Privacy policy


1. Controller
Responsible for data collection and processing in the sense of the General Data Protection Regulation is

KLIEMT.Arbeitsrecht Partnership of Lawyers Ltd.
Speditionstraße 21
40221 Düsseldorf
Phone: +49 (0) 211 88288-288
Email: datenschutz@kliemt.de
Internet: www.kliemt.de

Contact details of the data protection officer

InfiniSafe GmbH
Data Protection and IT Security
Richard-Strauss-Strasse 71
81679 Munich
Phone: +49 (0) 89 452216-70
Fax: +49 (0) 89 452216-79
Email: peter.rother@infinisafe.de
Internet: https://infinisafe.de

Introduction and general information on data processing
The protection of your personal data is extremely important to us. For this reason, we treat your personal data confidentially and comply with the statutory provisions on data protection, and in particular the European Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). This privacy policy is intended to inform you about the nature, scope and purpose of the collection and use of personal data by us as the aforementioned responsible party.

We distinguish between different forms of data protection notices, which differ in content according to the respective group of addressees to whom they are addressed. Below you will find the data protection notices according to Art. 13 GDPR, which are addressed to our business partners (customers, interested parties and suppliers) as well as visitors of our website (A., B.). The further statements (C. to F.) apply to our business partners as well as to our website visitors.

A. Business partners

1. Scope of processing of personal data
As a matter of principle, we only collect data whose processing is either required by law, contractually agreed, necessary for the conclusion and performance of the contract, or voluntarily provided to us based on consent.

2. Legal basis for the processing of personal data

a. Data processing for the performance of the contract
We process the personal data provided to us in accordance with Art. 6 (1) lit. b GDPR for the pur-pose of fulfilling the contract. This includes in particular the use for contract initiation as well as for subsequent contract or mandate support.

b. Data processing based on consent
We only base the processing of your personal data on consent pursuant to Art. 6 (1) lit a GDPR if processing is not already justified on other legal grounds.

We request consent if we wish to provide information about the company’s own products and services as well as events and corresponding data processing to protect legitimate interests is not possible (see also below).

We also request your consent if we should ever ask you to participate in a survey.

c. Data processing for the protection of legitimate interests
We only process personal data in accordance with Art. 6 (1) lit. f GDPR to save legitimate interests if the further requirements of Art. 6 (1) lit. f GDPR are met, i.e. if our interests in data processing or the interests of a third party outweigh your interests or fundamental rights and freedoms in the individual case.

Based on Art. 6 (1) lit. f GDPR, we process your data – to the extent necessary and permissible – to check whether we want to or are allowed to accept an order (in particular conflicts of interest).

Furthermore, we use your personal data if and to the extent necessary to protect our legitimate legal interests, for example to defend and enforce claims. In this respect, too, the data processing is based on Art. 6 (1) lit. f GDPR.

d. Data processing for the fulfilment of legal obligations
If and to the extent necessary, we process your data in order to comply with any legal documentation obligations, for example towards tax offices and supervisory authorities. The data processing is based on Art. 6 (1) lit. c GDPR. A legal obligation arises in particular from § 147 Tax Code (AO) and § 50 Federal Lawyers’ Act (BRAO). Furthermore, we process your data pursuant to Art. 6 (1) lit. c GDPR for the purpose of an indepth examination as to whether an assignment may be accepted. The same applies to the obligation imposed on us by law to identify our business partners and the further obligations under the provisions of the Money Laundering Act.

e. Processing of personal data for the protection of vital interests
If your vital interests or those of another natural person make it necessary to process personal data, Art. 6 (1) lit. d GDPR serves as the legal basis.

B. Website

1. Scope of the processing of personal data
As a matter of principle, we only collect personal data whose processing is either required by law, contractually agreed, necessary for the implementation of the contract as well as for the performance of the contract, or voluntarily provided to us based on consent.
We collect, store and use personal data from you as a website visitor only to the extent necessary to provide a functional website and to present our content and services. The collection and use of your personal data occur only after your consent. An exception applies in those cases where it is not possible to obtain previous consent for factual reasons and the processing of the data is permitted by legal regulations.

2. Legal basis for the processing of personal data

a. Data processing for the performance of a contract
When processing personal data that is necessary for the performance of a contract to which you are a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of precontractual measures.

b. Data processing based on consent
As we obtain your consent for processing operations of personal data, Art. 6 (1) lit. a GDPR is the legal basis for the processing of personal data. We only base the processing of your personal data on consent pursuant to Art. 6 (1) lit a GDPR if processing is not already justified for other legal reasons.

Consent can be withdrawn at any time without affecting the lawfulness of the processing carried out so far.

c. Data processing for the protection of legitimate interests
We only process your personal data in accordance with Art. 6 (1) lit. f GDPR to save legitimate interests if the further requirements of Art. 6 (1) lit. f GDPR are met, i.e. if our interests in the data processing or the interests of a third party outweigh your interests or fundamental rights and freedoms in the individual case.

Based on Art. 6 (1) lit. f GDPR, we use your personal data if and to the extent necessary to protect our legitimate legal interests, for example, to defend and enforce claims. In this respect, too, the data processing is based on Art. 6 (1) lit. f GDPR.

C. Data deletion and storage period
Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, storage may take place if this has been provided for by the European or national legislator in European regulations, acts or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the implementation or performance of a contract.

D. Security using TLS/SSL
If you transmit your data to us via our website, we use current secure technologies, in particular the so-called “Transport Layer Security” transmission (TLS) (previously also known as “Secure Socket Layer” transmission (SSL)). All information and data transmitted using these secure methods is encrypted before being sent to us. This applies in particular to all personal data of our business partners, such as credit card number, bank code, bank account number, name and address. To protect you and us beyond that from misuse, the IP address of your computer is transmitted to us. We would like to point out that encryption using these technical methods only works if the appropriate technical settings have also been made on your side.

E. Individual processing operations

1. Provision of the website and creation of log files
Each time our website is called up, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected in this process:

  • Your IP address
  • Your browser type and browser version
  • Your system software
  • Date and time of your visit to the website
  • Duration of your visit to the website
  • Visited website
  • Internet page/source/reference from which the website was visited

This data is not stored together with your other personal data.

The temporary storage of the IP address by the system is necessary to enable delivery of the website to your computer. For this purpose, your IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

This is also our legitimate interest in data processing within the meaning of Art. 6 (1) lit. f GDPR, which is the legal basis for the temporary storage of personal data and log files.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, your IP ad-dress is deleted or alienated, so that an assignment of the calling client is no longer possible.

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility to disagree.

2. Storage of cookies
To make visiting our website attractive and to enable the use of certain functions, as well as for analysis and statistical purposes and to increase our level of awareness, we use so-called cookies on various pages. Cookies are small text files that are automatically stored on your terminal device. Some of the cookies we use are deleted at the end of the browser session, i.e. after closing the browser (so-called session cookies). Other cookies remain on your end device and allow us to recognize your browser on your next visit (persistent cookies). The duration of storage can be found in the overview in the cookie settings of the web browser.

In addition, we distinguish between technically necessary cookies, those that help analysis and statistical purposes, and those that help to increase our level of awareness. The latter concern cookies that are stored when our accounts on social media channels, career platforms and Twitter are called up. When you visit our website for the first time, a so-called cookie consent banner appears and you can select which cookies are stored. You can also set your browser to inform you about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cook-ie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings.

We expressly point out that the functionality of our website may be limited if cookies are not accepted.

As personal data is also processed through implemented cookies, which serve analysis and statistical purposes, the processing occurs in accordance with Art. 6 (1) lit. a GDPR based on your consent, which you give us by your corresponding selection decision in our cookie consent banner. The same applies with regard to your selection decision on social media cookies.

If personal data is also processed by implemented cookies, which are technically necessary for the operation of our website, the processing is carried out in accordance with Art. 6 (1) lit. f GDPR to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.

Your consent to the processing of cookies can be withdrawn at any time. To do so, call up our cookie consent banner again. You will find the link button to the banner on every subpage of our website at the bottom of the screen.

a. Use of Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google. “Google” is a group of companies and consists of Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland, and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, as well as other affiliated companies of Google LLC (“Google”).

Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of our website (including your IP address, which is, however, anonymized using the anonymizeIp method so that it can no longer be assigned to a connection) is transmitted to a Google server in the USA and stored there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on the behalf of “Google” behalf. Google may associate your IP ad-dress with other data held by Google.

You can refuse the installation of cookies by selecting the appropriate settings on your browser software or by deselecting the analysis and statistics cookies in our cookie consent banner. You can prevent tracking by Google Analytics by using the deactivation tools that Google offers for some Internet browsers. You can also prevent the collection of data generated by Google Analytics and related to your use of the website (including your IP address) to Google and the processing of this data by “Google” by downloading and installing the browser plugin available at the following link:

https://tools.google.com/dlpage/gaoptout?hl=de,
https://www.google.com/analytics/terms/de.html

However, we would like to point out that in this case you may not be able to use all functions of our website to their full extent.

The processing of your personal data is based on your consent pursuant to Art. 6 (1) lit. a GDPR, which you grant us by making your selection decision in the cookie consent banner. By making the corresponding selection via our cookie consent banner, you also consent to the transfer of the data collected about you to Google in the manner described above and for the aforementioned purpose (Art. 49 (1) lit. a GDPR). In particular, we would like to inform you that by giving your consent, data will be transferred to the USA and your data may thus be exposed to access by the authorities there and, in particular, the intelligence services.

Your consent to the processing of these cookies can be withdraw at any time. To do so, please call up our cookie consent banner again. You will find the link button to the banner on every subpage of our website at the bottom of the screen.

b. Use of Vimeo
To show videos, we use a plugin from the provider Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA (“Vimeo”). Videos from Vimeo are included on our website. When you visit our website, a connection to the Vimeo servers is made and the plugin is displayed. This transmits to the Vimeo server that you have visited our website. In addition, Vimeo calls up the Google Analytics tracker via an iFrame in which the video is called up. This is Vimeo’s own tracking, to which we have no access. Further information on data processing and notes on data protection by Vimeo and can be found at:

https://vimeo.com/privacy

You can prevent the installation of cookies by making the appropriate settings in your browser soft-ware or by deselecting the personalization cookies (Vimeo) or the analysis and statistics cookies (Google Analytics) in our cookie consent banner. You can prevent tracking by Google Analytics by using the deactivation tools that Google offers for some Internet browsers. You can also prevent the collection of data generated by Google Analytics and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link:

https://tools.google.com/dlpage/gaoptout?hl=de,
https://www.google.com/analytics/terms/de.html

However, we would like to point out that in this case you may not be able to use all functions of our website to their full extent.

The processing of your personal data is based on your consent pursuant to Art. 6 (1) lit. a GDPR, which you grant us by making your selection decision in the cookie consent banner. By making the corresponding selection via our cookie consent banner, you also consent to the transfer of the data collected about you to Vimeo and Google in the manner and for the purpose described above (Art. 49 (1) lit. a GDPR). We would like to inform you that by giving your consent, data will be transferred to the USA and your data may thus be exposed to access by the authorities there and in particular the intelligence services.

Your consent to the processing of these cookies can be withdrawn at any time. To do so, please call up our Cookie Consent banner again. You will find the link button to the banner on every subpage of our website at the bottom of the screen.

3. Use of Google Tag Manager
We use the service called Google Tag Manager from Google. With this service, website tags can be managed via an interface. The service does not set any cookies and does not collect any personal data itself. The Google Tag Manager ensures the loading of other components, which in turn may collect data, but does not access this data. For more information on the Google Tag Manager, please refer to the privacy policy of Google at:

https://support.google.com/tagmanager/answer/9323295?hl=de

The processing of your personal data is based on your consent pursuant to Art. 6 (1) lit. a GDPR, which you give us by making your selection decision in the cookie consent banner. By making the corresponding selection via our cookie consent banner, you also consent to the transfer of the data collected about you to Google in the manner and for the purpose described above (Art. 49 (1) lit. a GDPR). We would like to inform you in particular that by giving your consent, data will be transferred to the USA and your data may thus be exposed to access by the authorities there and in particular the intelligence services.

Your consent to the processing of these cookies can be withdrawn at any time. To do so, please call up our Cookie Consent banner again. You will find the link button to the banner on every subpage of our website at the bottom of the screen.

4. External links
We maintain online presences on social networks and career platforms in order to exchange information with the users registered there, to make contact in an uncomplicated way and to make our company better known. On our website, you will therefore find link buttons to our company profiles on social media channels such as “Facebook”, to career platforms such as “Xing” and “LinkedIn”, and to “Twitter”.

We do not use social plugins from these networks but refer to our accounts on our website exclusively by means of a link. You will therefore only be redirected to our accounts on the websites of the individual networks. Accordingly, no data is transmitted from you to the servers of these networks when you visit our website. Only when you are on the pages of the networks by means of linking, your data will be forwarded to their servers.

To be on the safe side, please log out of your respective accounts beforehand, so that a correlation between your visit to our website and your personal account of the respective social media or career platform site is not made or made more difficult by their operators.

When you click on the link buttons, the log in screen of the respective third-party site opens. If you are already logged in there at this time, you will be taken directly to our created profile.

In principle, their operators are responsible for the processing of your personal data on these external websites. However, we would like to point out the following:

a. Facebook
By pressing the “Facebook” link button, you will be taken to our company profile on Facebook. Face-book is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).

We would like to point out that you use this Facebook page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also access parts of the information offered via this page on our website.

When you visit our company profile on Facebook, Facebook collects, among other things, your IP address and other information that is present in the form of cookies on your PC. This information is used to provide us, as the operator of the Facebook profile, with statistical information about the use of the company profile.

More detailed information on this is provided by Facebook under the following link:

https://support.google.com/tagmanager/answer/9323295?hl=de

The data collected about you in this context is processed by Facebook and may be transferred to countries outside the European Union. Which information Facebook receives and how it is used is described in general terms by Facebook in its data usage guidelines. There you will also find information about contact options for Facebook as well as about the settings for advertisements. The data usage guidelines are available at the following link:

http://de-de.facebook.com/about/privacy

The full privacy policy of Facebook can be found here:

https://de-de.facebook.com/full_data-use_policy

In which way Facebook uses the data from the visit of Facebook pages for own purposes, the extent to which activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties is not clearly stated by Facebook and is not known to us.

When you access the Facebook page, the IP address assigned to your terminal device is transmitted to Facebook. According to information from Facebook, this IP address is anonymized (for “German” IP addresses). Facebook also stores information about the terminal devices of its users (e.g. as part of the “login notification” function); Facebook is thus able to assign IP addresses to individual users.

If you are currently logged in to Facebook as a user, there is a cookie with your Facebook ID on your terminal device. This enables Facebook to track that you visited this page and how you used it. This also applies to all other Facebook pages. Via in websites embedded Facebook buttons, it is possible for Facebook to record your visits to these websites and assign them to your Facebook profile. Based on this data, content or advertising can be offered tailored to you.

If you want to avoid this, you should log out of Facebook or deactivate the “stay logged in” function, delete the cookies that are on your device and close and restart your browser. In this way, Facebook information by which you can be directly identified will be deleted. This allows you to use our Facebook page without revealing your Facebook ID. When you access interactive features of the page (Like, Comment, Share, News, etc.), a Facebook login screen will appear. After any login, you will again be recognizable to Facebook as a specific user.

You can find information about how to manage or delete information about you on the following Facebook support page:

https://de-de.facebook.com/about/privacy#

You can find the current version of this data protection declaration under the item “Privacy Policy” on our Facebook page.

b. Xing
We have integrated a link button to “Xing” on our website. “Xing” is an internet-based social network that allows users to connect with existing business contacts and make new business contacts. Individual users can create personal profiles of themselves on “Xing”. Companies can, for example, create company profiles or publish job offers on “Xing”. The operating company of “Xing” is XING AG, Dammtorstraße 30, 20354 Hamburg, Germany (“Xing”).

We would like to point out that you use this Xing site and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rat-ing). Alternatively, you can access parts of the information provided via this page also on our website.

If you click the Xing button integrated on our website, Xing assigns this information to your person-al Xing user account and stores this personal data. Xing always receives information via the Xing button that you visited our website if you are logged in to Xing at the same time as calling up our website; this only takes place when you click on the Xing button.

If you do not want Xing to assign your visit to our website with your Xing user account, please log out your Xing user account before activating the Xing button. You can find Xing’s privacy policy at:

https://privacy.xing.com/en

You can find the current version of this data protection declaration under the item “Privacy Policy” on our Xing page.

c. LinkedIn
If you click the “LinkedIn” button on our website, you will be redirected to our account on “LinkedIn”. “LinkedIn” is an Internet-based social network for connecting users with existing business contacts and generating new business contacts. On “LinkedIn”, companies can create profiles or post job offers. “LinkedIn” is operated by LinkedIn Corporation, 1000 West Maude Avenue Sunnyvale, CA 94085, USA (“LinkedIn”). The responsible party in terms of data protection law for users from Germany is LinkedIn Ireland Unlimited Company, 70 Sir John Rogerson’s Quay, Dublin 2, Dublin, D02r296, Ireland (“LinkedIn”).

We would like to point out that you use this LinkedIn page and its functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rat-ing). Alternatively, you can access parts of the information provides via this page also on our web-site.

When you visit our LinkedIn page, LinkedIn collects, among other things, your IP address and other information that is present in the form of cookies on your terminal device. This information is used to provide us, as the operator of the LinkedIn page, with statistical information about the use of the LinkedIn page. More detailed information on this is provided by LinkedIn at the following link:

https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

The data collected about you in this context will be processed by LinkedIn and, if necessary, transferred to countries outside the European Union. What information LinkedIn receives and how it is used is described in general terms by LinkedIn in its data usage guidelines. There you will also find information on how to contact LinkedIn and on the settings options for advertisements. The data usage guidelines are available at the following link:

https://www.linkedin.com/legal/privacy-policy

In what way LinkedIn uses the data from the visit of LinkedIn pages for its own purposes, to what extent activities on the LinkedIn page are assigned to individual users, how long LinkedIn stores this data and whether data from a visit to the LinkedIn page is passed on to third parties, is not conclusively and clearly stated by LinkedIn and is not known to us.

When you access a LinkedIn page, the IP address assigned to your end device is transmitted to LinkedIn. According to information from LinkedIn, this IP address is anonymized (for “German” IP addresses) and deleted after 90 days. LinkedIn also stores information about the terminal devices of its users (e.g. as part of the “login notification” function); LinkedIn is thus able to assign IP ad-dresses to individual users.

If you are currently logged in to LinkedIn, a cookie with your LinkedIn ID is located on your terminal device. This enables LinkedIn to track that you visited this website and how you used it. This also applies to all other LinkedIn pages. Via LinkedIn buttons embedded in websites, it is possible for LinkedIn to record your visits to these websites and assign them to your LinkedIn profile. Based on this data, content or advertising can be offered tailored to you.

If you wish to avoid this, you should log out of LinkedIn or deactivate the “stay logged in” function, delete the cookies present on your device and close and restart your browser. In this way, LinkedIn information by which you can be directly identified will be deleted. This allows you to use our LinkedIn page without revealing your LinkedIn ID. When you access interactive features of the web-site (like, comment, share, news, etc.), a LinkedIn login screen will appear. After any login, you will again be recognizable to LinkedIn as a specific user.

For information on how to manage or delete information that exists about you, please visit the following LinkedIn support page:

https://www.linkedin.com/legal/privacy-policy

You can find the current version of this data protection declaration under the item “Privacy Policy” on our LinkedIn page.

d. Twitter
We maintain an online presence in the form of a “Twitter” page on which we provide news and communicate with users. For this purpose, we use the technical platform of the short message service “Twitter”. “Twitter” is operated by Twitter, Inc, 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”). The data controller for individuals living outside the United States is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland (“Twitter”).

We would like to point out that you use the Twitter short message service offered here and its functions under your own responsibility. This applies in particular to the use of the interactive functions (e.g. sharing, rating).

The use of this service is not required to contact us or to receive our information. Information that we publish via this service can also be found on our website in the same or similar form. In addition, you may contact us at any time via nele.dohmen@kliemt.de or via our online contact form.

The data collected about you when using the service (e.g. IP address) is processed by Twitter and may be transferred to countries outside the European Union.

This data is assigned to the data of your Twitter account or your Twitter profile. We have no influence on the type and extent of the data processed by Twitter, the type of processing and use or the transfer of this data to third parties. Information about which data is processed by Twitter and for which purposes can be found in the privacy policy of Twitter at:

https://twitter.com/privacy?lang=de

Twitter provides information on the possibility of checking one’s own data on Twitter at:

https://twitter.com/settings/your_twitter_data

Furthermore, you can request information via the Twitter data protection form or the archive re-quests:

https://twitter.com/de/privacy

https://help.twitter.com/de/managing-your-account/how-to-download-your-twitter-archive

Options to restrict the processing of your data are available in the general settings of your Twitter account. In addition, for mobile devices (smartphones, tablet computers), you can restrict the ac-cess of Twitter to contact data and calendar data, photos, location data, etc. in the settings options there. However, this depends on the operating system used. More information on this is avail-able on the following Twitter support page:

https://help.twitter.com/en/safety-and-security/twitter-privacy-settings

Via the Twitter button embedded on our website, it is possible for Twitter to record your visits to our website and assign them to your Twitter profile. Based on this data, content or advertising can be offered tailored to you. Information on this and on the available setting options can be found on the following Twitter support pages:

https://help.twitter.com/de/using-twitter/tailored-suggestions,
https://help.twitter.com/de/rules-and-policies/twitter-cookies

We ourselves do not collect or process any data from your use of the service. However, if we retweet your tweets or reply to them, or if we compose tweets that refer to your profile, we will also process the data you entered into the service, in particular your (user) name and the content published under your account, as this is included in our offer and is made available to our followers.

5. Contact form
If you contact us by e-mail, the personal data you send to us with your e-mail will be stored.

In addition, we maintain a contact form on our website to contact us. In doing so, the following data entered by you in the input screen will be transmitted to us and stored: salutation, title, first name, last name, company, position, e-mail address, message.

The data will be used exclusively to respond to your request. Unless explicitly stated in this privacy policy, the data will not be passed on to third parties. In addition, we record your IP address and the time of sending.

The fields marked with an asterisk in the input screen are mandatory fields in which you must enter the corresponding information.

The entry of your e-mail address is necessary in order to send you our reply by e-mail. At the same time, it represents your consent to the storage of your e-mail address. In this respect, the processing of your personal data is based on Art. 6 (1) lit. a GDPR. As you would like to work towards a conclusion of a contract by your e-mail, Art. 6 (1) lit. b GDPR is an additional legal basis.

The entry of further data (first name, last name, company and position) is necessary to limit the group of addressees for the response to requests. Our response regularly contains professional information. We therefore have a legitimate interest in only providing this information to actual interested parties from our target group. In addition, we have a legitimate interest in protecting against misuse and unauthorized disclosure as well as use of our professional explanations by competitors and other unauthorized third parties. With regard to this personal data, Art. 6 (1) lit. f GDPR therefore serves as the legal basis. As you would like to work towards a conclusion of a con-tract with your information, there is an additional legal basis in Art. 6 (1) lit. b GDPR.

Subject to legal retention periods, your personal data will be deleted as soon as we have finally processed your request. If you do not receive a response from us for the aforementioned reasons within a period of ten days, your personal data will also be deleted.

You can disagree to the storage of your e-mail address at any time. We would like to point out that in this case your request cannot be processed any further. You can declare the withdrawal or the objection by sending an e-mail to our e-mail address given in the imprint. An objection to the processing of further personal data (first name, surname, company and position) is not possible.

6. Newsletter
We provide a newsletter to which you can subscribe on our website. Details of the newsletter, in particular its possible contents, are named in the declaration of consent. If you subscribe to our newsletter, the data you entered in the input screen when registering for the newsletter will be transmitted to us.

For the registration to our newsletter, we use the so-called double opt-in procedure. After your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you would like us to send you the newsletter in the future. If you do not confirm your registration within the period specified in the e-mail, the data you provided will be blocked and deleted after five weeks. In addition, we store your IP address and the time of registration for the newsletter as well as the time of confirmation.

For the dispatch of the newsletter and the associated processing of your personal data, we use carefully selected external service providers. These are currently The Rocket Science Group LLC, 675 Ponce des Leon Ave, NE Suite 5000, Atlanta, GA 30308, USA (“The Rocket Science Group”), and Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin (“Sendinblue”). We use Mailchimp from “The Rocket Science Group”, a platform for email marketing and the cloud-based marketing communication software from Sendinblue. The aforementioned service providers may process your personal data only according to our instructions for the purpose specified by us within the framework of a commissioned data agreement pursuant to Art. 28 GDPR and have been obligated to comply with the applicable data protection provisions. Your personal data disclosed in connection with this processing may only be stored for the purpose of dispatching the newsletter. Any other use of your personal data is not permitted. Please note, however, that American authorities, such as intelligence services, may be able to access this personal data due to American laws such as the Cloud Act.

To subscribe for the newsletter, you must enter your data (title, first name, last name, company, position, e-mail address) in the corresponding input fields. After your confirmation, we will store your e-mail address in order to send you the newsletter. The storage of your e-mail address and the transfer of your e-mail address to the aforementioned service providers are based on Art. 6 (1) lit. a GDPR and Art. 49 (1) lit. a GDPR.

Your further personal data entered in the input screen will be processed by us in order to limit the group of addressees for the dispatch of the newsletter. Our newsletter also contains professional information that only actual interested parties from our target group should receive and against whose misuse and unauthorized disclosure as well as use by competitors and other unauthorized third parties we legitimately wish to and are permitted to protect ourselves. Based on this legitimate interest, Art. 6 (1) lit. f GDPR therefore serves as the legal basis for the processing of this personal data. A transfer of your further personal data to the aforementioned service providers does not take place. We store the respective IP address and the times of registration and confirmation in order to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. This is also our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR, which serves as the legal basis for the processing of this personal data. If the processing of your personal data is based on Art. 6 (1) lit. f GDPR, there is no possibility to object.

Your personal data will be deleted as soon as they are no longer necessary for achieving the above purposes. We therefore store your aforementioned data as long as you have subscribed to the newsletter.

You can withdraw your consent to receive the newsletter at any time by unsubscribing by clicking on the link contained in each of the newsletter e-mails sent to you.

F. Data recipients
Your data may be shared by us, for example, to external service providers (e.g. IT service providers, companies that destroy or archive data, cloud providers). We only transfer your data to third par-ties if we are authorized under data protection law.

The transfer of data to third parties is based either on the fulfilment of legal obligations, legitimate interests, the need to fulfil a contract or on the basis of any consent given. If the external service provider acts as a processor, the transfer of data takes place within the framework of a contract processing agreement.

If a transfer of data to processors in countries outside the European Economic Area (EEA) should be necessary, this will take place on the basis of the EU standard contractual clauses or regarding countries to which an adequacy decision of the EU is existing.

G. Your rights as a data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights against us as the controller:

1. Right to information
You may request confirmation from us as to whether your personal data is being processed by us. If such processing is taking place, you may request information from us pursuant to Art. 15 GDPR about the following:

1. the purposes for which the personal data are processed
2. the categories of personal data which are processed
3. the recipients or categories of recipients to whom your personal data have been or will be disclosed
4. the planned duration of the storage of your personal data or, if concrete information on this is not possible, criteria for determining the storage duration
5. the existence of a right to rectification or erasure of your personal data, or restriction of processing by us or a right to object to such processing
6. the existence of a right to lodge a complaint with a supervisory authority
7. any available information about the origin of the data, if the personal data are not collect-ed from the data subject
8. the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing on you.

Furthermore, you have the right to request information about whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.

2. Right to rectification
Pursuant to Art. 16 GDPR, you have a right to obtain the rectification and/or completion from us if the processed data concerning you are inaccurate and/or incomplete. We shall carry out the rectification without undue delay.

3. Right to restriction of processing
Under the following conditions, you may request the restriction of the processing of personal data concerning you in accordance with Art. 18 GDPR:

1. if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data
2. the processing is unlawful and you oppose to the erasure of the personal data and request instead the restriction of the use of the personal data
3. we no longer need the personal data for the purposes of processing, but you need it for the establishment, exercise or defence of legal claims; or
4. if you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether our legitimate grounds override your grounds

If the processing of personal data concerning you has been restricted, such data may – apart from being stored – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or a Member State. You will be informed by us before the restriction is lifted.

4. Right to erasure
a. Obligation to delete
Pursuant to Art. 17 GDPR, you may request that we erase the personal data concerning you without undue delay. We are obliged to delete this data without delay if one of the following reasons applies:

1. the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed
2. your consent, on which the processing was based pursuant to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR, is withdrawn by you and there is no other legal basis for the processing
3. you object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing
4. you object to the processing pursuant to Art. 21 (2) GDPR
5. the personal data concerning you have been processed unlawfully
6. the erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject
7. the personal data concerning you have been collected in relation to the offer of information society services pursuant to Art. 8 (1) GDPR

b. Information to third parties
If we have made your personal data public and if we are obliged to erase it pursuant to Art. 17 (1) GDPR, we shall take reasonable steps, including technical measures, taking account of available technology and the cost of implementation, to inform data controllers which are processing the personal data, that you, as the data subject, have requested them to erase all links to, or copies or replications of, those personal data.

c. Exceptions to the right to erasure
The right to erasure does not exist as far as the processing is necessary:

1. for exercising the right of freedom of expression and information
2. for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us
3. for reasons of public interest in the area of public health pursuant to Art. 9 (2), (h) and (i) and Art. 9 (3) GDPR
4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, in so far as the right referred to in Section 1 is likely to render impossible or seriously impair the achievement of the purposes of such processing
5. for the establishment, exercise or defence of legal claims

d. Right to information
If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged pursuant to Art. 19 GDPR to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

f. Right to data portability
In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable form. You also have the right to transfer this data to another controller to whom the personal data has been provided without hindrance from us, if

1. the processing is based on consent pursuant to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) lit. b GDPR and
2. the processing is carried out with the help of automated means

In exercising this right, you also have the right to obtain that the personal data concerning you are transferred directly from one controller to another controller, in so far as this is technically feasible. Freedoms and rights of other persons may not be affected by this.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

g. Right to object
Pursuant to Art. 21 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 (1) lit. e or lit. f GDPR; this also applies to profiling based on those provisions. The objection must be substantiated.

Upon receiving your objection, we will no longer process the personal data concerning you, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establishment, exercise or defend legal claims.

If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, in so far as it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for those purposes.

You have the possibility, in context of the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by automated means using technical specifications.

h. Right to withdraw the declaration of consent under data protection law
Pursuant to Art. 7 (3) GDPR, you have the right to withdraw your declaration of consent under data protection law – even before the GDPR came into force (25.05.2018) – at any time. The withdrawal does not affect the lawfulness of the processing carried out based on the consent until the withdrawal. The withdrawal of consent can be declared via e-mail, letter or telephone to our contact details above.

i. Automated decision in individual cases including profiling
Pursuant to Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

1. is necessary for entering into, or performance of, a contract between you and us; or
2. is authorised on the basis of Union or the Member States law to which we are subject, and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
3. is based on your explicit consent

Though, these decisions must not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or lit. g GDPR applies and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests.

With regard to the cases mentioned in points 1 and 3, we take reasonable steps to safeguard your rights and freedoms as well as your legitimate interests, including the right to obtain the intervention of a person on our side, to express your point of view and to challenge the decision.

j. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.