Data privacy policy

Data privacy policy

Preamble

With the following privacy policy, we aim to inform you about the types, purposes, and scope of the processing of your personal data (hereinafter also referred to as "data"). This privacy policy applies to all our processing of personal data, both in the context of providing our services and, in particular, on our websites, mobile applications, and within external online presences, such as our social media profiles (collectively referred to as "online services").

The terms used are not gender-specific.

Date: October 30, 2023

Table of Contents

Responsible Party

One Passion GmbH
Werner-von-Siemens-Straße 6
86159 Augsburg - Germany

E-Mail:

info@one-passion.com

Imprint:

https://one-passion.com/de/impressum/

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Processed Data:

  • Inventory data.
  • Payment data.
  • Location data.
  • Contact details.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication, and procedural data.
  • Applicant data.

Special Categories of Data:

  • Health data.
  • Data concerning sexual life or sexual orientation.
  • Religious or philosophical beliefs.
  • Data revealing racial or ethnic origin.

Categories of Data Subjects:

  • Kunden.
  • employed
  • Interested parties.
  • Communication partner.
  • User.
  • Applicant.
  • Business and contractual partners.
  • Students/participants.
  • Individuals depicted.

Purposes of Processing:

  • Provision of contractual services and contractual obligations.
  • Contact requests and communication.
  • Security measures.
  • Reach measurement.
  • Office and organizational procedures.
  • Administration and answering of inquiries.
  • Application procedures.
  • Feedback.
  • Marketing.
  • Profiles with user-related information.
  • Provision of our online services and usability.
  • Information technology infrastructure.

Relevant Legal Bases

Relevant legal bases according to the GDPR: Below, you will find an overview of the legal bases of the GDPR, on which we base the processing of personal data. Please note that in addition to the provisions of the GDPR, national data protection provisions in your or our residential or seat country may apply. Furthermore, if more specific legal bases are relevant in individual cases, we will inform you in the privacy policy.

  • Consent (Art. 6 Para. 1 S. 1 lit. a GDPR) - The data subject has given their consent to the processing of personal data relating to them for one or more specific purposes.
  • Performance of a contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR) - Processing is necessary for the performance of a contract of which the data subject is a party, or for the performance of pre-contractual measures that take place at the request of the data subject.
  • Legal obligation (Art. 6 Para. 1 S. 1 lit. c GDPR) - Processing is necessary to fulfill a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR) - Processing is necessary to protect the legitimate interests of the controller or a third party, provided that the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, do not outweigh them.
  • Application procedures as a pre-contractual or contractual relationship (Art. 6 Para. 1 S. 1 lit. b GDPR) – If special categories of personal data within the meaning of Art. 9 Para. 1 GDPR (e.g., health data, such as the status of being severely disabled or ethnic origin) are requested from applicants in the context of the application procedure so that the controller or the data subject can exercise the rights arising from labor law and the law of social security and social protection and fulfill his or her respective duties, their processing is carried out according to Art. 9 Para. 2 lit. b GDPR. In the case of protecting vital interests of applicants or other persons according to Art. 9 Para. 2 lit. c GDPR, or for purposes of preventive healthcare or occupational medicine, for the assessment of the employee's work capacity, for medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems and services according to Art. 9 Para. 2 lit. h GDPR. In the case of communication of special categories of data based on voluntary consent, their processing is based on Art. 9 Para. 2 lit. a GDPR.
  • Processing of special categories of personal data concerning healthcare, profession, and social security (Art. 9 Para. 2 lit. h GDPR).
  • Consent to the processing of special categories of personal data (Art. 9 Para. 2 lit. a GDPR).
  • Processing of special categories of personal data to protect vital interests (Art. 9 Para. 2 lit. c GDPR).

National Data Protection Regulations in Germany: n addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains special regulations, particularly regarding the right to information, the right to deletion, the right to object, the processing of special categories of personal data, the processing for other purposes, and the transmission and automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Note on the applicability of GDPR and Swiss DSG: These data protection notices serve both the information requirements under the Swiss Federal Data Protection Act (Swiss DSG) and the General Data Protection Regulation (GDPR). Therefore, please note that due to the broader territorial application and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms used in the Swiss DSG, such as "processing" of "personal data," "overriding interest," and "particularly sensitive personal data," the terms "processing" of "personal data" and "legitimate interest" and "special categories of data" as used in the GDPR are applied. However, the legal meaning of the terms will continue to be determined according to the Swiss DSG within its scope of application.

Security Measures

We implement appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access, input, transfer, availability, and separation of the data. We have also established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data breaches. Furthermore, we consider the protection of personal data during the development or selection of hardware, software, and procedures according to the principles of data protection by design and by default.

IP Address Anonymization: If IP addresses are processed by us or by the service providers and technologies we use, and the processing of a full IP address is not necessary, the IP address is shortened (also referred to as "IP masking"). In this process, the last two digits or the last part of the IP address after a dot are removed or replaced with placeholders. This anonymization is intended to prevent or significantly hinder the identification of a person through their IP address.

TLS/SSL Encryption (https): To protect the data of users transmitted via our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured by an SSL/TLS certificate.

International Data Transfers

Data Processing in Third Countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if the processing takes place in the context of using third-party services or disclosing or transferring data to other persons, entities, or companies, this will only occur in compliance with the legal requirements. If the level of data protection in the third country is recognized by an adequacy decision (Art. 45 GDPR), this serves as the basis for data transfers. Otherwise, data transfers will only take place if the level of data protection is ensured by other means, particularly through standard contractual clauses (Art. 46(2)(c) GDPR), explicit consent, or in cases of contractual or legally required transfers (Art. 49(1) GDPR). We will inform you of the bases of third-country transfers in the case of the respective service providers from third countries, where adequacy decisions take precedence. Information on third-country transfers and existing adequacy decisions can be found in the EU Commission’s information: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de.

U-US Trans-Atlantic Data Privacy Framework: As part of the so-called "Data Privacy Framework" (DPF), the EU Commission also recognized the level of data protection for certain companies from the USA as secure within the adequacy decision of 10.07.2023. The list of certified companies and further information about the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English). We will inform you in the data protection information about which service providers used by us are certified under the Data Privacy Framework.

Data Deletion

The data we process will be deleted in accordance with legal requirements as soon as the consent granted for their processing is revoked or other permissions cease to apply (e.g., if the purpose for processing these data no longer exists or they are no longer necessary for that purpose). If the data are not deleted because they are required for other legally permissible purposes, their processing will be restricted to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or to protect the rights of another natural or legal person. As part of our data protection notices, we may provide users with additional information on the deletion and retention of data, which specifically applies to the respective processing operations.

Rights of the Data Subjects

As a data subject under the GDPR, you have various rights, particularly those set out in Articles 15 to 21 GDPR:

  • Right to Object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw your consent at any time.
  • Right of Access: You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain additional information as specified by law, including a copy of the data.
  • Right to Rectification: You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and to have incomplete personal data completed.
  • Right to Erasure and Restriction of Processing: You have the right to obtain the erasure of personal data concerning you without undue delay, or alternatively to obtain restriction of processing as provided by law.
  • Right to Data Portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another controller without hindrance from us.
  • Right to Lodge a Complaint with a Supervisory Authority: Entsprechend den gesetzlichen Vorgaben und unbeschadet eines anderweitigen verwaltungsrechtlichen oder gerichtlichen Rechtsbehelfs, haben Sie ferner das Recht, bei einer Datenschutzaufsichtsbehörde, insbesondere einer Aufsichtsbehörde im Mitgliedstaat, in dem Sie sich gewöhnlich aufhalten, der Aufsichtsbehörde Ihres Arbeitsplatzes oder des Ortes des mutmaßlichen Verstoßes, eine Beschwerde einzulegen, wenn Sie der Ansicht sei sollten, dass die Verarbeitung der Ihre Person betreffenden personenbezogenen Daten gegen die DSGVO verstößt.

Use of Cookies

Cookies are small text files or other storage markers that store information on end devices and read information from end devices. For example, they can store the login status in a user account, the contents of a shopping cart in an online store, the contents accessed, or the functions used on an online offer. Cookies can also be used for various purposes, such as ensuring the functionality, security, and comfort of online offers, as well as creating analyses of visitor flows.

Consent Notice: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users, except when it is not legally required. Consent is not necessary, particularly if the storage and reading of information, including cookies, are strictly necessary to provide users with a telemedia service they have explicitly requested (i.e., our online offer). Necessary cookies typically include cookies with functions related to displaying and running the online offer, load balancing, security, storing user preferences and choices, or other purposes related to providing the main and auxiliary functions of the online offer requested by the users. The revocable consent is clearly communicated to users and includes information about the respective cookie usage.

Legal Basis Information: The legal basis on which we process users' personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the given consent. Otherwise, the data processed by cookies are based on our legitimate interests (e.g., for the economic operation of our online offer and improving its usability) or, if necessary, to fulfill our contractual obligations if the use of cookies is required to meet these obligations. We clarify the purposes for which cookies are processed in the course of this privacy policy or within our consent and processing procedures.

Storage Duration: Regarding the storage duration, the following types of cookies are distinguished:

  • Temporary Cookies (also: Session Cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their end device (e.g., browser or mobile application).
  • Permanent Cookies: Permanent cookies remain stored even after closing the end device. For example, the login status can be saved or preferred content displayed directly when the user visits a website again. Likewise, data collected with the help of cookies can be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and that the storage duration can be up to two years.

General Notes on Withdrawal and Objection (so-called "Opt-Out"): Users can withdraw the consents they have given at any time and object to processing in accordance with the legal requirements. Among other things, users can restrict the use of cookies in their browser settings (though this may also limit the functionality of our online offer). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/ .

  • Legal Basis: Legitimate Interests (Art. 6 Abs. 1 S. 1 lit. f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

  • Complianz: Cookie Consent Management; Service Provider: Implementation on servers and/or computers under its own data protection responsibility; Website: https://complianz.io/; Privacy Policy: https://complianz.io/legal/. Further Information: An individual user ID, language, types of consents, and the time of their submission are stored server-side and in the cookie on the user's device.

Commercial Services

We process data from our contractual and business partners, such as customers and prospects (collectively referred to as "contractual partners"), within the framework of contractual and similar legal relationships, as well as related measures and communication with the contractual partners (or pre-contractually), e.g., to respond to inquiries.

We process this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations, and remedies for warranty and other service disruptions. Furthermore, we process the data to safeguard our rights and for the purposes of administrative tasks associated with these obligations and corporate organization. Additionally, we process the data based on our legitimate interests in proper and economic business management and security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information, and rights (e.g., involving telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities). Within the framework of applicable law, we only pass on the data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Further forms of processing, e.g., for marketing purposes, are communicated to the contractual partners within this privacy policy.

Which data is required for the aforementioned purposes is communicated to the contractual partners before or during the data collection, e.g., in online forms, by special labeling (e.g., colors) or symbols (e.g., asterisks), or personally.

We delete the data after the expiry of statutory warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., as long as it has to be retained for legal reasons. The statutory retention period for tax-relevant documents, as well as commercial books, inventories, opening balances, annual financial statements, the instructions necessary for understanding these documents, and other organizational documents and booking receipts, is ten years, and for received commercial and business letters and reproductions of sent commercial and business letters, six years. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance, the annual financial statement or the management report was prepared, the commercial or business letter was received or sent, or the booking receipt was created, furthermore, the recording was made, or the other documents were created.

To provide our services, we may use third-party providers or platforms, in which case the terms and conditions and privacy notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

  • Processed Data Types: Inventory Data: Names, addresses Payment Data: Bank details, invoices, payment history Contact Data: Email, phone numbers Contract Data: Contract subject, duration, customer category Special Categories of Personal Data: Health data, data on sexual life or orientation, religious or ideological beliefs, data revealing racial and ethnic origin
  • Affected Individuals: Interested Parties: Potential customers Business and Contractual Partners: Partners involved in business dealings Students/Trainees/Participants: Individuals participating in educational and training programs Customers: Clients utilizing services or products
  • Persons concerned: Interested parties; business and contractual partners; pupils/ students/ participants. Customers.
  • Purposes of Processing: Provision of Contractual Services and Fulfillment of Contractual Obligations: Ensuring the delivery and performance of agreed services, updates, and handling of warranties or other service issues Contact Inquiries and Communication: Managing communication with interested parties and partners Office and Organizational Procedures: Administrative tasks related to business operations Management and Response to Inquiries: Handling inquiries and requests effectively
  • Legal Basis: Contract Performance and Pre-contractual Inquiries (Art. 6 Para. 1 Sentence 1 lit. b) GDPR): Data processing necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract Legal Obligation (Art. 6 Para. 1 Sentence 1 lit. c) GDPR): Processing necessary for compliance with a legal obligation to which the controller is subject Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR): Processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party

Further Information on Processing Procedures, Methods, and Services:

  • Educational and Training Services: We process the data of participants in our educational and training offerings (referred to as "trainees") to deliver our training services. The type, scope, purpose, and necessity of processing are determined by the underlying contractual and training relationship. Processing forms include performance evaluation and assessment of our services and those of the trainers. In our work, we may also process special categories of data, particularly health information of the trainees and data revealing their ethnic origin, political opinions, religious or philosophical beliefs. We obtain explicit consent from the trainees if required and otherwise process these special categories of data only if necessary for delivering the training services, health care purposes, social protection, or protecting the vital interests of the trainees; Legal Basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 lit. b) GDPR).
  • Coaching: Wir verarbeiten die Daten unserer Klienten sowie Interessenten und anderer Auftraggeber oder Vertragspartner (einheitlich bezeichnet als „Klienten“), um ihnen gegenüber unsere Leistungen erbringen zu können. Die verarbeiteten Daten, die Art, der Umfang, der Zweck und die Erforderlichkeit ihrer Verarbeitung bestimmen sich nach dem zugrundeliegenden Vertrags- und Klientenverhältnis.In Rahmen unserer Tätigkeit können wir ferner besondere Kategorien von Daten, hier insbesondere Angaben zur Gesundheit der Klienten, ggf. mit Bezug zu deren Sexualleben oder der sexuellen Orientierung, sowie Daten, aus denen die rassische und ethnische Herkunft, politische Meinungen, religiöse oder weltanschauliche Überzeugungen oder die Gewerkschaftszugehörigkeit hervorgehen, verarbeiten. Hierzu holen wir, sofern erforderlich, eine ausdrückliche Einwilligung der Klienten ein und verarbeiten die besonderen Kategorien von Daten ansonsten sofern dies der Gesundheit der Klienten dient, die Daten öffentlich sind oder andere gesetzliche Erlaubnisse vorliegen.

    Sofern es für unsere Vertragserfüllung, zum Schutz lebenswichtiger Interessen oder gesetzlich erforderlich ist, bzw. eine Einwilligung der Klienten vorliegt, offenbaren oder übermitteln wir die Daten der Klienten unter Beachtung der berufsrechtlichen Vorgaben an Dritte oder Beauftragte, wie z. B. Behörden, Abrechnungsstellen sowie im Bereich der IT, der Büro- oder vergleichbarer Dienstleistungen;
    Legal Basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 lit. b) GDPR).

  • Consulting: We process the data of our clients, mandates, as well as interested parties and other clients or contractual partners (collectively referred to as "clients") to provide our consulting services to them. The processed data, type, scope, purpose, and necessity of their processing are determined by the underlying contractual and client relationship. If necessary for our contract fulfillment, to protect vital interests, or required by law, or with the client's consent, we disclose or transfer the clients' data to third parties or contractors, such as authorities, subcontractors, or IT, office, or similar service providers.
    Legal Basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 lit. b) GDPR).
  • Online Courses and Online Training We process the data of participants in our online courses and online training (collectively referred to as "participants") to deliver our course and training services to them. The processed data, type, scope, purpose, and necessity of their processing are determined by the underlying contractual relationship. The data typically includes information about the courses and services used and, if part of our service offering, personal settings and results of the participants. Processing forms include performance evaluation and the assessment of our services as well as those of the course and training leaders. Legal Basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 lit. b) GDPR).
  • Project and Development Services We process the data of our customers and clients (collectively referred to as "customers") to enable them to select, acquire, or commission the chosen services or works and related activities, as well as their payment and provision or execution. The required information is indicated as such during the order, purchase, or similar contract conclusion and includes the data needed for service provision and billing, as well as contact information for potential follow-up inquiries. If we access information about end customers, employees, or other individuals, we process it in accordance with legal and contractual requirements. Legal Basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 lit. b) GDPR).
    Legal Basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 lit. b) GDPR).
  • Provision of Software and Platform Services We process the data of our users, registered and potential test users (collectively referred to as "users"), to provide our contractual services to them and, based on legitimate interests, to ensure the security and further development of our offering. The required information is indicated as such during the order, purchase, or similar contract conclusion and includes the data needed for service provision and billing, as well as contact information for potential follow-up inquiries. Legal Basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 lit. b) GDPR).
  • Business Consulting We process the data of our customers, clients, as well as interested parties and other clients or contractual partners (collectively referred to as "customers") to provide our contractual or pre-contractual services, particularly consulting services, to them. The processed data, type, scope, purpose, and necessity of their processing are determined by the underlying contractual and business relationship. If necessary for our contract fulfillment or legally required, or with the customer's consent, we disclose or transfer the customers' data to third parties or contractors, such as authorities, courts, or IT, office, or similar service providers.
    Legal Basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 lit. b) GDPR).
  • Events and Activities Wir verarbeiten die Daten der Teilnehmer der von uns angebotenen oder ausgerichteten Veranstaltungen, Events und ähnlichen Aktivitäten (nachfolgend einheitlich als „Teilnehmer“ und „Veranstaltungen“ bezeichnet), um ihnen die Teilnahme an den Veranstaltungen und Inanspruchnahme der mit der Teilnahme verbundenen Leistungen oder Aktionen zu ermöglichen.Sofern wir in diesem Rahmen gesundheitsbezogene Daten, religiöse, politische oder sonstige besondere Kategorien von Daten verarbeiten, dann erfolgt diese im Rahmen der Offenkundigkeit (z. B. bei thematisch ausgerichteten Veranstaltungen oder dient der Gesundheitsvorsorge, Sicherheit oder erfolgt mit Einwilligung der Betroffenen).

    Die erforderlichen Angaben sind als solche im Rahmen des Auftrags-, Bestell- bzw. vergleichbaren Vertragsschlusses gekennzeichnet und umfassen die zur Leistungserbringung und Abrechnung benötigten Angaben sowie Kontaktinformationen, um etwaige Rücksprachen halten zu können. Soweit wir Zugang zu Informationen der Endkunden, Mitarbeitern oder anderer Personen erhalten, verarbeiten wir diese im Einklang mit den gesetzlichen und vertraglichen Vorgaben;
    Legal Basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 lit. b) GDPR).

Providers and Services Used in Business Operations

Within the scope of our business operations, we utilize additional services, platforms, interfaces, or plug-ins from third-party providers (collectively referred to as "services") in compliance with legal requirements. Their use is based on our interests in orderly, lawful, and economical management of our business operations and internal organization.

  • Processed Data Types: Inventory data (e.g., names, addresses) Payment data (e.g., bank details, invoices, payment history) Contact data (e.g., email, phone numbers) Content data (e.g., entries in online forms) Contract data (e.g., contract subject, duration, customer category)
  • Persons concerned: Customers Interested parties Users (e.g., website visitors, users of online services) Business and contract partners Employees (e.g., employees, applicants, former employees)
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations Office and organizational procedures
  • Legal Basis: Legitimate Interests (Art. 6 Abs. 1 S. 1 lit. f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

Provision of Online Services and Web Hosting

We process users' data to provide our online services. For this purpose, we process the user's IP address, which is necessary to deliver the content and features of our online services to the user's browser or device.

  • Processed Data Types: Usage data (e.g., visited websites, interest in content, access times) Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, consent status)
  • Persons Concerned: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our online offering and user-friendliness Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.))
  • Legal Basis: Legitimate Interests (Art. 6 Abs. 1 S. 1 lit. f) GDPR).

Blogs and Publication Media

We use blogs or comparable means of online communication and publication (hereinafter referred to as "Publication Medium"). The data of readers is processed only to the extent necessary for the display of the medium and communication between authors and readers or for security reasons. For further information on the processing of visitors' data to our Publication Medium, please refer to these privacy notices.

  • Processed Data Types: Inventory data (e.g., names, addresses) Contact data (e.g., email, phone numbers) Content data (e.g., entries in online forms) Usage data (e.g., visited websites, interest in content, access times) Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, consent status)
  • Persons Concerned: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations Feedback (e.g., collection of feedback via online form) Provision of our online offering and user-friendliness
  • Legal Basis: Legitimate Interests (Art. 6 Abs. 1 S. 1 lit. f) GDPR).

Contact and Inquiry Management

When contacting us (e.g., by post, contact form, email, telephone, or via social media) as well as within the context of existing user and business relationships, the details of the inquiring persons are processed to the extent necessary to respond to the contact inquiries and any requested measures.

  • Processed Data Types: Contact data (e.g., email, phone numbers) Content data (e.g., entries in online forms) Usage data (e.g., visited websites, interest in content, access times) Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, consent status)
  • Persons concerned: Communication partner.
  • Purposes of Processing: Contact inquiries and communication Administration and response to inquiries Feedback (e.g., collection of feedback via online form) Provision of our online offering and user-friendliness
  • Legal Basis: Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR) Contract performance and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 lit. b) GDPR)

Further Information on Processing Procedures, Methods, and Services:

  • Contact Form When users contact us via our contact form, email, or other communication channels, we process the data provided in connection with the inquiry to handle the reported concern. Legal Basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 lit. b) GDPR) Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR)

Video Conferences, Online Meetings, Webinars, and Screen Sharing

We utilize platforms and applications from other providers (hereinafter referred to as "conference platforms") for the purposes of conducting video and audio conferences, webinars, and other types of video and audio meetings (hereinafter collectively referred to as "conference"). When selecting conference platforms and their services, we comply with legal requirements.

Data Processed by Conference Platforms: Im Rahmen der Teilnahme an einer Konferenz verarbeiten die Konferenzplattformen die im Folgenden genannten personenbezogene Daten der Teilnehmer. Der Umfang der Verarbeitung hängt zum einen davon ab, welche Daten im Rahmen einer konkreten Konferenz gefordert werden (z. B. Angabe von Zugangsdaten oder Klarnamen) und welche optionalen Angaben durch die Teilnehmer getätigt werden. Neben der Verarbeitung zur Durchführung der Konferenz, können die Daten der Teilnehmer durch die Konferenzplattformen ebenfalls zu Sicherheitszwecken oder Serviceoptimierung verarbeitet werden. Zu den verarbeiteten Daten gehören Daten zur Person (Vorname, Nachname), Kontaktinformationen (E-Mail-Adresse, Telefonnummer), Zugangsdaten (Zugangscodes oder Passwörter), Profilbilder, Angaben zur beruflichen Stellung/Funktion, die IP-Adresse des Internetzugangs, Angaben zu den Endgeräten der Teilnehmer, deren Betriebssystem, dem Browser und dessen technischen und sprachlichen Einstellungen, Informationen zu den inhaltlichen Kommunikationsvorgängen, d. h. Eingaben in Chats sowie Audio- und Videodaten, als auch die Nutzung anderer zur Verfügung stehender Funktionen (z. B. Umfragen). Inhalte der Kommunikationen werden in dem durch die Konferenzanbieter technisch bereitgestellten Umfang verschlüsselt. Wenn die Teilnehmer bei den Konferenzplattformen als Benutzer registriert sind, dann können weitere Daten entsprechend der Vereinbarung mit dem jeweiligen Konferenzanbieter verarbeitet werden.

Logging and Recordings: If text inputs, participation results (e.g., from polls), or video or audio recordings are logged, this will be transparently communicated to the participants in advance, and they will be asked for their consent if required.

Data Protection Measures for Participants: Please refer to the data protection notices of the conference platforms for details on how your data is processed and choose the security and data protection settings that are optimal for you within the settings of the conference platforms. Furthermore, ensure the protection of data and personal privacy in the background of your recording during a video conference (e.g., by informing housemates, locking doors, and using background blur features if technically possible). Links to conference rooms and access data must not be shared with unauthorized third parties.

Legal Basis Notes: If we process users' data in addition to the conference platforms and request users' consent for the use of the conference platforms or certain functions (e.g., consent to record conferences), the legal basis for the processing is this consent. Furthermore, our processing may be necessary for fulfilling our contractual obligations (e.g., in participant lists, for post-conference processing of discussion results, etc.). Additionally, users' data is processed based on our legitimate interests in efficient and secure communication with our communication partners.

  • Processed Data Types: Inventory data (e.g., names, addresses) Contact data (e.g., email, phone numbers) Content data (e.g., entries in online forms) Usage data (e.g., visited websites, interest in content, access times) Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, consent status)
  • Persons concerned: Communication partners Users: (e.g., website visitors, users of online services) Depicted individuals
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations Handling contact inquiries and communication Office and organizational procedures
  • Legal Basis: Legitimate Interests (Art. 6 Abs. 1 S. 1 lit. f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

Application Procedures

The application process requires applicants to provide the necessary data for their assessment and selection. The required information is specified in the job description or in online forms, if applicable.

In general, the required information includes personal details such as name, address, contact information, and proof of the qualifications necessary for the position. We are happy to provide additional information upon request.

Applicants can submit their applications through an online form if available. The data will be transmitted to us encrypted according to the state of the art. Applicants can also send their applications via email. However, please note that emails are generally not encrypted when sent over the Internet. Emails are typically encrypted during transmission, but not on the servers from which they are sent and received. Therefore, we cannot take responsibility for the transmission path of the application between the sender and our server.

For the purposes of applicant search, application submission, and applicant selection, we may use applicant management or recruitment software and platforms and services from third-party providers, in compliance with legal requirements.

Applicants are welcome to contact us regarding the method of application submission or send their application by post.

Processing of Special Categories of Data: Insofar as special categories of personal data (Art. 9 Para. 1 GDPR, e.g., health data, such as severe disability or ethnic origin) are requested from applicants during the application process, their processing is carried out so that the controller or the data subject can exercise the rights arising from labor law and social security and social protection law, and comply with their related obligations. This also applies in cases where processing is necessary to protect the vital interests of the applicants or other persons, for health care or occupational medicine purposes, to assess the working capacity of the employee, for medical diagnosis, for the provision of health or social care or treatment, or for the management of health or social care systems and services.

Deletion of Data: The data provided by applicants may be further processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a job offer is not successful, the applicant's data will be deleted. Applicant data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. Deletion occurs, subject to a justified revocation by the applicants, no later than six months after the application process, so that we can answer any follow-up questions regarding the application and comply with our obligations under the equal treatment regulations. Invoices for any travel expense reimbursements are archived in accordance with tax regulations.

Inclusion in an Applicant Pool Inclusion in an applicant pool, if offered, is based on consent. Applicants are informed that their consent to be included in the talent pool is voluntary, does not affect the current application process, and that they can revoke their consent at any time for the future.

Duration of Data Retention in the Applicant Pool:

Twelve months

  • Processed Data Types: Inventory data: e.g., names, addresses Contact data: e.g., email, phone numbers Content data: e.g., entries in online forms Applicant data: e.g., personal information, postal and contact addresses, application documents, such as cover letters, resumes, certificates, and additional information provided by applicants regarding a specific position or voluntarily
  • Persons concerned: Applicant.
  • Purposes of Processing: Application procedures (initiation, potential subsequent execution, and possible termination of the employment relationship)
  • Legal Basis: Application procedures as a pre-contractual or contractual relationship (Art. 6 Para. 1 Sentence 1 lit. b) GDPR) Processing of special categories of personal data in the context of healthcare, profession, and social security (Art. 9 Para. 2 lit. h) GDPR) Consent for processing special categories of personal data (Art. 9 Para. 2 lit. a) GDPR) Processing of special categories of personal data to protect vital interests (Art. 9 Para. 2 lit. c) GDPR) Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR)

Further Information on Processing Procedures, Methods, and Services:

Cloud Services

We use software services accessible via the internet and executed on the servers of their providers (so-called "cloud services," also known as "Software as a Service") for the storage and management of content (e.g., document storage and management, exchange of documents, content and information with specific recipients, or publication of content and information).

In this context, personal data may be processed and stored on the servers of the providers, insofar as these are part of communication processes with us or are otherwise processed by us as laid out in this privacy policy. This data may include, in particular, master and contact data of users, data related to transactions, contracts, other processes, and their content. The providers of the cloud services also process usage data and metadata, which they use for security purposes and service optimization.

If we provide forms or other documents and content for other users or publicly accessible websites with the help of cloud services, the providers may store cookies on the users' devices for web analytics purposes or to remember user settings (e.g., in the case of media control).

  • Processed Data Types: Inventory data (e.g., names, addresses) Contact data (e.g., email, phone numbers) Content data (e.g., entries in online forms) Usage data (e.g., visited websites, interest in content, access times) Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, consent status)
  • Persons concerned: Customers Employees (e.g., employees, applicants, former employees) Interested parties Communication partners
  • Purposes of Processing: Office and organizational procedures Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.))
  • Legal Basis: Legitimate Interests (Art. 6 Abs. 1 S. 1 lit. f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

Web Analytics, Monitoring, and Optimization

Web analysis (also referred to as "reach measurement") is used to evaluate the visitor traffic to our online offering and may include pseudonymous values related to the behavior, interests, or demographic information of visitors, such as age or gender. With the help of reach analysis, we can determine, for example, when our online offering or its functions or content are most frequently used or encourage reuse. We can also identify which areas require optimization.

In addition to web analysis, we may use testing procedures to test and optimize different versions of our online offering or its components.

Unless otherwise specified below, profiles (i.e., data compiled into a user process) may be created for these purposes, and information may be stored in a browser or on a device and read from it. The collected information includes, in particular, visited websites and the elements used there, as well as technical information such as the browser used, the computer system used, and usage times. If users have consented to the collection of their location data with us or with the providers of the services we use, location data may also be processed.

The IP addresses of users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear data of users (such as email addresses or names) are stored as part of web analysis, A/B testing, and optimization, but pseudonyms are used. This means that neither we nor the providers of the software used know the actual identity of the users, only the information stored in their profiles for the purposes of the respective procedures.

Settings/Opt-out Options:

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

  • Processed Data Types: Usage data (e.g., visited websites, interest in content, access times) Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, consent status)
  • Persons Concerned: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Reach Measurement: Access statistics (e.g., access statistics, detection of returning visitors) Profiles with user-related information (creation of user profiles) Provision of our online offering and user-friendliness
  • Security Measures IP masking (pseudonymization of the IP address).
  • Legal Basis: Legitimate Interests (Art. 6 Abs. 1 S. 1 lit. f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

  • Google Analytics 4: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number does not contain any unique data, such as names or email addresses. It is used to associate analysis information with a device to recognize which content users have accessed within one or multiple usage sessions, which search terms they have used, revisited, or interacted with on our online offering. The time and duration of use, as well as the sources referring users to our online offering and technical aspects of their devices and browsers, are also recorded. Pseudonymous profiles of users are created with information from the use of various devices, using cookies where applicable. Google Analytics does not log or store individual IP addresses for EU users. Analytics, however, provides approximate geographical location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, IP address data is used solely for this geolocation derivation before being immediately deleted. They are not logged, are not accessible, and are not used for other purposes. When Google Analytics collects measurement data, all IP queries are conducted on EU-based servers before the traffic is forwarded for processing to Analytics servers. Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal Basis: Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR) Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms/; Security Information: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms); Opt-Out Option: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Einstellungen für die Darstellung von Werbeeinblendungen: https://adssettings.google.com/authenticated. Further Information: https://business.safety.google/adsservices/ (Arten der Verarbeitung sowie der verarbeiteten Daten).
  • Matomo: Matomo is a software used for web analysis and reach measurement purposes. When using Matomo, cookies are created and stored on the user's device. The data collected from users using Matomo is processed solely by us and not shared with third parties. The cookies are stored for a maximum period of 13 months. Service Provider: InnoCraft, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand; Website: https://matomo.org. Privacy Policy: https://matomo.org/privacy-policy/.

Social Media Presence

We maintain online presences within social networks and process user data in this context to communicate with users active there or to offer information about us.

We point out that user data may be processed outside the European Union. This can pose risks to users, for example, making it more difficult to enforce users' rights.

Furthermore, user data within social networks are generally processed for market research and advertising purposes. For instance, user profiles can be created based on user behavior and resulting interests. These usage profiles can then be used to display advertisements within and outside the networks that presumably correspond to the users' interests. For these purposes, cookies are usually stored on users' computers, in which user behavior and interests are stored. Additionally, data independent of the devices used by the users can also be stored in the usage profiles (especially if the users are members of the respective platforms and are logged in).

For a detailed presentation of the respective forms of processing and the opt-out options, we refer to the privacy policies and information of the operators of the respective networks.

Also, in the case of information requests and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers. Only the providers have access to the users' data and can directly take appropriate measures and provide information. If you still need assistance, you can contact us.

  • Processed Data Types: Contact data (e.g., email, phone numbers) Content data (e.g., entries in online forms) Usage data (e.g., visited websites, interest in content, access times) Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, consent status) Applicant data (e.g., personal information, postal and contact addresses, application documents and information contained therein, such as cover letters, resumes, certificates, and other information voluntarily provided by applicants regarding their person or qualifications in relation to a specific position)
  • Persons concerned: Users (e.g., website visitors, users of online services) Applicants
  • Purposes of Processing: Contact requests and communication Feedback (e.g., collecting feedback via online form) Marketing Application procedures (establishment, potential continuation, and possible termination of the employment relationship)
  • Legal Basis: Legitimate Interests (Art. 6 Abs. 1 S. 1 lit. f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

  • Instagram: Soziales Netzwerk; Service Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland; Legal Basis: Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR) Website: https://www.instagram.com. Privacy Policy: https://instagram.com/about/legal/privacy.
  • Facebook-Groups: We use the "Groups" function of the Facebook platform to create interest groups within which Facebook users can interact with each other or with us and exchange information. In this context, we process personal data of the users of our groups to the extent necessary for the purpose of group usage and moderation. Our policies within the groups may contain further guidelines and information regarding the use of the respective group. This data includes information on first and last names, as well as published or privately shared content, and values related to group membership status or group-related activities, such as joining or leaving the group, as well as the timestamps of the aforementioned data. Furthermore, we refer to the processing of user data by Facebook itself. This data includes information on the types of content users view or interact with, or actions they take (see "Things you and others do and provide" in Facebook's Data Policy): https://www.facebook.com/policy), as well as information about the devices used by the users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see "Device Information" in Facebook's Data Policy): https://www.facebook.com/policy). As explained in Facebook's Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytical services, known as "Insights," for group administrators, so that they can gain insights into how people interact with their groups and the content associated with them; Service Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland; Legal Basis: Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR) Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy. Security Information: EU-US Data Privacy Framework (DPF).
  • Facebook Pages: Profiles within the social network Facebook – We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data from visitors to our Facebook page (so-called "Fanpage"). This data includes information on the types of content users view or interact with, or actions they take (see "Things you and others do and provide" in Facebook's Data Policy: https://www.facebook.com/policy), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see "Device Information" in Facebook's Data Policy: https://www.facebook.com/policy). As explained in Facebook's Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytical services, known as "Page Insights," for page administrators, so that they can gain insights into how people interact with their pages and the content associated with them. We have entered into a special agreement with Facebook ("Page Insights Controller Addendum," https://www.facebook.com/legal/terms/page_controller_addendum), which specifically regulates the security measures Facebook must comply with and in which Facebook agrees to fulfill the rights of data subjects (i.e., users can, for example, direct inquiries or deletion requests directly to Facebook). The rights of users (especially the rights to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Page Insights Controller Addendum" (https://www.facebook.com/legal/terms/information_about_page_insights_data); Service Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Third-Country Transfer Basis: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum). Further Information: Joint Controller Agreement: https://www.facebook.com/legal/terms/information_about_page_insights_data. Joint responsibility is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, particularly with regard to the transfer of data to the parent company Meta Platforms, Inc. in the USA (based on the Standard Contractual Clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
  • Facebook Events: Event profiles within the social network Facebook – We use the "Events" function of the Facebook platform to announce events and dates and to communicate with users (participants and interested parties) and exchange information. In this context, we process personal data of the users of our event pages as far as it is necessary for the purpose of the event page and its moderation. This data includes information on first and last names, as well as published or privately shared content, and values related to participation status and the timestamps of the aforementioned data. Furthermore, we refer to the processing of user data by Facebook itself. This data includes information on the types of content users view or interact with, or actions they take (see "Things you and others do and provide" in Facebook's Data Policy: https://www.facebook.com/policy), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see "Device Information" in Facebook's Data Policy: https://www.facebook.com/policy). As explained in Facebook's Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytical services, known as "Insights," for event providers, so that they can gain insights into how people interact with their event pages and the content associated with them; Service Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy. Third-Country Transfer Basis: EU-US Data Privacy Framework (DPF).
  • LinkedIn: Social Network; Service Provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Data Processing Agreement: https://legal.linkedin.com/dpa; Third-Country Transfer Basis: Standard Contractual Clauses (https://legal.linkedin.com/dpa). Opt-Out Option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • YouTube: Social network and video platform; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR); Privacy Policy: https://policies.google.com/privacy; Third-Country Transfer Basis: EU-US Data Privacy Framework (DPF). Opt-Out Option: https://adssettings.google.com/authenticated.
  • Xing: Job search and application-related services within the Xing platform; Service Provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany; Legal Basis: Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR); Website: https://www.xing.com. Privacy Policy: https://privacy.xing.com/en/privacy-policy.
  • Xing: Social network; Service Provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany; Legal Basis: Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR); Website: https://www.xing.com. Privacy Policy: https://privacy.xing.com/en/privacy-policy.
  • LinkedIn Recruiter: Job search and application-related services within the LinkedIn platform; Service Provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR); Website: https://www.linkedin.com; Terms and Conditions: https://legal.linkedin.com/dpa; Privacy Policy: https://www.linkedin.com/legal/privacy-policy. Data Processing Agreement: https://legal.linkedin.com/dpa.

Plugins and Embedded Functions and Content

We integrate function and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include, for example, graphics, videos, or maps (hereinafter uniformly referred to as "content").

The integration always requires that the third-party providers of this content process the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is therefore necessary for displaying these contents or functions. We strive to use only those contents whose respective providers use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. Through the pixel tags, information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the users' device and may include, among other things, technical information about the browser and operating system, referring websites, visit time, and other information about the use of our online offering, as well as being linked to such information from other sources.

  • Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, consent status). Location data (information on the geographical position of a device or person).
  • Persons Concerned: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our online offering and user-friendliness.
  • Legal Basis: Legitimate Interests (Art. 6 Abs. 1 S. 1 lit. f) GDPR).

Further Information on Processing Procedures, Methods, and Services:

  • Integration of Third-Party Software, Scripts, or Frameworks (e.g., jQuery): We integrate software into our online offering, which we retrieve from the servers of other providers (e.g., function libraries that we use for the presentation or user-friendliness of our online offering). In this process, the respective providers collect the IP address of the users and may process it for the purpose of transmitting the software to the users' browser as well as for security purposes and for the evaluation and optimization of their offering. – We integrate software into our online offering, which we retrieve from the servers of other providers (e.g., function libraries that we use for the presentation or user-friendliness of our online offering). In this process, the respective providers collect the IP address of the users and may process it for the purpose of transmitting the software to the users' browser as well as for security purposes and for the evaluation and optimization of their offering; Legal Basis: Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR).
  • Google Fonts (Hosted on Own Server): Provision of font files for a user-friendly presentation of our online offering; Service Provider: The Google Fonts are hosted on our server, no data is transmitted to Google; Legal Basis: Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR).
  • Google Maps: We integrate the maps of the "Google Maps" service provided by Google. The data processed may include, in particular, IP addresses and location data of users; Service Provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f) GDPR); Website: https://mapsplatform.google.com/; Privacy Policy: https://policies.google.com/privacy. Third-Country Transfer Basis: EU-US Data Privacy Framework (DPF).

Management, Organization, and Utilities

We use services, platforms, and software from other providers (hereinafter referred to as "third-party providers") for the purposes of organization, management, planning, and provision of our services. When selecting third-party providers and their services, we comply with legal requirements.

In this context, personal data may be processed and stored on the servers of the third-party providers. Various data that we process in accordance with this privacy policy may be affected. This data may include, in particular, master data and contact data of users, data related to transactions, contracts, other processes, and their content.

If users are referred to third-party providers or their software or platforms in the context of communication, business, or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization, or marketing purposes. We therefore request that you observe the privacy notices of the respective third-party providers.

  • Processed Data Types: Content data (e.g., entries in online forms); usage data (e.g., visited websites, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, consent status).
  • Persons Concerned: Communication partners; users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations Office and organizational procedures

Changes and Updates to the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We adjust the privacy policy as soon as changes in our data processing make this necessary. We will inform you as soon as such changes require your participation (e.g., consent) or any other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that these addresses may change over time, and we request that you check the information before contacting them.

Definitions of Terms

In this section, you will find an overview of the terms used in this privacy policy. Where terms are legally defined, their legal definitions apply. The following explanations are primarily intended to aid understanding.

  • Personal Data: "Personal data" refers to any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Profiles with User-Related Information: The processing of "profiles with user-related information," or simply "profiles," includes any type of automated processing of personal data where such personal data is used to analyze, evaluate, or predict certain personal aspects relating to a natural person. Depending on the type of profiling, this may include various information concerning demographics, behavior, and interests, such as interaction with websites and their content, etc. For purposes of profiling, cookies and web beacons are often used.
  • Reach Measurement: Reach measurement (also known as web analytics) is used to evaluate the visitor flows of an online offering and can include the behavior or interests of visitors in certain information, such as website content. With the help of reach analysis, operators of online offerings can, for example, determine when users visit their websites and what content they are interested in. This allows them to better tailor the content of the websites to the needs of their visitors. For the purposes of reach analysis, pseudonymous cookies and web beacons are often used to recognize returning visitors and thus obtain more precise analyses of the use of an online offering.
  • Location Data: Location data is generated when a mobile device (or another device with the technical capabilities for location determination) connects to a cell tower, Wi-Fi, or similar technical means and functions for location determination. Location data indicates the geographically determinable position on Earth where the respective device is located. Location data can be used, for example, to display map functions or other location-dependent information.
  • Controller: The "controller" is the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing: "Processing" is any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data, including collecting, analyzing, storing, transmitting, or deleting.
One Passion GmbH · Werner-von-Siemens-Straße 6 · G-86159 Augsburg
info@one-passion.com
Contact
Approach · Imprint · Data privacy policy

Copyright © 2021 One Passion GmbH

logo