Privacy Policy

1. Data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data refers to any data that can be used to identify you personally. For detailed information on data protection, please refer to our privacy policy set out below.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the section ‘Information on the responsible body’ in this privacy policy.

How do we collect your data?

Your data is collected, on the one hand, when you provide it to us. This may include, for example, data you enter into a contact form.

Other data is collected automatically or with your consent when you visit the website via our IT systems. This consists primarily of technical data (e.g. internet browser, operating system or time of page visit). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure the website functions correctly. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?

You have the right at any time to obtain information, free of charge, about the origin, recipients and purpose of your stored personal data. You also have the right to request the rectification or erasure of this data. If you have given consent to data processing, you may withdraw this consent at any time with effect for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority.

You may contact us at any time regarding this matter or any further questions on the subject of data protection.

Analytics tools and third-party tools

When you visit this website, your browsing behaviour may be statistically analysed. This is primarily done using so-called analytics programmes.

Detailed information on these analytics programmes can be found in the following privacy policy.

2. Hosting

We host the content of our website with the following provider:

All-Inkl

The provider is ALL-INKL.COM – Neue Medien Münnich, owned by René Münnich, Hauptstraße 68, 02742 Friedersdorf (hereinafter All-Inkl). For further details, please refer to All-Inkl’s privacy policy: https://all-inkl.com/datenschutzinformationen/.

The use of All-Inkl is based on Article 6(1)(f) of the GDPR. We have a legitimate interest in ensuring that our website is presented as reliably as possible. Where consent has been sought, processing takes place exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

Data Processing

We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law, which ensures that the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. General information and mandatory notices

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

Please note that data transmission over the internet (e.g. when communicating by email) may be subject to security vulnerabilities. It is not possible to guarantee complete protection of data against access by third parties.

Information on the data controller

The data controller responsible for data processing on this website is:

Memacon® GmbH

Schwanenwik 24

22087 Hamburg

Telephone: +494021080975

Email: recht@memacon.com

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).

Retention period

Unless a more specific retention period is stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you submit a valid request for erasure or withdraw your consent to data processing, your data will be erased, provided we have no other legally permissible grounds for storing your personal data (e. e.g. retention periods under tax or commercial law); in the latter case, deletion will take place once these grounds no longer apply.

General information on the legal basis for data processing on this website

Where you have consented to data processing, we process your personal data on the basis of Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, provided that special categories of data are processed in accordance with Article 9(1) GDPR. In the event of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Article 49(1)(a) of the GDPR. Where you have consented to the storage of cookies or to access to information on your device (e.g. via device fingerprinting), data processing is additionally carried out on the basis of Section 25(1) TDDDG. Consent may be withdrawn at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Article 6(1)(b) of the GDPR. Furthermore, we process your data where this is necessary to comply with a legal obligation on the basis of Article 6( 1(c) GDPR. Data processing may also take place on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR. Information regarding the relevant legal bases in each individual case is provided in the following paragraphs of this privacy policy.

Note on data transfers to third countries that are not safe under data protection law, as well as transfers to US companies that are not DPF certified

We use, amongst other things, tools from companies based in third countries that do not offer adequate data protection, as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to these countries and processed there. We would like to point out that a level of data protection comparable to that in the EU cannot be guaranteed in third countries that are not considered safe for data protection purposes.

We would like to point out that the USA, as a safe third country, generally offers a level of data protection comparable to that of the EU. Data transfers to the USA are therefore permitted if the recipient holds certification under the ‘EU-US Data Privacy Framework’ (DPF) or has appropriate additional safeguards in place. Information on transfers to third countries, including the recipients of the data, can be found in this privacy policy.

Recipients of personal data

As part of our business activities, we work with various external parties. In some cases, this requires the transfer of personal data to these external parties. We only disclose personal data to external parties if this is necessary for the performance of a contract, if we are legally obliged to do so (e.g. disclosure of data to tax authorities), if we have a legitimate interest in the disclosure pursuant to Article 6(1)(f) of the GDPR, or if another legal basis permits the disclosure of data. When using data processors, we only disclose our customers’ personal data on the basis of a valid data processing agreement. In the event of joint processing, a joint processing agreement is concluded.

Withdrawal of your consent to data processing

Many data processing operations are only possible with your explicit consent. You may withdraw any consent you have already given at any time. The lawfulness of the data processing carried out prior to the withdrawal remains unaffected by the withdrawal.

Right to object to data collection in specific cases and to direct marketing (Article 21 GDPR)

IF DATA PROCESSING IS BASED ON ARTICLE 6(1)(e) OR (f) OF THE GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS . THE RELEVANT LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA , UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF legal claims (objection under Article 21(1) of the GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES; THIS ALSO APPLIES TO PROFILING, TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR THE PURPOSES OF DIRECT MARKETING (OBJECTION UNDER ART. 21(2) GDPR ).

Right to lodge a complaint with the competent supervisory authority

In the event of infringements of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged infringement. This right to lodge a complaint is without prejudice to any other administrative or judicial remedies.

Right to data portability

You have the right to have data which we process automatically on the basis of your consent or in fulfilment of a contract provided to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place to the extent that it is technically feasible.

Access, correction and erasure

Within the framework of the applicable legal provisions, you have the right at any time to obtain, free of charge, information about your stored personal data, its origin and recipients, and the purpose of the data processing, and, where applicable, a right to the correction or erasure of this data. You may contact us at any time regarding this matter or any further questions concerning personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You may contact us at any time regarding this. The right to restriction of processing applies in the following cases:

If you dispute the accuracy of your personal data stored with us, we generally require time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data was or is unlawful, you may request the restriction of data processing instead of erasure.
If we no longer require your personal data, but you require it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.
If you have lodged an objection under Article 21(1) of the GDPR, a balancing of interests between yours and ours must be carried out. Until it is determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data – apart from its storage – may only be processed with your consent or for the purpose of asserting, exercising or defending legal claims, or to protect the rights of another natural or legal person, or for reasons of an important public interest of the European Union or a Member State.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the website operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address bar of the browser changes from “http:// ” to “https://” and by the padlock symbol in your browser bar.

When SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

4. Data collection on this website

Cookies

Our website uses so-called “cookies”. Cookies are small data packets and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.

Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain third-party services within websites (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies may be used to analyse user behaviour or for advertising purposes.

Cookies that are required to carry out the electronic communication process, to provide certain functions requested by you (e.g. for the shopping basket function) or to optimise the website (e.g. cookies for measuring website traffic) (necessary cookies) are stored on the basis of Art. 6(1)(f) 1(f) of the GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically flawless and optimised provision of its services. Where consent has been sought for the storage of cookies and similar recognition technologies, processing takes place exclusively on the basis of this consent (Article 6(1)(a) GDPR and Section 25(1) TDDDG); consent may be withdrawn at any time.

You can configure your browser to be informed when cookies are set and to allow cookies only on a case-by-case basis, to exclude the acceptance of cookies in specific cases or generally, and to enable the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

You can find out which cookies and services are used on this website in this privacy policy.

Contact form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.

The processing of this data is based on Article 6(1)(b) of the GDPR, provided your enquiry relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Article 6(1)(f) of the GDPR) or on your consent (Art. 6(1)(a) GDPR) where this has been requested; consent may be withdrawn at any time.

The data you enter in the contact form will remain with us until you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g. once your enquiry has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

Enquiries by email, telephone or fax

If you contact us by email, telephone or fax, your enquiry, including all personal data contained therein (name, enquiry), will be stored and processed by us for the purpose of handling your request. We will not pass on this data without your consent.

The processing of this data is based on Article 6(1)(b) of the GDPR, provided your enquiry relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR) provided this has been requested; consent may be withdrawn at any time.

The data you send to us via contact enquiries will remain with us until you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g. once your enquiry has been processed) . Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

Communication via WhatsApp and WhatsApp Business Services

General information on the use of WhatsApp

We use WhatsApp for customer communication, to send out the latest information and offers, and for customer support. In addition, we offer a WhatsApp chatbot for certain services.

This is implemented via the official WhatsApp Business API in conjunction with our technology provider [insert BSP name]. The provider of the WhatsApp services is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Categories of data processed

When using our WhatsApp services, we process the following personal data:

• Your telephone number

• Your WhatsApp profile name

• Your first name (if available)

• Your communication and interaction data within the chat

• Communication metadata (e.g. sender, recipient, time)

• Your click behaviour within the chat

• Other data entered by you during the chat interaction

• Technical log data (IP address, browser used, etc.)

Important note on encryption: Communication takes place via end-to-end encryption (peer-to-peer), which prevents WhatsApp or any other third parties from gaining access to the content of the communication. However, WhatsApp does have access to metadata generated during the communication process.

Legal basis for data processing

The processing of your personal data is based on different legal grounds depending on the context:

• Art. 6(1)(a) GDPR – Consent: If we process your data to send information or marketing communications via WhatsApp, this is done only with your explicit consent. Consent may be withdrawn at any time by sending “STOP” in the chat.

• Art. 6(1)(b) GDPR – Performance of a contract: If you use WhatsApp for customer support or contract processing, the processing is carried out for the performance of a contract or for the implementation of pre-contractual measures.

• Art. 6(1)(f) GDPR – Legitimate interest: The use of WhatsApp is based on our legitimate interest in communicating as quickly and effectively as possible with customers, prospective customers and other business and contractual partners. This also applies when we analyse how our service is used in order to improve it.

Retention period and data erasure

We store your data only for as long as is necessary for the respective processing purposes:

• The content of communications exchanged between you and us on WhatsApp remains with us until you request its erasure, withdraw your consent to storage, or the purpose for data storage no longer applies.

• If you withdraw your consent (by typing “STOP” in the chat), your personal data will no longer be used for the WhatsApp service and will be anonymised.

• Chat histories are deleted after 12 months at the latest, provided there is no legal obligation to retain them.

• Mandatory legal provisions – in particular retention periods under Section 147 of the German Fiscal Code (AO) (6 years) or Section 257 of the German Commercial Code (HGB) (10 years) – remain unaffected.

Data sharing and international data transfer

Processing within the EU

Your data is primarily processed within the European Union and is subject to the high data protection requirements of the GDPR.

Data transfer to third countries (USA)

According to its own statement, WhatsApp shares its users’ personal data with its US-based parent company, Meta Platforms, Inc. Data transfer to the USA may take place in the following cases:

• Support enquiries or system maintenance

• Data transfer by WhatsApp to Meta (USA)

Data protection measures for transfers to third countries

The following safeguards apply to data transfers to the USA:

• EU-US Data Privacy Framework: The company holds certification under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards when data is processed in the USA.

• EU Standard Contractual Clauses: In addition, the EU Commission’s Standard Contractual Clauses are used to ensure a level of data protection compliant with the GDPR.[5]

Further information on the DPF is available at: https://www.dataprivacyframework.gov/participant/7735

Data Processing Agreement

We have entered into a Data Processing Agreement (DPA) with WhatsApp Ireland Limited, which ensures the processing of your data in accordance with data protection regulations.

Your rights as a data subject

You have the right:

• To withdraw your consent at any time (by typing “STOP” in the chat or by emailing legal@memacon.com)

• To obtain information about your stored data in accordance with Article 15 of the GDPR

• To request the rectification of inaccurate data in accordance with Article 16 of the GDPR

• To request the erasure of your data in accordance with Article 17 of the GDPR

• To request the restriction of processing in accordance with Article 18 of the GDPR

• To object to data processing in accordance with Article 21 of the GDPR if it is based on our legitimate interests

You can send enquiries regarding your data protection rights to the following email address: legal@memacon.com

Further information

Further details on data processing by WhatsApp itself can be found in the WhatsApp Privacy Policy: https://www.whatsapp.com/legal/#privacy-policy

This privacy policy may be updated at any time to reflect new legal requirements or changes to our WhatsApp services. The current version can be found at https://www.memacon.com/de/datenschutz/.

Google Forms

We have integrated Google Forms into this website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter ‘Google’) .

Google Forms enables us to create online forms to collect messages, enquiries and other input from our website visitors in a structured manner. All data you enter is processed on Google’s servers. Google Forms stores a cookie in your browser that contains a unique ID (NID cookie). This cookie stores various pieces of information, such as your language settings.

The use of Google Forms is based on our legitimate interest in determining your enquiry in the most user-friendly way possible (Art. 6(1)(f) GDPR). Where consent has been requested, processing takes place exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

The data you enter in the form will remain with us until you request its deletion, withdraw your consent to its storage, or the purpose for storing the data ceases to apply (e.g. once your enquiry has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

For further information, please refer to Google’s privacy policy at https://policies.google.com/.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/participant/5780.

Data Processing

We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law, which ensures that the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Calendly

On our website, you have the option to book appointments with us. We use the “Calendly” tool for appointment booking . The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter “Calendly”).

To book an appointment, you enter the requested data and your preferred date into the form provided. The data entered is used for the planning, execution and, where applicable, follow-up of the appointment. The appointment data is stored on Calendly’s servers on our behalf; you can view their privacy policy here: https://calendly.com/privacy.

The data you enter will remain with us until you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies. Mandatory legal provisions – in particular retention periods – remain unaffected.

The legal basis for data processing is Article 6(1)(f) f GDPR. The website operator has a legitimate interest in making it as straightforward as possible to arrange appointments with prospective clients and customers. Where consent has been sought, processing takes place exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://calendly.com/pages/dpa.

The company holds certification under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/participant/6050.

Data processing

We have concluded a data processing agreement (DPO) for the use of the aforementioned service. This is a contract required under data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Google Calendar

On our website, you have the option to book appointments with us. We use Google Calendar for scheduling. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”).

To book an appointment, please enter the requested details and your preferred date into the form provided. The data entered will be used for the planning, execution and, where applicable, follow-up of the appointment. The appointment data is stored on Google Calendar’s servers on our behalf; you can view their privacy policy here: https://policies.google. com/privacy.

The legal basis for data processing is Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in making it as straightforward as possible to arrange appointments with prospective clients and customers. Where consent has been sought, processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. for device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://workspace.google.com/terms/dpa_terms.html and here https://cloud.google.com/terms/sccs.

Data Processing

We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Pipedrive

We use Pipedrive to manage customer data. The provider is Pipedrive GmbH, Mustamäe tee 3a, 10615 Tallinn, Estonia (hereinafter “Pipedrive”).

Pipedrive is a CRM system and enables us, amongst other things, to manage existing and potential customers as well as customer contacts, and to organise sales and communication processes. The use of the CRM system also enables us to analyse our customer-related processes. Customer data is stored on Pipedrive’s servers.

Details on Pipedrive’s functions can be found here: https://www.pipedrive.com/de.

The use of Pipedrive is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in ensuring that customer management and customer communication are as efficient as possible. Where consent has been obtained, processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

For further details, please refer to Pipedrive’s privacy policy: https://www.pipedrive.com/de/privacy.

Data Processing

5. Social media

eRecht24 Safe Sharing Tool

The content on this website can be shared on social networks such as Facebook, X & Co. in a manner compliant with data protection regulations. This site uses the eRecht24 Safe Sharing Tool for this purpose. This tool only establishes direct contact between the networks and users when the user actively clicks on one of these buttons. Clicking the button constitutes consent within the meaning of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. This consent may be withdrawn at any time with future effect.

This tool does not automatically transfer user data to the operators of these platforms. If the user is logged in to one of the social networks , an information window appears when using the social media elements of Facebook, X & Co., in which the user can confirm the text before submitting.

Our users can share the content of this site on social networks in compliance with data protection regulations without the operators of the networks creating complete browsing profiles.

The service is used to obtain the legally required consents for the use of certain technologies. The legal basis for this is Article 6(1)(c) of the GDPR.

6. Analytics tools and advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that enables us to integrate tracking or statistics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies or carry out independent analyses. It serves solely to manage and deliver the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transferred to Google’s parent company in the United States.

The use of Google Tag Manager is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in the quick and straightforward integration and management of various tools on its website. Where consent has been obtained, processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR 1(a) GDPR and Section 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

The company holds certification under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Analytics

This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, time spent on the site, operating systems used and the user’s origin. This data is associated with the user’s respective device. It is not linked to a user ID.

Furthermore, Google Analytics allows us, amongst other things, to record your mouse and scroll movements and clicks. Google Analytics also uses various modelling approaches to supplement the collected data sets and employs machine learning technologies in data analysis.

Google Analytics uses technologies that enable user recognition for the purpose of analysing user behaviour (e.g. cookies or device -fingerprinting). The information collected by Google regarding the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. Consent may be withdrawn at any time.

Data transfer to the USA is based on the standard contractual of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/ .

IP anonymisation

Google Analytics IP anonymisation is enabled. This means that your IP address is truncated by Google within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide other services relating to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Further information on how Google Analytics handles user data can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Data processing

We have entered into a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

WP Statistics

This website uses the WP Statistics analysis tool to statistically evaluate visitor traffic. The provider is Veronalabs, Tatari 64, 10134, Tallinn, Estonia (https://veronalabs.com).

WP Statistics enables us to analyse the use of our website. WP Statistics collects, among other things, log files (IP address, referrer, browser used, user’s location, search engine used) and actions that website visitors have performed on the site (e.g. clicks and views).

The data collected by WP Statistics is stored exclusively on our own server.

The use of this analytics tool is based on Article 6(1)(f) of the GDPR. We have a legitimate interest in the anonymised analysis of user behaviour in order to optimise both our website and our advertising. Where consent has been sought, processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

IP anonymisation

We use WP Statistics with anonymised IP. Your IP address is truncated in the process so that it can no longer be directly attributed to you.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising programme provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters specific search terms into Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available to Google (e.g. location data and interests) (audience targeting). As the website operator, we can evaluate this data quantitatively, for example by analysing which search terms led to the display of our advertisements and how many advertisements resulted in corresponding clicks.

The use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. Consent may be withdrawn at any time.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://policies.google.com/privacy/frameworks and https://business. safety.google/controllerterms/.

Meta Pixel (formerly Facebook Pixel)

This website uses Facebook/Meta’s visitor action pixels for conversion tracking. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

This allows the behaviour of website visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook advertisement. This enables the effectiveness of Facebook advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimised.

The data collected is anonymous to us as the operators of this website; we cannot draw any conclusions regarding the identity of users. However, the data is stored and processed by Facebook, enabling a link to be established with the respective user profile and allowing Facebook to use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy (https://de-de.facebook.com/about/privacy/). This enables Facebook to display advertisements on Facebook pages as well as outside of Facebook. As the website operator, we have no influence over this use of the data.

The use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. Consent may be withdrawn at any time.

We use the extended matching feature within Meta Pixel.

Extended matching enables us to transmit various types of data (e.g. place of residence, county, postcode, hashed email addresses, names, gender, date of birth or telephone number) relating to our customers and prospects, which we collect via our website, to Meta (Facebook) . By activating this feature, we can tailor our advertising campaigns on Facebook even more precisely to people who are interested in our offers. Furthermore, enhanced matching improves the attribution of website conversions and expands Custom Audiences.

Insofar as personal data is collected on our website and forwarded to Facebook using the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook following the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/ controller_addendum. Under this agreement, we are responsible for providing data protection information when using the Facebook tool and for ensuring the tool is implemented on our website in a manner that complies with data protection law. Facebook is responsible for the data security of Facebook products. Data subjects may exercise their rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you exercise your data subject rights with us, we are obliged to forward these to Facebook.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum and https: //de-de.facebook.com/help/566994660333381.

You can find further information on the protection of your privacy in Facebook’s privacy policy: https://de-de.facebook.com/about/privacy/.

You can also deactivate the ‘Custom Audiences’ remarketing function in the ad settings section at https: //www.facebook.com/ads/preferences/? entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.

If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.

Facebook Conversion API

We have integrated the Facebook Conversion API into this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

The Facebook Conversion API enables us to track website visitors’ interactions with our website and share this information with Facebook in order to improve advertising performance on Facebook.

In particular, the time of the visit, the webpage visited, your IP address and your user agent, as well as any other specific data (e.g. products purchased, value of the shopping basket and currency) are collected. A complete overview of the data that can be collected can be found here: https://developers.facebook.com/docs/marketing-api/conversions-api/parameters.

The use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. Consent may be withdrawn at any time.

Insofar as personal data is collected on our website using the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Article 26 of the GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook following the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information regarding the use of the Facebook tool and for ensuring the tool is implemented on our website in a manner that complies with data protection law. Facebook is responsible for the data security of Facebook products. You may exercise your data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you exercise your data subject rights with us, we are obliged to forward these to Facebook.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Further details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

You can find further information on the protection of your privacy in Facebook’s privacy policy: https://de-de.facebook.com/about/privacy/.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US designed to ensure compliance with European data protection standards when processing data in the US. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dat aprivacyframework.gov/participant/4452.

Data Processing

Facebook Custom Audiences

We use Facebook Custom Audiences. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

When you visit or use our websites and apps, make use of our free or paid services, transmit data to us or interact with our company’s Facebook content, we collect your personal data in the process. If you give us your consent to use Facebook Custom Audiences, we will transmit this data to Facebook, which Facebook can use to display relevant advertising to you. Furthermore, your data can be used to define target groups (Lookalike Audiences).

Facebook processes this data as our data processor. Details can be found in Facebook’s Terms of Service: https://www.facebook.com/legal/terms/ customaudience.

Use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. Consent may be withdrawn at any time.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/terms/customaudience and https://www.facebook.com/legal/terms/dataprocessing.

TikTok Pixel

We have integrated the TikTok Pixel into this website. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (hereinafter TikTok).

With the help of the TikTok Pixel, we can display interest-based advertising on TikTok (TikTok Ads) to website visitors who have viewed our content. At the same time, the TikTok Pixel enables us to determine how effective our advertising on TikTok is. This allows the effectiveness of TikTok advertisements to be evaluated for statistical and market research purposes and optimised for future advertising campaigns. Various usage data are processed in this context, such as IP address, page views, duration of visit, operating systems used and the user’s location, information about the advertisement a person has clicked on on TikTok or an event that has been triggered (timestamp). This data is aggregated into a user ID and assigned to the website visitor’s respective device.

Use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. Consent may be withdrawn at any time.

Data transfers to third countries are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE and https://ads.tiktok.com/i18n/official/policy/controller-to-controller.

Data processing

We have concluded a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law, which ensures that the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

LinkedIn Insight Tag

This website uses the LinkedIn Insight Tag. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Data processing via the LinkedIn Insight Tag

With the help of the LinkedIn Insight Tag, we receive information about visitors to our website. If a website visitor is registered with LinkedIn, we can analyse, amongst other things, key professional details (e.g. career level, company size, country, location, industry and job title) of our website visitors and thus better tailor our site to the respective target groups. Furthermore, with the help of LinkedIn Insight Tags, we can measure whether visitors to our web pages make a purchase or take any other action (conversion tracking). Conversion tracking can also be carried out across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting function, which allows us to display targeted advertising to our website visitors outside the website; however, according to LinkedIn, the recipient of the advertising is not identified.

LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser properties, and time of access). The IP addresses are shortened or (if used to reach LinkedIn members across devices) hashed (pseudonymised). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymised data is then deleted within 180 days.

As the website operator, we cannot link the data collected by LinkedIn to specific individuals. LinkedIn will store the personal data collected from website visitors on its servers in the USA and use it for its own advertising purposes. For further details, please refer to LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy# choices-oblig.

Legal basis

Where consent has been obtained, the use of the aforementioned service is based exclusively on Article 6(1)(a) a GDPR and Section 25 TDDDG. Consent may be withdrawn at any time. Where consent has not been obtained, the use of this service is based on Article 6(1)(f) GDPR; the website operator has a legitimate interest in effective advertising measures, including the use of social media.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

Objecting to the use of the LinkedIn Insight Tag

You can object to the analysis of usage behaviour and targeted advertising by LinkedIn via the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

Data Processing

7. Newsletter

Newsletter data

If you wish to subscribe to the newsletter offered on the website, we require your email address and information that allows us to verify that you are the owner of the email address provided and that you consent to receiving the newsletter. No further data is collected, or only on a voluntary basis. We use newsletter service providers, described below, to manage the newsletter.

ActiveCampaign

This website uses ActiveCampaign to send newsletters. The provider is ActiveCampaign, Inc., 1 N Dearborn, 5th Floor, Chicago, Illinois 60602, USA.

ActiveCampaign is a service that can be used, amongst other things, to organise and analyse the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter is stored on ActiveCampaign’s servers in the USA.

Data analysis by ActiveCampaign

With the help of ActiveCampaign, we are able to analyse our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links, if any, have been clicked. In this way, we can determine, amongst other things, which links have been clicked particularly often.

Furthermore, we can identify whether certain predefined actions were carried out after opening or clicking (conversion rate). For example, we can see whether you made a purchase after clicking on the newsletter.

ActiveCampaign also enables us to segment newsletter recipients into different categories (“clustering”). Newsletter recipients can be categorised, for example, by age, gender or place of residence. This allows us to better tailor the newsletters to the respective target groups. If you do not wish to be analysed by ActiveCampaign, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.

For detailed information on ActiveCampaign’s features, please refer to the following link: https://www.activecampaign.com/email-marketing.

ActiveCampaign’s privacy policy can be found at: https://www.activecampaign.com/privacy-policy.

Legal basis

Data processing is carried out on the basis of your consent (Art. 6(1)(a) GDPR). You may withdraw this consent at any time. The lawfulness of data processing operations already carried out remains unaffected by the withdrawal.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.activecampaign.com/legal/newscc and https://www.activecampaign.com/de/legal/gdpr-updates/privacy-shield.

Retention period

The data you have provided to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter, and will be deleted from the newsletter distribution list once you have unsubscribed. Data stored by us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter distribution list, your email address may be stored on our systems or those of the newsletter service provider in a blacklist, where necessary to prevent future mailings. The data from the blacklist is used solely for this purpose and is not merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Article 6(1)(f) of the GDPR). There is no time limit on storage in the blacklist. You may object to this storage provided that your interests override our legitimate interest.

The company is certified under the “EU-US Data Privacy Framework” (DPF) . The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework. gov/participant/4495.

Data Processing

8. Plugins and tools

YouTube with enhanced privacy

This website embeds videos from the YouTube website. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of the pages on this website where YouTube is embedded, a connection is established with YouTube’s servers. In doing so, the YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to link your browsing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in enhanced privacy mode. According to YouTube, videos played in enhanced privacy mode are not used to personalise your browsing experience on YouTube. Advertisements displayed in enhanced privacy mode are also not personalised. No cookies are set in enhanced privacy mode. Instead, however, so-called local storage elements are stored in the user’s browser; these contain personal data in a similar way to cookies and can be used for recognition purposes. Details on enhanced privacy mode can be found here: https://support.google.com/youtube/answer/171780.

Where applicable, further data processing operations may be triggered after a YouTube video is activated, over which we have no control.

The use of YouTube is in the interest of presenting our online services in an appealing manner. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. Where consent has been requested, processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

Further information on data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.

The company is certified under the “EU-US Data Privacy Framework” (DPF) . The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Fonts (locally hosted)

This site uses so-called Google Fonts, provided by Google, to ensure consistent font display. The Google Fonts are installed locally. No connection to Google’s servers is established.

Further information on Google Fonts can be found at https: //developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Font Awesome (local hosting)

This site uses Font Awesome to ensure consistent font display. Font Awesome is installed locally. No connection is made to servers operated by Fonticons, Inc.

Further information on Font Awesome can be found in the Font Awesome privacy policy at: https://fontawesome.com/privacy.

Google Maps

This site uses the Google Maps mapping service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. This service enables us to embed map content on our website.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence over this data transmission. When Google Maps is activated, Google may use Google Fonts for the purpose of ensuring consistent font display. When you access Google Maps, your browser loads the required web fonts into its cache to display text and fonts correctly.

The use of Google Maps is in the interest of presenting our online services in an appealing manner and ensuring that the locations specified on our website are easy to find. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. Where consent has been sought, processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/ gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

Further information on the handling of user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

The company is certified under the “EU-US Data Privacy Framework” (DPF) . The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https:// www.dataprivacyframework.gov/participant/5780.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to verify whether data entry on this website (e.g. in a contact form) is carried out by a human or by an automated programme. To this end, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various pieces of information (e.g. IP address, the duration of the website visitor’s stay on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not notified that an analysis is taking place.

The storage and analysis of the data is carried out on the basis of Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated scanning and from SPAM. Where relevant consent has been sought, processing takes place exclusively on the basis of Article 6(1)(a) a GDPR and Section 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

Further information on Google reCAPTCHA can be found in Google’s Privacy Policy and Terms of Service at the following links: https: //policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

SoundCloud

Plugins from the social network SoundCloud (SoundCloud Limited, Berners House, 47-48 Berners Street, London W1T 3NF, United Kingdom) may be integrated into this website. You can recognise the SoundCloud plugins by the SoundCloud logo on the relevant pages.

When you visit this website, a direct connection is established between your browser and the SoundCloud server once the plugin is activated. This informs SoundCloud that you have visited this website using your IP address. If you click the ‘Like’ or ‘Share’ button whilst logged into your SoundCloud account, you can link the content of this website to your SoundCloud profile and/or share it. This allows SoundCloud to associate your visit to this website with your user account. Please note that, as the provider of these pages, we have no knowledge of the content of the data transmitted or its use by SoundCloud.

The storage and analysis of the data is carried out on the basis of Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in achieving the widest possible visibility on social media. Where relevant consent has been sought, processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

The United Kingdom is considered a safe third country for data protection purposes. This means that the United Kingdom has a level of data protection equivalent to that in the European Union.

Further information on this can be found in SoundCloud’s privacy policy at: https://soundcloud.com/pages/privacy.

If you do not wish SoundCloud to associate your visit to this website with your SoundCloud account, please log out of your SoundCloud account before activating the content of the SoundCloud plugin.

Podigee

We embed the Podigee podcast player (Podigee Player) on our website. The provider is Podigee GmbH, Schlesische Straße 20, 10997 Berlin.

The Podigee Player integrated into our website primarily collects usage-related data such as your IP address, referrer URL, device information and the podcast accessed. This data is collected by the provider of Podigee.

The use of Podigee is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in integrating media content as seamlessly as possible. Where consent has been sought, processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. for device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

For further details, please refer to the provider’s privacy policy at https://www.podigee.com/ de/ueber-uns/datenschutz.

Data processing

Zapier

We have integrated Zapier into this website. The provider is Zapier Inc., Market St. #62411, San Francisco, CA 94104-5401, USA (hereinafter Zapier) .

Zapier enables us to link various functionalities, databases and tools to our website and synchronise them with one another. In this way, it is possible, for example, to automatically publish content that we post on our website on our social media channels or to export content from marketing and analytics tools. Depending on the functionality, Zapier may also collect various personal data in this process.

The use of Zapier is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in ensuring the most effective integration of the tools used. Where consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://zapier.com/tos.

Data processing

9. Audio and video conferences

Data processing

We use online conferencing tools, amongst other means, to communicate with our customers. The specific tools we use are listed below. When you communicate with us via video or audio conference over the internet, your personal data will be collected and processed by us and the provider of the relevant conference tool.

The conference tools collect all data that you provide or use to utilise the tools (email address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, the start and end times of your participation in the conference, the number of participants and other ‘contextual information’ relating to the communication process (metadata).

Furthermore, the tool provider processes all technical data required to facilitate online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.

Where content is exchanged, uploaded or otherwise made available within the tool, this is also stored on the tool provider’s servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared whilst using the service.

Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the privacy policies of the respective tools used, which we have listed below this text.

Purpose and legal basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer specific services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of the tools serves to generally simplify and expedite communication with us or our company (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Where consent has been requested, the use of the relevant tools is based on this consent; consent may be withdrawn at any time with effect for the future.

Retention period

Data collected directly by us via the video and conferencing tools will be deleted from our systems as soon as you request deletion, withdraw your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence over the storage period of your data stored by the operators of the conferencing tools for their own purposes. For further details, please contact the operators of the conferencing tools directly.

Conferencing tools used

We use the following conferencing tools:

Google Meet

We use Google Meet. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on data processing, please refer to Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Data Processing

10. WhatsApp chatbots and WhatsApp services

General information on the use of WhatsApp

We use WhatsApp for customer communication, to send out the latest information and offers, and for customer support. In addition, we offer a WhatsApp chatbot for certain events or service offerings.

This is implemented via the official WhatsApp Business API in conjunction with the technology provider Superchat(SuperX GmbH, Prenzlauer Allee 242-247, 10405 Berlin, Germany, hereinafter referred to as “Superchat”).

Furthermore, the service is also implemented via the official WhatsApp Business API in conjunction with the technology provider ManyChat, Inc. (535 Everett Ave, Palo Alto, CA 94301, USA, hereinafter referred to as “ManyChat”).

The primary data processing takes place on servers in Frankfurt am Main, Germany, meaning it is carried out within the EU and in accordance with the standards of the General Data Protection Regulation (GDPR).

Categories of data processed

When you use our WhatsApp chatbot, we process the following personal data:

Your telephone number
Your WhatsApp profile name
Your first name (if available)
Your communication and interaction data within the chat
Your click behaviour within the chat
Publicly available information from your social media profiles (where relevant)
Your browsing behaviour on our website
Other data entered by you during the chat interaction
Technical log data (IP address, browser used, etc.)

Further details on data processing by WhatsApp itself can be found in the WhatsApp Privacy Policy: https://www.whatsapp.com/legal/#privacy-policy.

Legal basis for data processing

The processing of your personal data is based on different legal grounds depending on the context:

Art. 6(1)(a) GDPR – Consent:

If we process your data to send you information or marketing communications via WhatsApp, this is done only with your explicit consent. This is given via the chat by selecting the “START” button. Consent can be withdrawn at any time by sending “STOP” in the chat.

Art. 6(1)(b) GDPR – Performance of a contract or pre-contractual measures:

If you use WhatsApp for customer service or contract processing (e.g. for support enquiries or order processing), the processing of your data is carried out for the performance of a contract or to take steps prior to entering into a contract.

Art. 6(1)(f) GDPR – Legitimate interest:

In certain cases, processing may be based on our legitimate interest in effective customer communication. This applies, for example, when we analyse how our chatbot is used in order to improve it.

Section 25(1) TTDSG – Consent for cookies or device access:

If the processing involves tracking technologies such as cookies or device fingerprinting, this will only take place with your separate consent in accordance with Section 25(1) TTDSG. This consent may be withdrawn at any time.

Retention period and data erasure

We only store your data for as long as is necessary for the respective processing purposes:

If you withdraw your consent (by typing “STOP” in the chat), your personal data will no longer be used for the WhatsApp service and will be anonymised.
Communication histories are deleted after 12 months at the latest, provided there is no legal obligation to retain them.
If the data is required for the performance of a contract, it will be stored in accordance with the statutory retention periods, in particular Section 147 of the German Fiscal Code (AO) (6 years) or Section 257 of the German Commercial Code (HGB) (10 years).

Data disclosure and possible transfer to third countries

Your telephone number and communication data are transferred to the following companies in connection with the use of WhatsApp:

Processing within the EU (Germany)

Your data is primarily processed on servers in Frankfurt am Main, Germany, hosted by Superchat. This means your data is processed within the EU and is subject to the high data protection requirements of the GDPR.

Possible transfer to third countries (in particular the USA)

Despite the primary processing taking place within the EU, data transfers to third countries (in particular the USA) may occur in the following cases:

Support enquiries or system maintenance by Superchat, Inc.

If technical support from Superchat is required, employees of Superchat, Inc. in the USA may access personal data.

Data transfer by WhatsApp to Meta (USA)

WhatsApp Ireland Limited processes the data within the EU, but may transfer data to Meta Platforms, Inc. (USA).

Data protection measures for transfers to third countries

If data is transferred to the USA, the following safeguards are in place:

EU-US Data Privacy Framework: Superchat participates in the new EU-US Data Privacy Framework, which ensures an adequate level of data protection.
EU Standard Contractual Clauses (SCCs): Superchat and WhatsApp use the European Commission’s Standard Contractual Clauses to ensure a level of data protection compliant with the GDPR.

Withdrawal of consent and data subject rights

You have the right:

To withdraw your consent at any time (by typing “STOP” in the chat or by emailing legal@memacon.com
To obtain information about your stored data in accordance with Article 15 of the GDPR.
To request the rectification of inaccurate data in accordance with Article 16 of the GDPR.
To request the erasure of your data in accordance with Article 17 of the GDPR, provided that no statutory retention obligations prevent this.
To request the restriction of processing in accordance with Article 18 of the GDPR.
To object to data processing in accordance with Article 21 of the GDPR if it is based on our legitimate interest.

You may direct enquiries regarding your data protection rights to the following email address: legal@memacon.com .

Changes to the Privacy Policy

We reserve the right to amend this privacy policy at any time to bring it into line with new legal requirements or changes to our WhatsApp services. The current version can be found at www.memacon.com/datenschutz.

11. Our own services

Handling of applicant data

We offer you the opportunity to apply for a job with us (e.g. by email, post or via the online application form). Below, we provide information on the scope, purpose and use of your personal data collected during the application process. We assure you that the collection, processing and use of your data are carried out in accordance with applicable data protection law and all other legal provisions, and that your data will be treated as strictly confidential.

Scope and purpose of data collection

If you send us an application, we will process your associated personal data (e.g. contact and communication details, application documents, notes taken during interviews, etc.) to the extent necessary to decide on the establishment of an employment relationship. The legal basis for this is Section 26 of the German Federal Data Protection Act (BDSG) (initiation of an employment relationship), Article 6(1)(b) of the General Data Protection Regulation (GDPR) (general pre-contractual processing) and – provided you have given your consent – Article 6(1)(a) of the GDPR. Consent may be withdrawn at any time. Your personal data will be passed on within our company exclusively to those persons involved in processing your application.

If your application is successful, the data you have submitted will be stored in our data processing systems on the basis of Section 26 of the BDSG and Article 6(1)(b) of the GDPR for the purpose of carrying out the employment relationship.

Data retention period

If we are unable to offer you a position, you decline a job offer or withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Article 6(1)(f) of the GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The retention serves, in particular, as evidence in the event of a legal dispute. If it is apparent that the data will be required after the expiry of the 6-month period (e.g. due to an impending or pending legal dispute), deletion will only take place once the purpose for continued retention no longer applies.

Data may also be retained for a longer period if you have given your consent (Art. 6(1)(a) GDPR) or if statutory retention obligations prevent deletion.

Inclusion in the applicant pool

If we do not make you a job offer, there may be the option of adding you to our applicant pool. If you are added, all documents and details from your application will be transferred to the applicant pool so that we can contact you should suitable vacancies arise.

Inclusion in the applicant pool is based solely on your explicit consent (Art. 6(1)(a) GDPR) . Consent is voluntary and is unrelated to the current application process. The data subject may withdraw their consent at any time. In this case, the data from the applicant pool will be irrevocably deleted, provided there are no legal grounds for retention.

The data from the applicant pool will be irrevocably deleted no later than two years after consent is given.

Google Drive

We have integrated Google Drive into this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Drive enables us to integrate an upload area on our website where you can upload content. When you upload content, it is stored on Google Drive’s servers. When you visit our website, a connection to Google Drive is also established, enabling Google Drive to determine that you have visited our website.

The use of Google Drive is based on Article 6(1)(f) f of the GDPR. The website operator has a legitimate interest in providing a reliable upload area on its website. Where consent has been sought, processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR; consent may be withdrawn at any time.

The company is certified under the ‘EU-US Data Privacy Framework’ (DPF) . The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/participant/5780.