Privacy Policy
Introduction
With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter referred to as “data”) that we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the provision of our services and in particular on our websites, mobile applications, and external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”).
Date: June 9, 2023
Applicable Legal Bases
Below you will find an overview of the legal bases of the General Data Protection Regulation (GDPR) on which we rely when processing personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your country of residence or our country of residence. If more specific legal bases are applicable in individual cases, we will inform you of these in the privacy policy.
Consent (Art. 6(1)(a) GDPR)
– The data subject has given consent to the processing of their personal data for one or more specific purposes. Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR)
– The processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the data subject’s request. Legal obligation (Art. 6(1)(c) GDPR)
– The processing is necessary for compliance with a legal obligation to which the controller is subject. Legitimate interests (Art. 6(1)(f) GDPR)
– The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection. Application process as a pre-contractual or contractual relationship (Art. 6(1)(b) GDPR)
– Insofar as special categories of personal data within the meaning of Art. 9(1) GDPR (e.g., health data, such as severe disability or ethnic origin) are requested from applicants as part of the application process, so that the controller or the data subject can exercise their rights arising from labor law and social security and social protection law, the processing of such data will be carried out in accordance with Art. 9(2)(b) GDPR, in the case of protecting the vital interests of the applicants or other individuals pursuant to Art. 9(2)(c) GDPR, or for purposes of preventive or occupational medicine, for the assessment of the employee’s working capacity, medical diagnosis, health or social care or treatment, or the management of health or social care systems and services pursuant to Art. 9(2)(h) GDPR.
In the event of the voluntary provision of special categories of data based on explicit consent, the processing is carried out on the basis of Art. 9(2)(a) GDPR. In addition to the data protection regulations of the GDPR, national data protection regulations apply in Austria.
This includes, in particular, the Austrian Data Protection Act (Datenschutzgesetz – DSG). The Data Protection Act contains special provisions, in particular regarding the right to information, the right to rectification or erasure, the processing of special categories of personal data, the processing for other purposes, and the transmission, as well as automated decision-making in individual cases.
In addition to the data protection provisions of the GDPR, national data protection regulations may also apply, which we also comply with.
Security Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with legal requirements and taking into account the state of the art, implementation costs, the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of individuals.
These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as controlling access, input, disclosure, availability, and separation of the data. We have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data breaches. Furthermore, we take into account the protection of personal data from the outset when developing or selecting hardware, software, and procedures, in accordance with the principle of data protection, through privacy by design and default.
IP Address anonymization
If IP addresses are processed by us or by the service providers and technologies we use, and the processing of the full IP address is not necessary, the IP address is shortened (also referred to as “IP masking”). In this case, the last two digits or the last part of the IP address after a period are removed or replaced with placeholders. The purpose of IP address anonymization is to prevent or significantly hinder the identification of a person based on their IP address.
TLS encryption (https): To protect the data transmitted via our online offering, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.
Transmission of personal data: In the course of processing personal data, it may be necessary to transfer the data to other entities, companies, legally independent organizational units, or individuals or disclose them to them. Recipients of this data may include service providers entrusted with IT tasks or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.
Data processing in third countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if the processing takes place in the context of using third-party services or disclosing/transferring data to other individuals, entities, or companies, we only do so in compliance with legal requirements.
Subject to explicit consent or contractual or legally required transfers, we process or have the data processed only in third countries with a recognized level of data protection, contractual obligations through the use of the EU Commission’s standard contractual clauses, certification mechanisms, or binding corporate rules (Articles 44 to 49 of the GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).
Data deletion
The data processed by us will be deleted in accordance with legal requirements once the permitted consents for processing are revoked or other permissions are no longer applicable (e.g., when the purpose of processing such data is no longer relevant or they are no longer necessary for the intended purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing will be limited to those purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons, or whose storage is necessary for asserting, exercising, or defending legal claims or protecting the rights of another natural or legal person.
Our privacy notices may contain additional information regarding the storage and deletion of data that primarily applies to the respective processing activities.
Use of Cookies
Cookies are small text files or other storage mechanisms that store information on end devices and retrieve information from them. For example, they can store the login status in a user account, the contents of a shopping cart in an e-shop, the accessed content, or the used functions of an online offering. Cookies can also be used for various purposes, such as ensuring the functionality, security, and convenience of online offerings, as well as analyzing visitor traffic.
Information on consent: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users, unless it is not required by law. Consent is not required, in particular, when storing and retrieving information, including cookies, is absolutely necessary to provide users with a telemedia service explicitly requested by them (i.e., our online offering). Cookies that are absolutely necessary usually include cookies with functions that serve the display and functionality of the online offering, load balancing, security, storage of user preferences and choices, or similar purposes related to providing the main and ancillary functions of the requested online offering. Revocable consent is clearly communicated to users and contains information about the specific use of cookies.
Information on legal basis for data processing: The legal basis for processing user data with the help of cookies depends on whether we ask users for consent. If users give their consent, the legal basis for processing their data is the declared consent. Otherwise, data processed using cookies is based on our legitimate interests (e.g., the business operation and improvement of the usability of our online offering) or, if the use of cookies is necessary to fulfill our contractual obligations, it is based on the performance of a contract. We will clarify the purposes for which cookies are processed in this privacy statement or in the context of our consent and processing procedures.
Storage duration: The following types of cookies are distinguished with regard to storage duration:
Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their device (e.g., browser or mobile application). Persistent cookies: Persistent cookies remain stored even after closing the device. For example, they can store the login status or display preferred content directly when the user revisits a website. The data collected from users through cookies can also be used for measuring reach. If we do not provide explicit information about the type and duration of cookies (e.g., when obtaining consent), users should assume that cookies are persistent and can be stored for up to two years.
General information on revocation and objection (opt-out): Users can revoke their given consents at any time and also object to the processing in accordance with the legal requirements of Art. 21 GDPR. Users can also declare their objection through the settings of their browser, e.g., by disabling the use of cookies (which may restrict the functionality of our online services). Objection to the use of cookies for online marketing purposes can also be declared through the websites https://optout.aboutads.info and https://www.youronlinechoices
Legal Basis
Legitimate interests (Art. 6(1)(f) GDPR); Consent (Art. 6(1)(a) GDPR). Further information on processing operations, procedures, and services:
Processing of cookie data based on consent: We utilize a cookie consent management system that allows users to provide, manage, and withdraw their consent for the use of cookies and the processing activities and providers mentioned within the cookie consent management process. The consent declaration is stored to avoid repeated requests for consent and to fulfill the legal obligation of demonstrating consent. Storage can be done server-side and/or in a cookie (known as an opt-in cookie or similar technologies) to associate the consent with a user or their device. Unless specific information about cookie management providers is provided, the following information applies: The storage duration of consent can be up to two years. A pseudonymous user identifier is created and stored along with the consent timestamp, information regarding the scope of consent (e.g., cookie categories and/or service providers), and the browser, system, and device used. Legal Basis: Consent (Art. 6(1)(a) GDPR).
Borlabs Cookie
Cookie consent management; Service Provider: Hosted locally on our server, no data sharing with third parties; Website: https://de.borlabs.io/borlabs-cookie/; Further Information: An individual user ID, language preference, types of consent, and the timing of consent are stored server-side and in the cookie on the user’s device.
Business Services: We process data of our contractual and business partners, such as customers and prospects (collectively referred to as “contractual partners”), within the scope of contractual and similar legal relationships, as well as related measures and communication with contractual partners (or pre-contractually), for example, to respond to inquiries.
We process this data to fulfill our contractual obligations, including, in particular, the obligations to provide the agreed-upon services, fulfill any necessary updates, and address warranty and other performance-related issues. Furthermore, we process the data to protect our rights and for the purposes of administrative tasks associated with these obligations and organizational management. Additionally, we process the data based on our legitimate interests in proper and efficient business management, as well as security measures to protect our contractual partners and our business operations from misuse, data breaches, unauthorized access, disclosure, alteration, or destruction (e.g., involving telecommunications, transportation, and other auxiliary services and subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities). Subject to the applicable law, we only disclose data of contractual partners to third parties to the extent required for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about other types of data processing, such as for marketing purposes, within the scope of this privacy policy.
We disclose the data necessary for the aforementioned purposes to our contractual partners before or during data collection, for example, in online forms, through specific markings (e.g., colors) or symbols (e.g., asterisks), or in person.
Contact and Inquiry Management
When contacting us (e.g., by mail, contact form, email, telephone, or via social media) as well as within existing user and business relationships, the information provided by the inquiring individuals is processed to the extent necessary to respond to the contact inquiries and any requested actions.
Processed data types: Contact details (e.g., email, telephone numbers), content data (e.g., inputs in online forms), usage data (e.g., visited web pages, interest in content, access times), meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status). Data subjects: Communication partners. Purposes of processing: Contact inquiries and communication; management and response to inquiries; feedback (e.g., collecting feedback via online form); provision of our online offering and user-friendliness. Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR). Additional information on processing operations, procedures, and services:
Contact Form: When users contact us through our contact form, email, or other communication channels, we process the data provided to us in this context to handle the stated request; Legal bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).
Cloud Services
We utilize software services accessible over the internet and executed on the servers of their providers (commonly referred to as “cloud services” or “Software as a Service”) for the storage and management of content (e.g., document storage and management, document and content exchange with specific recipients, or content and information publication).
Within this framework, personal data may be processed and stored on the servers of the providers to the extent that they are part of communication processes with us or are otherwise processed by us as described in this privacy policy. This data may include master data, contact details of users, data on transactions, contracts, and other processes, as well as their contents. The providers of cloud services also process usage data and metadata that they use for security purposes and service optimization.
If, through the cloud services, we provide forms or other documents and content for other users or publicly accessible websites, the providers may store cookies on the users’ devices for web analysis purposes or to remember user settings (e.g., in the case of media control).
Processed data types: Master data (e.g., names, addresses), contact details (e.g., email, phone numbers), content data (e.g., inputs in online forms), usage data (e.g., visited web pages, interest in content, access times), meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status). Data subjects: Customers, employees (e.g., staff, applicants, former employees), prospects, communication partners. Purposes of processing: Office and organizational procedures, information technology infrastructure (operation and provision of information systems and technical equipment such as computers, servers, etc.). Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Additional information on processing operations, procedures, and services:
Google Cloud Services: Cloud infrastructure services and cloud-based application software; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://cloud.google.com/; Privacy policy: https://policies.google.com/privacy; Data processing addendum: https://cloud.google.com/terms/data-processing-addendum; Standard contractual clauses (ensuring the level of data protection for processing in third countries): https://cloud.google.com/terms/eu-model-contract-clause; Additional information: https://cloud.google.com/privacy.
Microsoft Cloud Services: Cloud storage, cloud infrastructure services, and cloud-based application software; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland; Parent company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://microsoft.com/de-de; Privacy policy: https://privacy.microsoft.com/de-de/privacystatement; Security information: https://www.microsoft.com/de-de/trustcenter; Data processing addendum: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA; Standard contractual clauses (ensuring the level of data protection for processing in third countries): https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA.
Web Analytics, Monitoring, and Optimization
The web analytics (also known as “audience measurement”) is used to evaluate the visitor traffic on our online platform and may include pseudonymous values that provide insights into visitor behavior, interests, or demographic information such as age or gender. Through the use of audience analysis, we can identify peak usage times for our online platform, its features, or content, as well as areas that require optimization.
In addition to web analytics, we may also employ testing procedures to test and optimize different versions of our online platform or its components.
Unless otherwise specified below, for these purposes, profiles consisting of aggregated data from user interactions may be created, and information may be stored and retrieved from a browser or device. The collected information may include visited web pages, utilized elements, as well as technical details such as the browser used, the operating system, and usage times. If users have consented to the collection of their location data, either to us or the providers of the services we use, location data may also be processed.
IP addresses of users are also stored. However, we utilize IP masking techniques (i.e., pseudonymization by shortening the IP address) to protect the users. In general, identifiable user data (such as email addresses or names) is not stored during web analytics, A/B testing, and optimization processes. Instead, pseudonyms are used. This means that neither we nor the providers of the software employed have knowledge of the actual identity of the users; only the information stored in their profiles for the purposes of the respective procedures is known.
Processed data types: Usage data (e.g., visited web pages, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status). Data subjects: Users (e.g., website visitors, users of online services). Purposes of processing: Audience measurement (e.g., access statistics, identification of recurring visitors); Profiles with user-related information (creation of user profiles); Tracking (e.g., interest-based/behavioral profiling, use of cookies); Provision of our online platform and user-friendliness. Security measures: IP masking (pseudonymization of IP addresses). Legal basis: Consent (Art. 6(1)(a) GDPR). Further information on processing procedures, procedures, and services:
Google Analytics: Web analytics, audience measurement, and user flow measurement; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: https://marketingplatform.google.com/intl/en/about/analytics/; Privacy policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms; Standard contractual clauses (ensuring an adequate level of data protection for processing in third countries): https://business.safety.google/adsprocessorterms; Opt-out possibility (Opt-Out): Opt-Out plugin: https://tools.google.com/dlpage/gaoptout?hl=en, settings for displaying advertisements: https://adssettings.google.com/authenticated; Further information: https://privacy.google.com/businesses/adsservices (types of processing and processed data). Google Analytics 4: We use Google Analytics to measure and analyze the usage of our online platform based on a pseudonymous user identification number. This identification number does not contain unique data such as names or email addresses. It is used to associate analysis information with a device to recognize which content users have accessed within one or multiple usage sessions, which search terms they have used, revisited content, or interacted with our online platform.
Google Analytics 4: We use Google Analytics to measure and analyze the usage of our online offering based on a pseudonymous user identification number. This identification number does not contain unique data such as names or email addresses. It is used to associate analytical information with a device to recognize which content users have accessed during one or multiple browsing sessions, which search terms they have used, revisited content, or interacted with our online offering. Additionally, the timing and duration of usage, as well as the sources of users referring to our online offering, are stored, along with technical aspects of their devices and browsers. Pseudonymous user profiles are created in Analytics using information from the usage across different devices, and cookies may be utilized. Analytics provides higher-level geographic location data by capturing the following metadata through IP lookup: “City” (including the derived latitude and longitude of the city), “Continent,” “Country,” “Region,” “Subcontinent” (and the ID-based counterparts). To ensure the protection of user data within the EU, Google receives and processes all user data through domains and servers located within the EU. The IP address of users is not logged and is automatically truncated by the last two digits. IP address truncation for EU users occurs on EU servers. Furthermore, all sensitive data collected from users within the EU is deleted before being captured through EU domains and servers. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: https://marketingplatform.google.com/intl/en/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Data Processing Amendment: https://business.safety.google/adsprocessorterms/; Standard Contractual Clauses (ensuring an adequate level of data protection for processing in third countries): https://business.safety.google/adsprocessorterms; Opt-out possibility: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Ad Display Settings: https://adssettings.google.com/authenticated; Further information: https://privacy.google.com/businesses/adsservices (types of processing and processed data).
Google Tag Manager: Google Tag Manager is a solution that allows us to manage website tags and incorporate other services into our online offering (for further information, please refer to the additional details in this privacy policy). With the Tag Manager itself (which implements the tags), user profiles are not created, and cookies are not stored. Google only receives the IP address of the user, which is necessary to execute the Google Tag Manager. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Data Processing Amendment: https://business.safety.google/adsprocessorterms; Standard Contractual Clauses (ensuring an adequate level of data protection for processing in third countries): https://business.safety.google/adsprocessorterms.
Online Marketing
We process personal data for the purposes of online marketing, which includes the promotion of advertising space or the display of advertising and other content (collectively referred to as “content”) based on potential user interests, as well as measuring their effectiveness.
For these purposes, user profiles are created and stored in a file (known as a “cookie”) or similar methods are used to store information relevant to the user for displaying the aforementioned content. This information may include viewed content, visited websites, online networks used, as well as communication partners and technical details such as the browser used, the operating system, and information about usage times and functions. If users have consented to the collection of their location data, this data may also be processed.
IP addresses of users are also stored. However, we utilize available IP masking techniques (i.e., pseudonymization by truncating the IP address) to protect users. Generally, within the online marketing process, no clear data of users (such as email addresses or names) is stored, but pseudonyms are used. This means that neither we nor the providers of the online marketing processes know the actual identity of the users, only the information stored in their profiles.
The information in the profiles is typically stored in cookies or similar methods. These cookies can later be read on other websites that use the same online marketing process, analyzed for the purpose of content display, supplemented with additional data, and stored on the server of the online marketing process provider.
In exceptional cases, clear data can be assigned to the profiles. This is the case, for example, when users are members of a social network for which we use online marketing processes and the network connects the user profiles with the aforementioned information. Please note that users may have additional agreements with the providers, for example, through consent during registration.
Generally, we only have access to aggregated information about the success of our advertisements. However, in the context of so-called conversion tracking, we can determine which of our online marketing processes have led to a conversion, such as a contract conclusion with us. Conversion tracking is used solely for analyzing the success of our marketing measures.
Unless otherwise stated, please assume that the cookies used are stored for a period of two years.
Processed data types: Usage data (e.g., visited websites, interest in content, access times), meta and communication data (e.g., IP addresses, timestamps, identification numbers, consent status). Data subjects: Users (e.g., website visitors, users of online services). Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors), tracking (e.g., interest/behavior-based profiling, use of cookies), marketing, profiles with user-related information (creating user profiles), conversion measurement (measuring the effectiveness of marketing measures), remarketing, providing our online offering and user-friendliness. Security measures: IP masking (pseudonymization of IP address). Legal bases: Consent (Art. 6(1)(a) GDPR), Legitimate interests (Art. 6(1)(f) GDPR). Opt-out possibilities: We refer to the privacy policies of the respective providers and the opt-out options provided by them. If no explicit opt-out option has been specified, you have the option to disable cookies in your browser settings. However, this may restrict the functionality of our online offering. Therefore, we recommend the following opt-out options, which are provided summarily for each respective area: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-region: https://optout.aboutads.info.
Customer Reviews and Rating Processes
We participate in review and rating processes to evaluate, optimize, and promote our services. When users rate us or provide feedback through the involved review platforms or processes, the general terms and conditions and privacy policies of the providers also apply. Typically, rating requires registration with the respective providers.
To ensure that the reviewing individuals have actually utilized our services, we transmit the necessary data regarding the customer and the service received to the respective review platform with the customer’s consent (including name, email address, and order or item number). These data are solely used to verify the authenticity of the user.
Processed data types: Contract data (e.g., subject of the contract, duration, customer category), usage data (e.g., visited websites, interest in content, access times), meta and communication data (e.g., IP addresses, timestamps, identification numbers, consent status). Data subjects: Customers, users (e.g., website visitors, users of online services). Purposes of processing: Feedback (e.g., collecting feedback via online forms), marketing. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
Presence on Social Media
We maintain online presences within social networks and process user data as part of this to communicate with the active users there or to provide information about us.
We would like to point out that user data may be processed outside the European Union. This may result in risks for users, as it could, for example, make it more difficult to enforce users’ rights.
Furthermore, user data is typically processed within social networks for market research and advertising purposes. For example, user profiles can be created based on user behavior and resulting interests. These user profiles can then be used, for example, to display targeted advertisements within and outside of the networks that presumably correspond to users’ interests. Typically, cookies are stored on users’ computers for these purposes, in which user behavior and interests are stored. Additionally, data can be stored in user profiles regardless of the devices used by the users (particularly if the users are members of the respective platforms and logged in).
For a detailed presentation of the respective processing methods and opt-out options, please refer to the privacy policies and information provided by the operators of the respective networks.
In the event of information requests and the exercise of data subject rights, we would like to emphasize that these can be most effectively addressed with the providers. Only the providers have access to users’ data and can take appropriate measures and provide information directly. If you still need assistance, you can contact us.
Further information on processing procedures, processes, and services:
Instagram: Social network; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) of the GDPR); Website: https://www.instagram.com; Privacy policy: https://instagram.com/about/legal/privacy.
Facebook Pages: Profiles within the Facebook social network – We, together with Meta Platforms Ireland Limited, are responsible for the collection (but not further processing) of data from visitors to our Facebook Page (known as a “Fan Page”). This data includes information about the types of content users view or interact with, or the actions they take (see “Things You and Others Do and Provide” in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices users use (e.g., IP addresses, operating systems, browser types, language settings, cookie data; see “Device Information” in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, called “Page Insights,” to Page administrators, so they can gain insights into how people interact with their Pages and with the content associated with them. We have entered into a special agreement with Facebook (“Information about Page Insights,” https://www.facebook.com/legal/terms/page_controller_addendum), which specifies the security measures that Facebook must comply with, and Facebook has agreed to fulfill the rights of data subjects (i.e., users can address requests for information or deletion directly to Facebook). The rights of users (in particular, the right to information, deletion, objection, and complaint to the competent supervisory authority) are not limited by the agreements with Facebook. Further information can be found in the “Information about Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data); Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) of the GDPR); Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy; Standard Contractual Clauses (ensuring an adequate level of data protection for processing in third countries): https://www.facebook.com/legal/EU_data_transfer_addendum; Further information: Joint responsibility agreement: https://www.facebook.com/legal/terms/information_about_page_insights_data. The joint responsibility is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, particularly regarding the transmission of data to the parent company, Meta Platforms, Inc., in the USA (based on the Standard Contractual Clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy policy: https://policies.google.com/privacy; Opt-out option: https://adssettings.google.com/authenticated.
Plugins and embedded functions, as well as content
We integrate functional and content elements into our online offering that are provided by the servers of their respective providers (hereinafter referred to as “third-party providers”). These may include graphics, videos, or maps (hereinafter collectively referred to as “content”).
The integration always requires that the third-party providers of this content process the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is therefore necessary for the display of this content or functions. We make every effort to use only those contents whose respective providers use the IP address solely for the delivery of the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, visit time, as well as further information about the use of our online offering and may be linked to such information from other sources.
Processed data types: Usage data (e.g., visited web pages, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, time stamps, identification numbers, consent status); Inventory data (e.g., names, addresses); Contact data (e.g., email, telephone numbers); Content data (e.g., entries in online forms); Location data (information about the geographic location of a device or person).
Data subjects: Users (e.g., website visitors, users of online services).
Purposes of processing: Provision of our online offering and user-friendliness; Provision of contractual services and customer support.
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Rights of data subjects
As a data subject, you have various rights under the GDPR, particularly arising from Articles 15 to 21 of the GDPR:
Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, including profiling related to such direct marketing.
Right to withdraw consent: You have the right to withdraw your consent at any time.
Right to access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, if so, to access that data and receive additional information and a copy of the data in accordance with legal requirements.
Right to rectification: You have the right to request the completion of your personal data or the rectification of inaccurate personal data concerning you, in accordance with legal requirements.
Right to erasure and restriction of processing: Subject to legal requirements, you have the right to request the erasure of personal data concerning you without undue delay or, alternatively, to request the restriction of processing in accordance with legal requirements.
Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and have the right to transmit that data to another controller, in accordance with legal requirements.
Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data concerning you violates the provisions of the GDPR.
