Privacy policy

General

As the operator of this website and as a company, we come into contact with your personal data. This refers to all data that says something about you and with which you can be identified. In this privacy policy, we would like to explain to you how, for what purpose and on what legal basis we process your data.

Responsible for data processing on this website and in our company is:

XPORT Communication GmbH
Stechgrundstr. 2a
01324 Dresden

Phone: 0049 351 26308 666
Email: hello@hellohotel.io

General information
SSL or TLS encryption
When you enter your data on websites, place online orders or send e-mails via the Internet, you must always be aware that unauthorized third parties may access your data. There is no complete protection against such access. However, we do everything we can to protect your data as well as possible and to close security gaps as far as we can.

An important protection mechanism is the SSL or TLS encryption of our website, which ensures that data that you transmit to us cannot be read by third parties. You can recognize the encryption by the lock icon in front of the Internet address entered in your browser and by the fact that our Internet address begins with https:// and not with http://.

Encrypted payment transactions
Payment data, such as account or credit card numbers, are particularly sensitive. For this reason, payment transactions with common means of payment are made exclusively via an encrypted SSL or TLS connection.


How long do we store your data?
In some places in this privacy policy, we inform you about how long we or the companies that process your data on our behalf store your data. If no such information is provided, we will store your data until the purpose of the data processing no longer applies, you object to the data processing or you withdraw your consent to the data processing.

However, in the event of an objection or revocation, we may continue to process your data if at least one of the following conditions is met:

We have compelling legitimate grounds for continuing the data processing which override your interests, rights and freedoms (only if you object to the data processing; if the objection is to direct marketing, we cannot provide any legitimate grounds).

Data processing is necessary in order to assert, exercise or defend legal claims (does not apply if your objection is directed against direct advertising).

We are legally obliged to retain your data. In this case, we will delete your data as soon as the requirement(s) no longer apply or cease to apply.

Data transfer to the USA
We also use tools on our website from companies that transfer your data to the USA, where it is stored and, if necessary, further processed. This is particularly important for you because your data does not enjoy the same protection in the USA

as it does within the EU, where the General Data Protection Regulation (GDPR) applies. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It is therefore possible that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.

Your rights
Objection to data processing
IF YOU READ IN THIS PRIVACY POLICY THAT WE HAVE LEGITIMATE INTERESTS IN THE PROCESSING OF YOUR DATA AND THAT THIS IS THEREFORE BASED ON ART. 6 ABS. 1 SENTENCE 1 LIT. F) GDPR, YOU HAVE THE RIGHT UNDER ART. 21 GDPR YOU HAVE THE RIGHT TO OBJECT TO THIS. THIS ALSO APPLIES TO PROFILING BASED ON THE AFOREMENTIONED PROVISION. THE PREREQUISITE IS THAT YOU STATE REASONS FOR THE OBJECTION THAT ARISE FROM YOUR PARTICULAR SITUATION. NO JUSTIFICATION IS REQUIRED IF THE OBJECTION IS DIRECTED AGAINST THE USE OF YOUR DATA FOR DIRECT ADVERTISING.
THE CONSEQUENCE OF THE OBJECTION IS THAT WE MAY NO LONGER PROCESS YOUR DATA. THIS ONLY DOES NOT APPLY IF ONE OF THE FOLLOWING CONDITIONS APPLIES:

- WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS.

- THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

THE EXCEPTIONS DO NOT APPLY IF YOUR OBJECTION IS DIRECTED AGAINST DIRECT ADVERTISING OR AGAINST PROFILING IN CONNECTION WITH THIS.

Further rights

Withdrawal of your consent to data processing
Many data processing operations are based on your consent. You give this consent, for example, by ticking the appropriate box on online forms before you send the form or by allowing certain cookies when you visit our website. You can withdraw your consent at any time without giving reasons (Art. 7 para. 3 GDPR). We may then no longer process your data from the time you withdraw your consent. The only exception: We are legally obliged to retain the data for a certain period of time. Such retention periods exist in particular in tax and commercial law.


Right to lodge a complaint with the competent supervisory authority
If you believe that we are in breach of the General Data Protection Regulation (GDPR), you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. You can contact a supervisory authority in the member state of your place of residence, your place of work or the place where the alleged infringement took place. The right to lodge a complaint exists in addition to administrative or judicial remedies.


Right to data portability
We must provide you or a third party with data that we process automatically on the basis of your consent or in fulfillment of a contract in a commonly used, machine-readable format if you request this. We can only transfer the data to another controller if this is technically possible.


Right to data access, erasure and rectification
In accordance with Art. 15 GDPR, you have the right to receive information free of charge about what personal data we have stored about you, where the data comes from, to whom we transmit the data and for what purpose it is stored. If the data is incorrect, you have the right to rectification (Art. 16 GDPR); under the conditions of Art. 17 GDPR, you may request that we erase the data.

Right to restriction of processing
In certain situations, you can request that we restrict the processing of your data in accordance with Art. 18 GDPR. The data may then - apart from storage - only be processed as follows

  • with your consent
  • for the assertion, exercise or defense of legal claims
  • to protect the rights of another natural or legal person
  • for reasons of important public interest of the European Union or a Member State


The right to restriction of processing exists in the following situations: 

  • You have disputed the accuracy of your personal data stored by us and we need time to check this. Here you have the right for the duration of the review.
  • The processing of your personal data is unlawful or was unlawful in the past. In this case, you have the alternative right to erasure of the data.
  • We no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims. Alternatively, you have the right to have the data erased.
  • You have lodged an objection in accordance with Art. 21 (1) GDPR and now your interests and ours must be weighed against each other. You have the right to do so as long as the result of the balancing process has not yet been determined.

Hosting and Content Delivery Networks (CDN)

AWS web hosting
What is AWS web hosting?
Content Delivery Network (CDN) of EMEA SARL Luxembourg

Who processes your data?
Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg

Has a data processing agreement been concluded with AWS Webshosting?
Yes

Where can you find more information about data protection at AWS?
https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf

On what basis do we transfer your data to the USA?
On the basis of the EU-US Privacy Shield Framework of the European Commission (cf. https://www.amazon.com/gp/help/customer/display.html/ref=hp_left_v4_sib?ie=UTF8&nodeId=202135380)

How do we process your data?
We use the global content delivery network of AWS. It ensures that all content that we make available online reaches you quickly, even if large amounts of data have to be moved over long distances. This is made possible by the fact that the network, with all its technical capabilities and servers around the world, is connected between our website and your browser, analyzes the data traffic and filters out malicious data before it reaches our server. In doing so, AWS also comes into contact with personal data collected via our website. The company may also use cookies or other technologies to recognize Internet users.


On what legal basis do we process your data?
We have a legitimate interest in providing visitors to our website with an online offering that is as fast and efficient as possible. Data processing therefore takes place on the basis of Art. 6 para. 1 lit. f) GDPR.

Data collection on this website

Use of cookies
Our website places cookies on your device. These are small text files that are used for different purposes. Some cookies are technically necessary for the website to function at all (necessary cookies). Others are required to perform certain actions or functions on the site (functional cookies). For example, without cookies it would not be possible to use the benefits of a shopping basket in an online store. Other cookies are used to analyze user behavior or to optimize advertising measures. If we use third-party services on our website, e.g. to process payment transactions, these companies may also leave cookies on your device when you access the website (so-called third-party cookies).


How do we process your data?
Session cookies are only stored on your device for the duration of a session. As soon as you close the browser, they disappear automatically. Permanent cookies, on the other hand, remain on your device if you do not delete them yourself. This can, for example, lead to your user behavior being permanently analyzed. You can use the settings in your browser to influence how it handles cookies:

  • Do you want to be informed when cookies are set?
  • Do you want to exclude cookies in general or for certain cases?
  • Do you want cookies to be deleted automatically when you close your browser?


If you deactivate or do not allow cookies, the functionality of the website may be restricted.


If we use cookies from other companies or for analysis purposes, we will inform you about this in this privacy policy. We also ask for your consent in this regard when you visit our website.


On what legal basis do we process your data?

We have a legitimate interest in ensuring that our online services can be used by visitors without technical problems and that all desired functions are available to them. The storage of necessary and functional cookies on your device is therefore based on Art. 6 para. 1 lit. f) GDPR. We use all other cookies on the basis of Art. 6 para. 1 lit. a) GDPR, provided that you give us your consent to do so. You can revoke this consent at any time with effect for the future. If you have consented to the placement of necessary and functional cookies when your consent was requested, these cookies will also be stored exclusively on the basis of your consent.


Cookie consent with Usercentrics
What is Usercentrics?
Consent management platform (CMP) for obtaining, processing and forwarding GDPR-compliant consent

Who processes your data?
Usercentrics GmbH, Rosental 4, 80331 Munich, Germany

Where can you find more information about data protection at Usercentrics?
https://usercentrics.com/de/datenschutzerklaerung/

How do we process your data?
We use the Usercentrics consent management platform to obtain your consent to the storage of cookies on your device and to document this in compliance with data protection regulations. When you visit our website and close the Usercentrics cookie window with the request for consent, the following data is transmitted to the company:

  • Your consent(s) or the revocation of your consent(s)
  • Your IP address
  • Information about your browser
  • Information about your end device
  • the time of your visit to the website


In addition, Usercentrics stores a cookie in your browser in order to be able to assign the consents given or their revocation to your browser. All data collected will be stored until the cookies are no longer needed, you delete the Usercentrics cookie or request us to delete the data. This only does not apply if we are legally obliged to store the data.

On what legal basis do we process your data?
We are legally obliged to obtain the consent of our website visitors for the use of certain cookies. We use Usercentrics to fulfill this obligation. The legal basis for data processing is therefore Art. 6 para. 1 lit. c) GDPR.

Server log files
Server log files log all requests and access to our website and record error messages. They also contain personal data, in particular your IP address. However, this is anonymized by the provider after a short time so that we cannot assign the data to you personally. The data is automatically transmitted from your browser to our provider.


How do we process your data?
Our provider stores the server log files in order to be able to track the activities on our website and detect errors. The files contain the following data:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address (anonymized if necessary)


We do not merge this data with other data, but only use it for statistical analysis and to improve our website.

On what legal basis do we process your data?
We have a legitimate interest in ensuring that our website runs smoothly. It is also in our legitimate interest to obtain an anonymized overview of access to our website. Data processing is therefore lawful in accordance with Art. 6 para. 1 lit. f) GDPR.


Contact form
You can send us a message using the contact form on this website.


How do we process your data?

We store your message and the information from the form in order to be able to process your request, including follow-up questions. This also applies to the contact details provided. We will not pass the data on to other persons without your consent.

How long do we store your data?

We delete your data as soon as one of the following points occurs:

  • Your request has been finally processed.
  • You ask us to delete the data.
  • You revoke your consent to storage.


This only does not apply if we are legally obliged to retain the data.


On what legal basis do we process your data?
If your request is related to our contractual relationship or serves the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b) GDPR. In all other cases, it is in our legitimate interest to process inquiries addressed to us effectively. The legal basis for data processing is therefore Art. 6 para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 para. 1 lit. a) GDPR is the legal basis. In this case, you can withdraw your consent at any time with effect for the future.


Request by e-mail, telephone or fax
You can send us a message by e-mail or fax or give us a call.


How do we process your data?

We store your message and the contact details you have provided or the telephone number you have transmitted so that we can process your inquiry, including any follow-up questions. We will not pass the data on to other persons without your consent.

How long do we store your data?
We delete your data as soon as one of the following points occurs:

  • Your request has been finally processed.
  • You ask us to delete the data.
  • You revoke your consent to storage.

This only does not apply if we are legally obliged to retain the data.


On what legal basis do we process your data?

If your request is related to our contractual relationship or serves the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b) GDPR. In all other cases, it is in our legitimate interest to process inquiries addressed to us effectively. The legal basis for data processing is therefore Art. 6 para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 para. 1 lit. a) GDPR is the legal basis. In this case, you can withdraw your consent at any time with effect for the future.

Calendly
What is Calendly?
Tool for scheduling appointments


Who processes your data?
Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA


Has an order processing contract been concluded with Calendly?
Yes


Where can you find more information about data protection at Calendly?
https://calendly.com/pages/privacy


On what basis do we transfer your data to the USA?
Calendly adheres to the standard contractual clauses of the European Commission (see https://calendly.com/pages/dpa)

How do we process your data?
To make an appointment with us, you can use the Calendly tool on our website. We use the data for the planning, execution and, if necessary, follow-up of the appointment.

How long do we store your data?
We delete your data as soon as one of the following points occurs:

  • The purpose of the data processing no longer applies.
  • You ask us to delete the data.
  • You revoke your consent to storage.
  • This only does not apply if we are legally obliged to retain the data.


On what legal basis do we process your data?
We have a legitimate interest in arranging appointments with customers and other interested parties as easily as possible. Data processing is therefore carried out on the basis of Art. 6 para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 para. 1 lit. a) GDPR is the sole legal basis. In this case, you can revoke your consent at any time with effect for the future.

Intercom
What is Intercom?
Platform for customer relationship management (CRM), i.e. the management of customer relationships in the areas of marketing, sales and service


Who processes your data?
Intercom R&D Unlimited Company, 2nd Floor, Stephen Court, 18-21 St. Stephen's Green, Dublin 2, Republic of Ireland


Has an order processing contract been concluded with Intercom?
Yes


Where you can find more information about data protection at Intercom
https://www.intercom.com/de/legal/privacy

On what basis do we transfer your data to the USA?
Intercom has so-called standard contractual clauses that permit the transfer of data to the USA: https://www.intercom.com/de/legal/privacy#privacy-shield


How do we process your data?
We use the CRM Intercom to record, sort and analyze customer interactions via email, social media and telephone across various channels. We evaluate the personal data collected and use it for communication with (potential) customers or for marketing measures, such as newsletter mailings.


On what legal basis do we process your data?
We have a legitimate interest in the most efficient customer management and communication possible. Data processing is therefore carried out on the basis of Art. 6 para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 para. 1 lit. a) GDPR is the sole legal basis. In this case, you can withdraw your consent at any time with effect for the future.

Analysis tools and advertising

We use the following tools to analyze the behavior of our website visitors and to show them advertising.


Google Tag Manager

What is Google Tag Manager?
Tag management system for the integration of tracking codes and conversion pixels from Google Ireland. Ltd.


Who processes your data?
Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland


Where can you find more information about data protection at Google Tag Manager?
https://policies.google.com/privacy


On what basis do we transfer your data to the USA?
On the basis of the standard contractual clauses of the European Commission (https://privacy.google.com/businesses /compliance)


How do we process your data?
We use the Google Tag Manager. This tool helps us to integrate tracking codes and conversion pixels into our website, manage them and play them out. Google Tag Manager itself does not create any user profiles, does not place any cookies on your device and does not analyze your behavior as a user. However, it does record your IP address and transmits it to Google servers in the USA.


On what legal basis do we process your data?
We have a legitimate interest in the fast and uncomplicated integration and management of various tools on our website. The use of Google Tag Manager is therefore lawful under Art. 6 (1) (f) GDPR. If you have consented to the forwarding of your IP address, we process your data exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.


Google Analytics
What is Google Analytics?
Tool for analyzing user behavior from Google Ireland Ltd.


Who processes your data?
Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland


Has a data processing agreement been concluded with Google Analytics?
Yes


Where can you find more information about data protection at Google Analytics?
https://support.google.com/analytics/answer/6004245?hl=de


On what basis do we transfer your data to the USA?
On the basis of the standard contractual clauses of the European Commission (https://privacy.google.com/businesses /compliance)


How can you prevent data collection?
With a browser plugin, among other things: https://tools.google.com/dlpage/gaoptout?hl=de


How do we process your data?
We are always interested in optimizing our web offering for visitors to our website and placing advertising in the best possible way. Google Analytics, a tool that analyzes user behavior and thus provides us with the necessary database for adjustments, helps us to do this. The tool provides us with information about the origin of our visitors, their page views and the time they spend on the pages, as well as the operating system they are using.


Standard processing
To collect the data, Google Analytics uses cookies, device fingerprinting or other technologies to recognize users. The data is transmitted to Google servers in the USA and summarized in a profile that can be assigned to you or your device using the IP address that is also recorded.
You can prevent Google from processing your data by installing a browser plugin provided by Google: https://tools.google.com/dlpage/gaoptout?hl=de.


IP anonymization
We have activated the "IP anonymization" function within Google Analytics. For you, this means that Google truncates your IP address (from the EU or EEA) before transmitting it to the USA. Only in exceptional cases does Google transmit the full IP address to servers in the USA and truncate it there.


E-commerce tracking
We use the "e-commerce tracking" function of Google Analytics. This allows us to analyze the purchasing behavior of our website visitors and improve our online marketing campaigns. E-commerce tracking records, for example, your orders, average order values, shipping costs and the time from viewing to purchasing a product. Google can summarize the data under a transaction ID and assign it to you or your device.


How long do we store your data?
Google deletes or anonymizes data stored at user and event level that is linked to cookies, user identifiers (e.g. user IDs) or advertising IDs after 14 months according to its own information (cf. https://support. google.com/analytics/answer/7667196?hl=en).


On what legal basis do we process your data?
As a website operator, we have a legitimate interest in analyzing user behavior for the purpose of optimizing our website and the advertising placed there. Data processing is therefore lawful under Art. 6 (1) (f) GDPR. In the event that you have consented to the storage of cookies, for example, or have otherwise consented to data processing by Google Analytics, the legal basis is exclusively Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.

Hotjar

What is Hotjar?
Tool for analyzing user behavior


Who processes your data?
Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta


Has an order processing contract been concluded with Hotjar?
Yes


Where can you find more information about data protection at Hotjar?
https://www.hotjar.com/privacy


How can you prevent data collection?
Two ways to deactivate the tool: https://www.hotjar.com/opt-out


How do we process your data?
We are always interested in optimizing our website for users and placing advertising in the best possible way. Hotjar, a tool that analyzes user behavior and thus provides us with the necessary database for adjustments, helps us to do this. Specifically, Hotjar processes the data of website visitors as follows:

  • Among other things, it records which click and scroll movements users make with the mouse and how long the mouse pointer remains in a certain position. The tool then uses the data collected from all users to create so-called heat maps, which show which areas of the website are particularly popular.
  • It tells us how long users stayed on a subpage of our website and when they left the page.
  • It can obtain direct feedback from you as a website visitor.
  • When users have started to fill out our contact form, the tool registers the point at which they aborted the entry (so-called conversion funnels).


In order to recognize you as a user, Hotjar places cookies on your device or reads information stored on it via so-called device fingerprinting.


If you do not want Hotjar to collect your data, you can deactivate the tool. Hotjar Ltd. offers you two options for this under the following link: https://www.hotjar.com/opt-out.


On what legal basis do we process your data?
As a website operator, we have a legitimate interest in analyzing user behavior for the purpose of optimizing our website and the advertising placed there. Data processing is therefore lawful under Art. 6 (1) (f) GDPR. In the event that, for example, you have consented to the storage of cookies or have otherwise consented to data processing by Hotjar, the legal basis is exclusively Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.


Google Analytics Remarketing
What is Google Analytics Remarketing?
Tool for personalized advertising from Google Ireland Ltd.


Who processes your data?
Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland


Has a data processing agreement been concluded with Google Analytics Remarketing?
Yes


Where can you find more information about data protection with Google Analytics Remarketing?
https://www.google.de/intl/de/policies/privacy/ and https://policies.google.com/technologies/ads


On what basis do we transfer your data to the USA?
Google adheres to the standard contractual clauses of the European Commission (https://privacy.google.com/businesses/compliance)


How can you prevent data processing?
By objecting to personalized advertising in your Google account or on this page: https://www.google.com/settings/ads/onweb/


How do we process your data?
We are always interested in placing our advertising in the best possible way. The Google Analytics remarketing function helps us to do this.


Standard processing
Remarketing means that we analyze your behavior on our website in order to assign you to a specific advertising target group and then show you suitable advertising messages when you visit other websites. In addition, we link the advertising target groups with cross-device functions of Google. This enables us to display interest-based, personalized advertising messages that have been adapted to you based on your usage and surfing behavior on one device (e.g. your cell phone) on another device (e.g. a tablet or PC).


Object to personalized advertising
You can adjust the advertising settings in your Google account. To do this, click on the following link and log in: https://adssettings.google.com/authenticated. Outside of your Google account, you can object to personalized advertising by clicking on the following link: https://www.google.com/settings/ads/onweb/ (the setting then only applies to the device and browser you are currently using).


On what legal basis do we process your data?
As a website operator, we have a legitimate interest in the effective marketing of our services and products. Data processing is therefore lawful under Art. 6 (1) (f) GDPR. In the event that, for example, you have consented to the storage of cookies or have otherwise consented to data processing by Google Analytics Remarketing, the legal basis is exclusively Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time with effect for the future.


Google Conversion Tracking
What is Google Conversion Tracking?
Tool for analyzing user behavior from Google Ireland Ltd.


Who processes your data?
Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland


Has an order processing contract been concluded with Google Conversion Tracking?
Yes


Where can you find more information about data protection with Google Conversion Tracking?
https://www.google.de/intl/de/policies/privacy/


On what basis do we transfer your data to the USA?
Google adheres to the standard contractual clauses of the European Commission (https://privacy.google.com/businesses/compliance)


How do we process your data?
We are always interested in optimizing our website for users and placing advertising in the best possible way. For this purpose, we also use conversion tracking from Google. With its help, we can record whether and how often visitors have clicked on certain buttons on our website and which products have been viewed and purchased particularly frequently (conversion statistics). In the course of data collection and storage, we do not receive any information with which we can personally identify individual visitors. Google itself uses cookies or comparable recognition technologies for identification purposes.


On what legal basis do we process your data?
As the website operator, we have a legitimate interest in analyzing user behavior for the purpose of optimizing our website and the advertising placed on it. Data processing is therefore lawful under Art. 6 (1) (f) GDPR. In the event that, for example, you have consented to the storage of cookies or have otherwise consented to data processing by Google Conversion Tracking, the legal basis is exclusively Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time with effect for the future.


Facebook Pixel
What is Facebook Pixel?
Tool for analyzing user behavior that measures the effectiveness of advertising on Facebook


Who processes your data?
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland


Has an order processing contract been concluded with Facebook Pixel?
Yes


Where can you find more information about data protection at Facebook Pixel?
https://de-de.facebook.com/about/privacy/


On what basis do we transfer your data to the USA and other third countries?
Facebook adheres to the standard contractual clauses of the European Commission (cf. https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381)


How can you prevent data processing?
If you have a Facebook account: Deactivate the remarketing function "Custom Audiences" in the Settings for


Advertisements (https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen).


If you do not have a Facebook account: Deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.


How do we process your data?
We use Facebook Pixel on our website. This analysis tool helps us to learn more about the behavior of visitors to our website after they have clicked on one of our ads on Facebook. This enables us to measure how effective our Facebook advertising is and to align future advertising measures with the knowledge gained. The data that Facebook collects via the pixel is anonymous to us as the operator of this website. We are therefore unable to identify you as a visitor. However, the data is stored and processed by Facebook. Facebook establishes a connection to your Facebook account via the pixel and also uses the data to place advertisements within and outside the network (see Facebook Data Usage Policy). In the course of storage and processing, Facebook also transfers the data to the USA and other third countries.


If you have a Facebook account, you can activate the remarketing function "Custom Audiences" in the settings for advertisements under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen deactivate it.


If you do not have a Facebook account, you have the option of deactivating usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.


On what legal basis do we process your data?
As a website operator, we have a legitimate interest in effective advertising measures in social networks. Data processing is therefore lawful under Art. 6 (1) (f) GDPR. In the event that you have consented to the storage of cookies, for example, or have otherwise consented to data processing by Facebook, the legal basis is exclusively Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.


LinkedIn Insight Tag
What is LinkedIn Insight Tag?
Tool for analyzing the user behavior of the LinkedIn Ireland Unlimited Company


Who processes your data?
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland


Has a data processing agreement been concluded with LinkedIn Insight Tag?
Yes


Where can you find more information about data protection at LinkedIn Insight Tag?
https://www.linkedin.com/legal/privacy-policy#choices-oblig


On what basis do we transfer your data to the USA?
LinkedIn Insight Tag adheres to the standard contractual clauses of the European Commission (cf. https://www.linkedin.com/legal/l/dpa%20und%20https://www.linkedin.com/legal/l/eu-sccs)


How can you prevent data processing?
By objecting to the analysis of your user behavior and targeted advertising by LinkedIn under the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. If you have a LinkedIn account, you can also make settings there for the use of your personal data for advertising purposes.


How do we process your data?
We use the LinkedIn Insight Tag on our website. The analysis tool helps us to learn more about visitors to our website and to adapt our online offering accordingly. If our visitors are registered with LinkedIn, we can use the tool to analyze their key professional data such as career level, company size, country, location, industry and job title. We can also measure whether they make a purchase or take another action (conversion measurement). This data is collected across all devices. Finally, LinkedIn Insight Tag offers a retargeting function that we can use to display targeted advertising to our visitors outside of our website. LinkedIn ensures that individual advertising recipients cannot be identified.


In addition to the aforementioned data, the analysis tool collects the following data from you when you visit our website: URL, referrer URL, IP address, device and browser properties as well as the time of access. The IP addresses are shortened or pseudonymized. The latter is done if you as a LinkedIn member are to be reached across devices.


The data collected by LinkedIn is anonymous to us as the website operator. This means that we cannot identify you as a visitor. However, LinkedIn will store your personal data on its servers in the USA and use it for its own advertising purposes.


You can prevent LinkedIn from linking the data collected on our website to your LinkedIn account by logging out of your account before you continue surfing the Internet. You can also prevent the use of your data for advertising purposes by making the appropriate settings in your account.


If you do not have a LinkedIn account, you can object to the analysis of your usage behavior and targeted advertising by LinkedIn by clicking on the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.


How long do we store your data?
LinkedIn deletes the direct identifiers of LinkedIn members after 7 days. The remaining pseudonymized data will be deleted within 180 days.


On what legal basis do we process your data?
As the website operator, we have a legitimate interest in optimizing our online offering and our advertising measures. Data processing is therefore lawful under Art. 6 (1) (f) GDPR. In the event that you have consented to the storage of cookies, for example, or have otherwise consented to data processing, the legal basis is exclusively Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.

Newsletter and postal advertising

Campaign Monitor
What is Campaign Monitor?
Service for sending newsletters and analyzing recipient behavior


Who processes your data?
Campaign Monitor, Attn: Legal Department, 11 Lea Avenue, Nashville, TN 37210, USA

Has a data processing agreement been concluded with Campaign Monitor?
Yes


Where can I find more information about data protection at Campaign Monitor?
https://www.campaignmonitor.com/policies/#privacy-policy

On what basis do we transfer your data to the USA?
Campaign Monitor has so-called standard contractual clauses that permit the transfer of data to the USA: https://www.campaignmonitor.com/policies/#priv-section-5e


How do we process your data?
We use Campaign Monitor to send out our newsletter. The service manages the data of newsletter subscribers for us, sends out our newsletter and analyzes our newsletter campaigns.


If you would like to receive our newsletter, we need your e-mail address. We will also use a confirmation e-mail (double opt-in procedure) to check whether you really are the owner of this e-mail address. We do not collect any further data, or only on a voluntary basis. We use your data exclusively for sending the newsletter. They are stored on a Campaign Monitor server in the USA.


If we send a newsletter via Campaign Monitor and you open it, a file contained in the newsletter automatically connects to the Campaign Monitor servers. This tells the service that the newsletter has been opened and registers all clicks on the links it contains. It also registers whether you have made a purchase after clicking on a link, for example. In addition, Campaign Monitor records technical information such as the time of access, IP address, browser type and operating system.


With Campaign Monitor, we can divide the recipients of our newsletter into categories, e.g. age, gender or place of residence. This enables us to better adapt our newsletters to the respective target group.


You can unsubscribe from the newsletter at any time.


How long do we store your data?
After you have unsubscribed, your data will be deleted from the newsletter distribution list. Under certain circumstances, we may also place your e-mail address on a blacklist; this is necessary, for example, if we have received an objection to advertising from you. The data is then stored on the basis of Art. 6 para. 1 lit. f) GDPR.


Furthermore, we reserve the right to delete the data at any time once the purpose for which it was collected no longer applies or at our own discretion.


On what legal basis do we process your data?
By entering your name in the subscriber list, you consent to data processing by Campaign Monitor. This is therefore lawful on the basis of Art. 6 para. 1 lit. a) GDPR. You can revoke your consent by unsubscribing from the newsletter or by sending us an informal message. For us, this means that we may no longer send you newsletters from this point on.

Plugins and tools

YouTube (with extended data protection)
What is YouTube?
Video platform

Who processes your data?
Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland


Where can you find more information about data protection on YouTube?
https://policies.google.com/privacy?hl=de


How do we process your data?
You can watch YouTube videos on our website. As the provider of YouTube, Google collects and stores certain information about you. However, as we use YouTube in extended data protection mode, this only happens when you start a video. Specifically, the following happens in this case:

1. the Google servers are informed which of our pages have been visited from your device. If you are logged into your YouTube account while surfing, Google can assign your surfing behavior directly to your personal profile. If you do not want this, you must log out of your YouTube account before you continue surfing the Internet.
 

2 Google receives information about visitors to our website via cookies, device fingerprinting or similar recognition technologies. On this basis, the company then creates video statistics, makes its application more attractive to users and prevents fraud attempts.
 

3. your data may also be processed beyond this. However, we have no knowledge of the details. We also have no influence on the processing.

Even if you do not start a YouTube video on our website, Google establishes a connection to its DoubleClick network and possibly also to other partners. The extended data protection mode therefore does not mean that Google does not process any of your data when you visit our website.
 

On what legal basis do we process your data?
By integrating YouTube videos, we want to make our website and our services and offers more appealing. This is our legitimate interest as a company and therefore lawful under Art. 6 (1) (f) GDPR.


If you have consented to data processing, we process your data exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time. We may no longer process your data from the time you withdraw your consent.
 

Vimeo (without tracking)
What is Vimeo?
Video platform

Who processes your data?
Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA


Where can you find more information about data protection at Vimeo?
https://vimeo.com/privacy

On what basis do we transfer your data to the USA?
 

On the basis of standard contractual clauses of the European Commission and legitimate business interests (cf. https://vimeo.com/privacy#international_data_transfers_and_certain_user_rights)

How do we process your data?
You can watch Vimeo videos on our website. As soon as you call up a page in which we have embedded a Vimeo video, this is communicated to the Vimeo servers. Vimeo also learns your IP address. However, as we have made the appropriate settings in the Vimeo plugin, Vimeo will neither leave cookies on your device nor track your surfing behavior.

On what legal basis do we process your data?
By integrating Vimeo videos, we want to make our website more appealing. This is our legitimate interest as a company and therefore lawful under Art. 6 para. 1 lit. f) GDPR.

If you have consented to data processing, we process your data exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time. We may no longer process your data from the time you withdraw your consent.
 

Google Web Fonts (local hosting)
We use fonts from the US company Google on our website. We have installed the fonts locally so that there is no connection to Google's servers when you visit our website.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.

OpenStreetMap
What is OpenStreetMap?
Map service of the OpenStreetMap Foundation


Who processes your data?
OpenStreetMap Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom


Where can you find more information about data protection at OpenStreetMap?
https://wiki.osmfoundation.org/wiki/Privacy_Policy


How do we process your data?
We use maps from the OpenStreetMap Foundation on our website. For you, this means that your IP address and information about your surfing behavior will be forwarded to the foundation and stored there when you visit our website. For this purpose, the foundation leaves cookies on your device or uses comparable recognition technologies. If you have allowed your location to be determined in the settings of your device, OpenStreetMap also stores this data.

On what legal basis do we process your data?
The maps from OpenStreetMap make it easier for visitors to find the places indicated on our website. As a company, we have a legitimate interest in this. Data processing is therefore lawful under Art. 6 (1) (f) GDPR.
If you have consented to data processing, we process your data exclusively on the basis of Art. 6 (1) (a) GDPR. You can withdraw your consent at any time. We may no longer process your data from the time of withdrawal.

Google reCAPTCHA
What is Google reCAPTCHA?
Test tool for distinguishing between people and computers from Google Ireland Ltd.


Who processes your data?
Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland

Where can you find more information about data protection at Google?
https://policies.google.com/privacy?hl=de


On what basis do we transfer your data to the USA?
Google adheres to the standard contractual clauses of the European Commission (https://privacy.google.com/businesses/compliance)

How do we process your data?
We use Google reCAPTCHA to check whether data entered into forms on our website originates from a human or from a computer. For you, this means that the test tool analyzes your behavior as a visitor to our website based on various characteristics. The analysis does not begin when you use the test tool, but when you visit our website. Various data is recorded, e.g. IP address, time spent on our website and mouse movements. The data is forwarded to Google.

On what legal basis do we process your data?
As a company, we have a legitimate interest in protecting our website from spam and abusive spying. Data processing is therefore lawful under Art. 6 (1) (f) GDPR.

If you have consented to data processing, we process your data exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time. We may no longer process your data from the time you withdraw your consent.
 

Zendesk
What is Zendesk?
Cloud-based customer support platform that offers helpdesk ticketing, self-service and customer service support functions

Who processes your data?
Zendesk Inc, 1019 Market Street in San Francisco, CA 94103, USA


Has an order processing contract been concluded with Zendesk?
Yes

Where can you find more information about data protection at Zendesk?
https://www.zendesk.de/company/customers-partners/privacy-policy/

On what basis do we transfer your data to the USA?
Zendesk complies with the Standard Contractual Clauses of the European Commission (cf. https://www.zendesk.de/company/privacy-and-data-protection/#gdpr-sub)


How do we process your data?
We use Zendesk to communicate with our customers. If you send us a request via the platform, you only need to enter your e-mail address. We store your message and e-mail address until the statutory retention period expires. If there is no such period, we will delete your data when you request us to do so or when your request has been finally processed. If you ask your question via the chat window, the same applies, except that the IP address is stored instead of your e-mail address.


On what legal basis do we process your data?
As a company, we have a legitimate interest in being able to process customer inquiries quickly and efficiently. The processing of your data is therefore based on Art. 6 para. 1 lit. f) GDPR.

eCommerce and payment providers

Customer and contract data
How do we process your data?
When we conclude a contract with you, we require certain personal data from you. We collect, process and use this data only to the extent that it is necessary to establish our legal relationship, to shape its content or to change it. If you can only use our services via our website or if the services are billed via the website, we also collect usage data if this is necessary to enable you to use our services or to bill you for the services used.

How long do we store your data?
We store your data until our legal relationship ends, unless we are legally obliged to keep the data for longer.

On what legal basis do we process your data?
We store your data in order to fulfill the contract with you or to carry out pre-contractual measures. Basis of the

Data processing is therefore Art. 6 para. 1 lit. b) GDPR.
 

Data transmission when using services and digital content
 

How do we process your data?
To process the payment, we transmit your data to a payment service or the credit institution commissioned to process the payment. We only pass on data that is absolutely necessary for the payment process. If we wish to pass on data beyond this, we will obtain your consent.

On what legal basis do we process your data?
We pass on your data in order to fulfill the contract we have concluded with you. The basis for data processing is therefore Art. 6 para. 1 lit. b) GDPR. If you have consented to the disclosure of your data, the data processing is based on Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.


Payment services
So that you can conveniently pay for your purchases on our website, we use the services of payment services, i.e. external companies that process payments for us. You can find a list of these companies at the end of this section.


How do we process your data?
You must provide certain personal data for the payment process, e.g. your name, bank account details or credit card number. We pass this data on to the respective payment service. The respective contractual and data protection provisions of the respective services apply to the transaction itself.


On what legal basis do we process your data?
We pass on your data in order to fulfill the contract we have concluded with you. The basis for data processing is therefore Art. 6 para. 1 lit. b) GDPR. We also have a legitimate interest in processing purchases as quickly, conveniently and securely as possible. In this respect, the legal basis is also Art. 6 para. 1 lit. f) GDPR. If you have consented to the transfer of your data, the data processing is based on Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.

Which payment services do we use?
Stripe
What is Stripe?
Online payment service

Who processes your data?
Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland


Where can you find more information about data protection at Stripe?
https://stripe.com/de/privacy

On what basis do we transfer your data to the USA?
Stripe adheres to the standard contractual clauses of the European Commission (cf. https://stripe.com/de/privacy and https://stripe.com/de/guides/general-data-protection-regulation)

Audio and video conferencing

As a company, we are in contact with many people: Customers, business partners, service providers, etc. In addition to other means of communication, we also use online conferencing tools. Information relevant to data protection law on the provider(s) of the tools we use can be found at the end of this section. If you communicate with us via such a tool, not only we, but in particular the provider of the respective tool will process your personal data.
 

How do we process your data?
Online conference tools collect and store various personal data to enable participation in an online conference and its smooth implementation. In addition to registration, conference and technical data, this also concerns certain communication content.

Registration data: Your e-mail address and/or telephone number and any other data you provide when registering for the conference.
 

Conference data: Start, end and duration of your participation in the conference, the number of participants and other conference metadata.
 

Technical data: IP address, MAC address, device ID, device type, operating system and version, client version, camera type, microphone or loudspeaker and the type of connection.
 

Communication content: Cloud recordings, chat/instant messages, voicemails uploaded photos and videos, files, whiteboards and other information shared while using the service.
 

For details on data processing, please refer to the data protection declarations of the respective conference tool provider.
 

How long do we store your data?
As your communication partner, we delete your data from our systems as soon as one of the following points occurs:

The purpose of data processing no longer applies.
 

You ask us to delete the data.
 

You revoke your consent to storage.
 

This only does not apply if we are legally obliged to retain the data.
 

Cookies remain on your end device until you delete them.
 

The providers of conference tools also store your data for their own purposes. Please contact the providers directly to find out what this means for the duration of the storage of your data.
 

On what legal basis do we process your data?
If we already have a contractual relationship with you or if you wish to conclude a contract with us, we use conference tools to fulfill the contract or to inform you about our services or products. In this respect, data processing is carried out on the basis of Art. 6 para. 1 lit. b) GDPR. Otherwise, the use of conference tools serves the purpose of simple and fast communication, without which we would not be able to run our company efficiently. We therefore also have a legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f) GDPR. Another legal basis may be your consent. In this case, Art. 6 para. 1 lit. a) GDPR is relevant. This basis no longer applies in the future if you withdraw your consent.

Which online conference tools do we use?
Google Meet

What is Google Meet?
Video conferencing service provided by Google Ireland Ltd.

Who processes your data?
Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland


Has an order processing contract been concluded with Google Meet?
Yes

Where can you find more information about data protection at Google Meet?
https://policies.google.com/privacy?hl=de

On what basis do we transfer your data to the USA?
Google adheres to the standard contractual clauses of the European Commission (https://privacy.google.com/businesses/compliance).