using various tracking tools. These do not have to be tags from Google itself, they can also be tags from other companies that can be integrated via the Tag Manager. This allows for a very extensive range of possible uses, which means that, for example, cookies can be set, user and browser data can be collected, or buttons can be integrated. However, the Tag Manager itself does not set any cookies or collect data, since it acts purely as a manager for the implemented tags.

Google reserves the right to collect anonymous data about our use of the Tag Manager, whereby no data is transmitted that is managed by the tool as part of its set of regular features.

As a precaution, we would like to point out that, according to the European Court of Justice (ECJ), there is currently no adequate level of protection for data transfer to the USA, and therefore there are various risks for the legality and security of data processing, including your data.

Purposes of processing

The purpose of the Google Tag Manager is to optimize our offering technically and economically and to prevent any harm to our company. To do this, we must implement and manage various source code at the core of our website, which can be a very time-consuming and error-prone process. The Google Tag Manager helps us do this, since it greatly simplifies and centralizes this process and largely helps us to avoid errors.

Legal basis

For more information on how user data is handled, see Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.

Google’s Terms of Service can be found at https://policies.google.com/terms?hl=de&gl=de.

Period of data storage

Google Tag Manager does not set any cookies itself and does not collect any personal data, which is why we cannot specify a storage period here. Please refer to the respective descriptions of the tools that it controls.

Opportunity to object

Data protection terms and conditions for the implementation and use of Google reCAPTCHA

We have integrated the Google reCAPTCHA tool from Google Inc. Google reCAPTCHA is operated by Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

Google reCAPTCHA allows us to protect ourselves from spam and thus ensure that we are not flooded with unwanted and unsolicited information. In contrast to other Captcha tools, which make you solve puzzles, with Google reCAPTCHA you only need to tick a box to verify that you are not a bot.

Google reCAPTCHA collects personal data from users so that it can determine whether actions on our website are actually performed by a person. Examples of the types of data that are collected here include IP addresses, as well as information about the operating system, screen resolution, and cookies that provide information about the actions taken by your mouse and keyboard.

Purposes of processing

We use this tool to protect ourselves from SPAM software and bots. Google reCAPTCHA is a good choice here, since we believe it offers you excellent user-friendliness and at the same time performs its function very well.

Legal basis

We also have a legitimate interest in optimizing and securing our online service and in averting any damage to our company; in doing so we refer to Article 6 (1) (f) (legitimate interest). However, we only use this tool if you have given us your consent to do so.

For more information on how user data is handled, see Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.

Google’s Terms of Service can be found at https://policies.google.com/terms?hl=de&gl=de.

Period of data storage

Google reCAPTCHA stores your usage data for an estimated period of 180 days.

Opportunity to object

Data protection terms and conditions for the implementation and use of Google Fonts

We use Google Fonts on our website. These are the “Google Fonts” of Google Inc. The company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is the data controller for all Google services in the European area.

You do not need to register or enter a password to use Google Fonts. Furthermore, no cookies are stored in your browser. The files (CSS, typefaces/fonts) are requested using the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, CSS and font requests are completely separate from all other Google services. If you have a Google account, you do not have to worry about your Google account data being transmitted to Google while using Google Fonts. Google records the use of CSS (Cascading Style Sheets) along with the used fonts and stores this data securely. The following information describes the data storage in detail.

Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google makes available to its users for free.

Many of these fonts are released under the SIL Open Font License, while others have been released under the Apache License. Both are free software licenses.

When you visit our website, the fonts are reloaded via a Google server. When this external query is made, data is transmitted to the Google servers. Google is also able to recognize from this data that you or your IP address is visiting our website. The Google Fonts API was designed to reduce the use, storage, and collection of end-user data to what is necessary for proper font delivery. Incidentally, API stands for “Application Programming Interface” and serves to transmit data for software, among other things.

Google Fonts securely stores CSS and font requests on Google and is therefore protected. The collected usage figures allow Google to determine how well the individual fonts are received. Google publishes the results on internal analysis pages, such as Google Analytics. Google also uses data from its own web crawler to determine which websites use Google Fonts. This data is published in the Google Fonts BigQuery database. Entrepreneurs and developers use the Google web service BigQuery to examine and move large amounts of data.

It should be noted, however, that with every Google Font request, information such as language settings and the IP address, browser version, browser screen resolution, and browser name are automatically transmitted to the Google servers. Whether this data is also stored cannot be clearly determined or is not clearly communicated by Google.

Purposes of processing

Google Fonts allows us to use fonts on our own website without having to upload them to our own server. Google Fonts is an important component in keeping the quality of our website high. All Google fonts are automatically optimized for the web. This saves data volume, which is a great advantage, especially for use on mobile devices. When you visit our site, the small file size ensures fast loading time. Furthermore, Google Fonts are secure web fonts. Different image synthesis (rendering) systems in different browsers, operating systems, and mobile devices can lead to errors. Such errors can partially distort text or entire websites. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, and Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, and iPod). We therefore use Google Fonts so that we can present our entire online service as beautifully and uniformly as possible.

Legal basis

If you have consented to the use of Google Fonts, the legal basis for the corresponding data processing is this consent. According to Article 6 (1) (a) GDPR (informed consent), this consent represents the legal basis for personal data processing, as may occur when data is collected by Google Fonts.

We also have a legitimate interest in using Google Fonts to optimize our online service. The corresponding legal basis for this is Article 6 (1) (f) GDPR (legitimate interests). However, we only use Google Fonts if you have given your informed consent.

Google processes your data, including also in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can entail various risks for the legality and security of data processing.

Google uses so-called standard contractual clauses (= Article 46 (2) and (3) GDPR) as the basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular in the USA) or when transferring data there. Standard contractual clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards if it is transferred to third countries (such as the USA) and stored there. In agreeing to these clauses, Google undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here along with other regulations: https://eurlex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can also read about which data is generally collected by Google and what this data is used for here: https://www.google.com/intl/de/policies/privacy/.

Period of data storage

Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. This enables us to use the fonts using a Google style sheet. A style sheet is a template that you can use to quickly and easily change the design or font of a website, for example.

The font files are stored by Google for one year. Google is thus pursuing the goal of fundamentally improving the loading time of websites. When millions of websites refer to the same fonts, they are cached after the first visit and immediately reappear on all other websites visited later. Sometimes Google updates fonts to reduce their file size, add new language character sets, and improve the design.

Opportunity to object

The data that Google stores for a day or a year cannot simply be erased. The data is automatically transmitted to Google when the page is accessed. If you would like this data to be erased sooner, you must contact Google support at: https://support.google.com/?hl=de&tid=331659344536.

Data protection terms and conditions for the implementation and use of Facebook

We have integrated components of Facebook on this website. Facebook is a social network.

A social network is a social meeting place operated on the Internet, an online community that typically allows users to communicate with one another and to interact in virtual space. A social network can serve as a platform for exchanging opinions and experiences, and it also allows the Internet community to provide personal or company-related information. Facebook enables users of the social network to create private profiles, upload photos, and network with each other using friend requests, among other things.

Facebook is operated by Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the controller responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, however, the data collected is also transferred to the USA and other third countries.

Each time one of the individual pages of this website is retrieved, which is operated by the data controller and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Facebook component to download a representation of the relevant Facebook component from Facebook. For a complete overview of all Facebook plug-ins, see: https://developers.facebook.com/docs/plugins/?locale=de_DE. As part of this technical process, Facebook is informed about which specific subpage of our website is visited by the data subject.

If the data subject is logged on to Facebook at the same time, Facebook will recognize the specific subpage of our website that the data subject visits each time the data subject loads the website and for the entire duration of their visit to our website. This information is collected by the Facebook component and assigned to the respective Facebook account of the data subject by Facebook. If the data subject clicks on one of the Facebook buttons that has been integrated on our website, such as the “Like” button, or if the data subject makes a comment, Facebook associates this information with the personal Facebook user account of the data subject and stores this personal data.

Facebook always receives information via the Facebook component about whether the data subject has visited our website if the data subject is logged in to Facebook at the same time that they access our website; this takes place regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook in this way, they can prevent the transmission by logging out of their Facebook account before accessing our website.

Purposes of processing

We believe that Facebook is suitable for us because we firmly believe in our offering and our company. It is therefore essential for us that our company communicate our offering to the outside world. Since the social network has a strong focus on the business world, it provides us with a perfectly suitable communication channel.

Legal basis

We also have a legitimate interest in communicating what our company does along with our offering to the outside world, which is why we refer to Article 6 (1) (f) (legitimate interest).

If personal data is collected on our website and forwarded to Facebook via the tools we use, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are joint data controllers responsible for this data processing in accordance with Article 26 GDPR. This joint data controllership is limited exclusively to the collection of the data and its transfer or technical forwarding to Facebook. The processing by Facebook after it is forwarded does not part of our joint data controllership. The obligations that we share have been set out in a joint processing agreement, whose text you can find here: https://www.facebook.com/legal/controller_addendum. In accordance with this agreement, we are responsible for issuing data protection information when using the Facebook tool and for implementing the tool on our website in a secure manner and in accordance with data protection law, while Facebook is responsible for the data security of Facebook products. You may assert your rights (e.g., requests for information) regarding the data processed on Facebook directly on Facebook. If the data subject asserts their rights with us, we are obliged to forward this information to Facebook.

In addition, data transfer to the USA is based on the standard contractual clauses promulgated by the EU Commission. You can find the details here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Period of data storage

The data policy published by Facebook, which can be accessed at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing, and use of personal data by Facebook. It also explains what setting options Facebook offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.

If Facebook collects data from other websites, this data will be erased after up to 30 days, unless there is a legal obligation to store the data longer. Facebook stores your usage data for an estimated period of 180 days.

Opportunity to object

Data protection terms and conditions for the implementation and use of LinkedIn

We have integrated the social network LinkedIn on our website. LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin, is the data controller responsible for data processing in the European Economic Area and Switzerland, whereby a joint data controllership can be assumed.

LinkedIn is an Internet-based social network that allows users to connect with their existing business contacts as well as to establish new ones. Over 400 million registered people use LinkedIn in more than 200 countries. LinkedIn is currently the largest platform for business networking and one of the most visited websites in the world.

No personal data or data about your web activities is transmitted to LinkedIn simply as the result of our integration of LinkedIn functionality. It is only by interacting with an integrated LinkedIn feature, for example by clicking a button, that data can be transmitted to LinkedIn, stored, and processed. User data is then stored, which may include, for example, your IP address, device data, or login data.

Purposes of processing

LinkedIn is suitable for us because we believe strongly in our offering and our company. It is therefore essential for us that our company communicate our offering to the outside world. Since the social network has a strong focus on the business world, it provides us with a perfectly suitable communication channel.

Legal basis

We also have a legitimate interest in communicating what our company does along with our offering to the outside world, which is why we refer to Article 6 (1) (f) (legitimate interest).

Data transfer to the USA is based on the standard contractual clauses promulgated by the EU Commission. You can find the details here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information on how personal data is handled, see LinkedIn’s Privacy Policy: https://www.linkedin.com/legal/privacy-policy.

Period of data storage

If LinkedIn collects data from other websites, this data will be erased after up to 30 days, unless there is a legal obligation to store the data longer. LinkedIn stores your usage data for an estimated period of 180 days.

Opportunity to object

Data protection terms and conditions for the implementation and use of YouTube

We have incorporated videos from the video portal YouTube on our website. YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA, 94066, USA. It should be mentioned here that the video portal has been a subsidiary of Google since 2006. For the European region, the company Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland, is the data controller for all Google services, whereby the supervisory authorities have determined that the two Google companies are joint data controllers.

YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate, and comment on them free of charge. YouTube allows users to post all types of videos, which is why both complete film and TV programs as well as music videos, trailers, or videos made by users themselves can be accessed via the Internet portal.

When you visit our website, at least one cookie is set on the pages where a YouTube video is embedded. This cookie stores your IP address and our URL. If you are logged into YouTube while visiting our website, YouTube will usually associate these video interactions with your profile. The data stored here includes, for example, your approximate location, the duration of your session, the bounce rate, and technical information about your browser type. If you are not signed into your YouTube or Google account, Google stores data with a unique identifier associated with your device, browser, or app. For example, it remembers your preferred language settings. However, less usage data is stored because fewer cookies are set.

Purposes of processing

YouTube provides us with a suitable way of offering you high-quality content in a simple way. We can use videos to give you a better picture of us, present complex issues in a simplified manner, and offer you a better online experience on our website.

Legal basis

We also have a legitimate interest in communicating what our company does along with our offering to the outside world, which is why we refer to Article 6 (1) (f) (legitimate interest).

Data transfer to the USA is based on the standard contractual clauses promulgated by the EU Commission. You can find the details here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information on how personal data is handled, see Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.

Period of data storage

YouTube stores your usage data for an estimated period of 180 days. The cookie set by you is automatically deleted after 180 days if you have not deleted it yourself before this time has elapsed.

Opportunity to object

Data protection terms and conditions for the implementation and use of Matomo (formerly known as Piwik)

We use the web analysis tool Matomo to adapt the design of our website as needed. Matomo creates user profiles based on pseudonyms. In order to do this, it stores permanent cookies on your end device that we then read. In this way, we are able to recognize and count returning visitors. We also use the Heatmap & Session Recording modules. Matomo’s Heatmap service shows us the areas of our website where the mouse is moved most frequently or clicked most frequently. The session recording service records individual user sessions. We can play back recorded sessions, which thus helps us to analyze how our website is used. Data that is entered in forms is not recorded and is not visible at any time.

Purposes of processing

The web analytics service Matomo helps us primarily to optimize the website and to perform cost-benefit analyses. We also use Matomo to analyze the flow of visitors to the website. It is in our legitimate interest to make our website clear and user-friendly for you. By making IP addresses anonymous, we are able to take the user’s interest in protecting their personal data sufficiently into account.

Legal basis

Additional information on Matomo’s Terms of Use and Privacy Policy can be found at: https://matomo.org/privacy/

Period of data storage

We only process personal data for as long as is necessary. As soon as the purpose of data processing has been fulfilled, data is blocked and erased in accordance with the standards of the local erasure concept, unless legal provisions prevent this erasure.

Opportunity to object

Data protection terms and conditions for the implementation and use of Cloudflare

We have integrated the content delivery network (CDN) Cloudflare on our website. Cloudflare is operated by Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA.

Cloudflare is a service that makes it possible to reduce the loading times of websites. This service allows websites to be loaded quickly and in the best possible way, even during periods of high peak load. At the same time, Cloudflare protects its users’ websites with an additional firewall and DDOS protection service. In order to allow us to integrate Cloudflare, personally identifiable information may be sent from your browser to the service. The provider is therefore able to collect and store user data, such as your IP address, browser version, browser type, or the date of your visit to the site.

According to its own information, Cloudflare processes the data in compliance with the law as well as the provisions of the GDPR. Third-party providers that Cloudflare works with may only process personal data at Cloudflare’s direction and in accordance with its privacy policy and other confidentiality and security measures. Cloudflare never transmits personal data without our express consent.

Since we cannot rule out that servers in the USA may also be used, as a precaution, we would like to point out that, according to the European Court of Justice (ECJ), there is currently no adequate level of protection for data transfer to the USA, and therefore there are various risks for the legality and security of data processing, including your data.

Purposes of processing

Cloudflare provides us with a suitable way of offering you a well-functioning experience on our website. Our website can be loaded much faster using Cloudflare, and at the same time Cloudflare increases our security against threats.

Legal basis

We also have a legitimate interest in optimizing our online service and making it more secure, which is why we refer to Article 6 (1) (f) (legitimate interest).

Data transfer to the USA is based on the standard contractual clauses promulgated by the EU Commission. You can find the details here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information on how personal data is handled, see Cloudflare’s Privacy Policy: https://www.cloudflare.com/dede/privacypolicy/.

Period of data storage

In general, Cloudflare stores user data for domains for a period of less than 24 hours. However, the storage period may also last up to 7 days in the case of company domains with activated Cloudflare logs. However, if your IP address triggers a security warning at Cloudflare, it can also lead to a longer storage period in such exceptional cases.

Opportunity to object

Data protection terms and conditions for the implementation and use of AWS CloudFront CDN

We have integrated the content delivery network (CDN) AWS CloudFront on our website.

AWS CloudFront CDN is operated by the American company Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA.

AWS CloudFront CDN is a service that allows static and dynamic data to be loaded faster and thus provided to the user faster.

Purposes of processing

AWS CloudFront provides us with a suitable way of offering you a well-functioning experience on our website. Our website can be loaded much faster using AWS CloudFront CDN.

Legal basis

We also have a legitimate interest in optimizing our online service and making it more secure, which is why we refer to Article 6 (1) (f) (legitimate interest).

However, we only use this tool if you have given us your consent to do so.

Data transfer to the USA is based on the standard contractual clauses promulgated by the EU Commission. You can find the details here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information on how personal data is handled, see Amazon Web Services’ Privacy Policy: https://aws.amazon.com/de/privacy.

Period of data storage

Amazon CloudFront stores your usage data for an estimated period of 180 days.

Opportunity to object

Data protection terms and conditions for the implementation and use of Bing/Microsoft Advertising

We have integrated the online marketing tool Microsoft Advertising into our website. Microsoft Advertising is operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft operates its own servers around the world. Most are located in the United States, so your information may be stored, maintained, and processed on servers located in the United States.

Microsoft Advertising is an online marketing tool that can be used to place, manage, and track advertising. Microsoft Advertising (formerly Bing Ads) is based on a pay-per-click system. This means that advertisers on Bing and Yahoo! can use the service to advertise. You pay for advertisements only when a user clicks on your ad. For the part mentioned above, the tracking, we have integrated a conversion tracking tool on our website, which also stores data that you provide. The reason for this is that if visitors are referred to our website via Microsoft advertising, we can use the conversion tracking tag (a small code snippet) to analyze the user behavior of website visitors who came to our site via advertising. We need this functionality in order to ensure that our advertising measures are cost-efficient. The Microsoft Advertising conversion tracking tag collects data on user behavior. This is data such as which advertisement brought you to our website, which keyword you used on Bing or Yahoo, what interactions you have with our website, and how much time you spend on our website. If you have a Microsoft account, Microsoft may link the collected data to your account.

Purposes of processing

Microsoft Advertising provides us with a suitable solution to analyze visitor flows and user behavior on our website. Microsoft uses the obtained data and information to evaluate the use of our website, compile online reports for us that show activities on our website, and provide other services related to the use of our website, among other things.

Legal basis

We also have a legitimate interest in optimizing our online service and making it more secure, which is why we refer to Article 6 (1) (f) (legitimate interest).

Data transfer to the USA is based on the standard contractual clauses promulgated by the EU Commission. You can find the details here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information on how personal data is handled, see Microsoft Advertising’s Privacy Policy: https://privacy.microsoft.com/dede/privacystatement.

Period of data storage

For search queries via Bing, Microsoft erases your saved search queries after 6 months by deleting your IP address. In principle, this also means that Microsoft keeps the personal data for as long as it is necessary for the provision of its own services and products or for legal purposes.

Opportunity to object

Data protection terms and conditions for the implementation and use of Clarity/Microsoft HeatMap

We have integrated the project and portfolio management tool Clarity on our website. It is operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Data is also transferred to the USA.

Microsoft Clarity is a project and portfolio management tool that allows for user analysis based on pseudonymous user identities and thus increases user analysis based on pseudonymous data, such as the evaluation of mouse movement data and performance data for certain websites.

On our website, usage data (websites visited, interest in content, access times, etc.), metadata/communication data (device information, IP address, etc.), location data (information about the geographical location of a device or a person), and movement data (mouse and scrolling movements) are collected in pseudonymized form. Microsoft has already configured the appropriate settings for this, so that the data collection by Microsoft is already pseudonymized, in particular due to IP masking (IP address pseudonymization).

We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can entail various risks for the legality and security of data processing.

Purposes of processing

Microsoft Clarity provides us with a suitable solution to analyze visitor flows and user behavior on our website. This allows us to target our marketing measures more efficiently and more economically as well as to reach even more people with our offering, for whom we can create real added value.

Legal basis

We also have a legitimate interest in optimizing our online service and marketing activities, which is why we refer to Article 6 (1) (f) (legitimate interest).

Data transfer to the USA is based on the standard contractual clauses promulgated by the EU Commission. You can find the details here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information on how personal data is handled, see Microsoft’s Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement.

Period of data storage

Microsoft Clarity stores your usage data for an estimated period of 180 days.

Opportunity to object

Data protection terms and conditions for the implementation and use of Active Campaign

We have integrated the Active Campaign service on our website. Active Campaign is operated by ActiveCampaign, LLC, 150 N. Michigan Ave Suite 1230, Chicago, IL, US, USA.

Active Campaign is a service that can be used to send newsletters. The service both organizes and analyzes newsletters.

Technical information, such as the time of retrieval, the IP address, as well as the browser type and the user’s operating system can be processed.

Purposes of processing

Active Campaign is a suitable solution that allows us to increase our customer service and to be able to offer our customers professional added value via the newsletter.

Legal basis

We also have a legitimate interest in optimizing our online service, which is why we refer to Article 6 (1) (f) (legitimate interest).

Data transfer to the USA is based on the standard contractual clauses promulgated by the EU Commission. You can find the details here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information on how personal data is handled, see Active Campaign’s Privacy Policy: https://www.activecampaign.com/legal/privacy-policy.

Period of data storage

Active Campaign stores your usage data for an estimated period of 180 days.

Opportunity to object

Data protection terms and conditions for the implementation and use of Google Photos

We have integrated Google Photos on our website. Google Photos is operated by Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

Google Photos is a service that allows you to upload images to create image galleries. When accessing these image galleries, the user’s browser loads the desired images into the user’s browser cache.

Personal data, such as the IP address of the user, may be transmitted in this case.

Purposes of processing

Google Photos provides us with a suitable way of offering you a well-functioning experience on our website. Our website can be loaded much faster using Google Photos.

Legal basis

We also have a legitimate interest in optimizing our online service, which is why we refer to Article 6 (1) (f) (legitimate interest).

Data transfer to the USA is based on the standard contractual clauses promulgated by the EU Commission. You can find the details here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information on how personal data is handled, see Google Photos Privacy Policy: https://policies.google.com/privacy?hl=en-US.

Period of data storage

Google Photos stores your usage data for an estimated period of 180 days.

Opportunity to object

Data protection terms and conditions for the implementation and use of Google Videos

We have integrated videos on our website. Google Photos is operated by Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

Google Videos is a video hosting service from Google. Videos can be uploaded to our website from the cloud.

Personal data, such as the IP address of the user, may be transmitted in this case.

Purposes of processing

Google Videos provides us with a suitable way of offering you a well-functioning experience on our website. Our website can be loaded much faster using Google Videos.

Legal basis

We also have a legitimate interest in optimizing our online service, which is why we refer to Article 6 (1) (f) (legitimate interest).

Data transfer to the USA is based on the standard contractual clauses promulgated by the EU Commission. You can find the details here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information on how personal data is handled, see Google Photos Privacy Policy: https://policies.google.com/privacy?hl=en-US.

Period of data storage

Google Videos saves your usage data for approximately 180 days.

Opportunity to object

Data protection terms and conditions for the implementation and use of Gravatar

We have integrated Gravatar on our website. Gravatar is operated by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

Gravatar stands for Globally Recognized Avatar. A “Gravatar” only has to be created once. By connecting your email address, the Gravatar is automatically inserted into a website comment area as well as other online presences.

Personal data, such as the IP address of the user, may be transmitted in this case.

Purposes of processing

Gravatar provides us with a suitable solution to design our online service better.

Legal basis

We also have a legitimate interest in optimizing our online service, which is why we refer to Article 6 (1) (f) (legitimate interest).

Data transfer to the USA is based on the standard contractual clauses promulgated by the EU Commission. You can find the details here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information on how personal data is handled, see Gravatar’s Privacy Policy: https://automattic.com/privacy/.

Period of data storage

Gravatar stores your usage data for approximately 180 days.

Opportunity to object

Data protection terms and conditions for the implementation and use of Stripe

We have integrated the Stripe service on our website. Stripe is operated by Stripe Inc., 510 Townsend St. Francisco, CA 94103, USA.

Stripe is a payment provider that makes it easy to process online payments.

The data that the user enters to process the payment transaction is also processed by Stripe in order to ensure the provision of the service.

Purposes of processing

Stripe provides us with a suitable solution to optimize our online service and also to enable a simple and fast payment process via our website.

Legal basis

We also have a legitimate interest in optimizing our online service, which is why we refer to Article 6 (1) (f) (legitimate interest).

Data transfer to the USA is based on the standard contractual clauses promulgated by the EU Commission. You can find the details here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information on how personal data is handled, see Stripe’s Privacy Policy: https://stripe.com/at/privacy.

Period of data storage

Stripe will store your usage data for approximately 180 days.

Opportunity to object

Version: 01/20/2023

Peakboard GmbH

Privacy policy.

Peakboard

use cases

product

academy

company