Data Protection Declaration

  

1. Data Protection at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. For detailed information on data protection, please refer to our privacy policy listed below this text.

Data collection on this website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. You can find their contact details in the section "Notice to the Responsible Party" in this privacy policy.

How do we collect your data?

Your data is collected in part by you providing it to us. This may include, for example, data that you enter into a contact form.

Other data is collected automatically or with your consent when you visit the website by our IT systems. This mainly includes technical data (e.g. internet browser, operating system, or time of page access). The collection of this data occurs automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure the error-free provision of the website. Other data may be used to analyse your user behaviour. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders, or other requests for services.

What rights do you have regarding your data?

You have the right to obtain, free of charge, information about the origin, recipients, and purpose of your stored personal data at any time. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can withdraw this consent at any time for the future. Furthermore, you have the right to request the restriction of the processing of your personal data under certain circumstances. Additionally, you have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time regarding this and any further questions on the topic of data protection.

Analysis tools and third-party tools

When visiting this website, your browsing behaviour may be statistically evaluated. This is primarily done using so-called analysis programmes.

Detailed information about these analysis programmes can be found in the following privacy policy.

2. Hosting and Content Delivery Networks (CDN)

We host the content of our website with the following provider:

External Hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the host. This may primarily include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated through a website.

The external hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of providing our online services securely, quickly, and efficiently through a professional provider (Art. 6 para. 1 lit. f GDPR). If corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TDDG. Consent can be revoked at any time.

Our host will only process your data to the extent necessary to fulfil its service obligations and will follow our instructions regarding this data.

We use the following host(s):

Odoo.com

Order processing

We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Cloudflare

We use the service "Cloudflare". The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter referred to as "Cloudflare").

Cloudflare offers a globally distributed Content Delivery Network with DNS. Technically, the information transfer between your browser and our website is routed through Cloudflare's network. This enables Cloudflare to analyse the traffic between your browser and our website and to act as a filter between our servers and potentially malicious traffic from the internet. In this context, Cloudflare may also use cookies or other technologies to recognise internet users, which are used solely for the purpose described here.

The use of Cloudflare is based on our legitimate interest in providing our web services as error-free and securely as possible (Art. 6 para. 1 lit. f GDPR).

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details and further information on security and data protection at Cloudflare can be found here:https://www.cloudflare.com/privacypolicy/.

The company has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. For more information, you can contact the provider at the following link:https://www.dataprivacyframework.gov/participant/5666.

Order processing

We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. General Information and Mandatory Information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations as well as this privacy policy.

If you use this website, various personal data will be collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and how we use it. It also explains how and for what purpose this occurs.

We would like to point out that data transmission over the Internet (e.g. when communicating via email) may have security vulnerabilities. A seamless protection of data against access by third parties is not possible.

Notice regarding the responsible party

The entity responsible for data processing on this website is:

mkm International GmbH

Managing Director Kevin Lind

Boschstr. 16

47533 Kleve

Phone: +49 2821 78699- 82

E-Mail: info@mkmThings.com

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

Storage duration

Unless a more specific retention period is stated within this privacy policy, your personal data will remain with us until the purpose for processing the data ceases. If you assert a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted, provided we have no other legally permissible reasons for retaining your personal data (e.g. tax or commercial law retention periods); in the latter case, deletion will occur after these reasons no longer apply.

General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, provided that special categories of data are processed under Article 9(1) GDPR. In the case of explicit consent to the transfer of personal data to third countries, data processing also takes place on the basis of Article 49(1)(a) GDPR. If you have consented to the storage of cookies or to access information on your device (e.g. via device fingerprinting), data processing additionally takes place on the basis of Section 25(1) TDDDG. Consent can be revoked at any time. If your data is necessary for the fulfilment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Article 6(1)(b) GDPR. Furthermore, we process your data if it is necessary for the fulfilment of a legal obligation on the basis of Article 6(1)(c) GDPR. Data processing may also take place on the basis of our legitimate interests under Article 6(1)(f) GDPR. The relevant legal bases applicable in each individual case are provided in the following paragraphs of this privacy policy.

Data Protection Officer

We have appointed a data protection officer.

Kevin Lind

mkm International GmbH

Boschstr. 16

47533 Kleve

Phone: +49 2821 78699-82

E-Mail: info@mkmThings.com

Note on data transfer to third countries that are not legally secure in terms of data protection, as well as the transfer to US companies that are not DPF-certified

We use tools from companies based in third countries that are not considered safe under data protection law, as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to and processed in these countries. We would like to point out that in data protection unsafe third countries, no level of data protection comparable to that of the EU can be guaranteed.

We would like to point out that the USA, as a safe third country, generally provides a level of data protection comparable to that of the EU. Data transfers to the USA are therefore permissible if the recipient holds a certification under the "EU-US Data Privacy Framework" (DPF) or has suitable additional guarantees. Information on transfers to third countries, including the data recipients, can be found in this privacy policy.

Recipients of personal data

As part of our business activities, we collaborate with various external parties. In some cases, it is also necessary to transmit personal data to these external parties. We only share personal data with external parties when it is required for the fulfilment of a contract, when we are legally obliged to do so (e.g. sharing data with tax authorities), when we have a legitimate interest in the sharing under Article 6(1)(f) of the GDPR, or when another legal basis permits the data sharing. When using processors, we only share our customers' personal data based on a valid contract for data processing. In the case of joint processing, a contract for joint processing will be established.

Withdrawal of your consent to data processing

Many data processing operations are only possible with your explicit consent. You can withdraw your consent at any time. The lawfulness of the data processing carried out before the withdrawal remains unaffected by the withdrawal.

Right to object to data collection in specific cases as well as to direct marketing (Art. 21 GDPR)

IF THE DATA PROCESSING IS BASED ON ART. 6 PAR. 1 LIT. E OR F OF THE GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. YOU CAN FIND THE RELEVANT LEGAL BASIS FOR THE PROCESSING IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21 PAR. 1 OF THE GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION UNDER ART. 21 PAR. 2 GDPR).

Right of complaint to the competent supervisory authority

In the event of violations of the GDPR, affected individuals have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, their place of work, or the location of the alleged infringement. The right to complain exists without prejudice to any other administrative or judicial remedies.

Right to data portability

You have the right to request that data we process automatically based on your consent or in fulfilment of a contract be provided to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

Information, Correction and Deletion

You have the right, under the applicable legal provisions, to request free information at any time about your stored personal data, their origin and recipients, and the purpose of the data processing, as well as, if applicable, the right to rectification or deletion of this data. You can contact us at any time regarding this and any further questions about personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time regarding this. The right to restrict processing exists in the following cases:

• If you dispute the accuracy of your personal data stored with us, we generally require time to verify this. During the verification period, you have the right to request the restriction of the processing of your personal data.
• If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of deletion.
• If we no longer require your personal data, but you need it for the exercise, defence, or assertion of legal claims, you have the right to request the restriction of processing your personal data instead of deletion.
• If you have lodged an objection under Article 21(1) of the GDPR, a balancing of interests between yours and ours must be carried out. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data – apart from their storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims, or to protect the rights of another natural or legal person, or for reasons of significant public interest of the European Union or a Member State.

SSL or TLS encryption

This page uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognise an encrypted connection by the change in the browser's address bar from "http://" to "https://" and by the padlock symbol in your browser's address bar.

If SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website

If, after the conclusion of a paid contract, there is an obligation to provide us with your payment details (e.g. account number for direct debit authorisation), this data is required for payment processing.

The payment transactions using common payment methods (Visa/MasterCard, direct debit) are carried out exclusively over an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address bar of the browser changes from "http://" to "https://" and by the padlock symbol in your browser's address bar.

In encrypted communication, your payment data that you transmit to us cannot be read by third parties.

Objection to advertising emails

The use of contact details published in accordance with the legal obligation to provide an imprint for the purpose of sending unsolicited advertising and informational materials is hereby objected to. The operators of the sites expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as through spam emails.

4. Data collection on this website

Cookies

Our websites use so-called "cookies". Cookies are small data packets and do not cause any harm to your device. They are either temporarily stored for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit ends. Permanent cookies remain stored on your device until you delete them yourself or an automatic deletion occurs through your web browser.

Cookies can originate from us (first-party cookies) or from third parties (so-called third-party cookies). Third-party cookies enable the integration of certain services from third parties within websites (e.g. cookies for processing payment services).

Cookies have various functions. Numerous cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies may be used for analysing user behaviour or for advertising purposes.

Cookies that are necessary for the execution of the electronic communication process, for providing certain functions you desire (e.g. for the shopping cart function), or for optimising the website (e.g. cookies for measuring web audience) are stored on the basis of Article 6(1)(f) of the GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimised provision of their services. If consent for the storage of cookies and comparable recognition technologies has been requested, processing will occur solely on the basis of this consent (Article 6(1)(a) of the GDPR and § 25(1) of the TDDG); consent can be revoked at any time.

You can configure your browser to be informed about the setting of cookies and to allow cookies only on a case-by-case basis, to exclude the acceptance of cookies for specific cases or generally, as well as to activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

You can find out which cookies and services are used on this website in this privacy policy.

Contact form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact information you provided there, will be stored by us for the purpose of processing the enquiry and in case of follow-up questions. We do not share this data without your consent.

The processing of this data is based on Article 6(1)(b) of the GDPR, insofar as your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the requests addressed to us (Article 6(1)(f) of the GDPR) or on your consent (Article 6(1)(a) of the GDPR) if this has been requested; consent can be withdrawn at any time.

The data you entered in the contact form will remain with us until you request its deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – particularly retention periods – remain unaffected.

Use of Artificial Intelligence (AI) to Respond to Customer Inquiries

We use AI-supported software to process and respond to customer inquiries. The AI we employ analyses the content of your message in order to autonomously or partially autonomously generate an appropriate response or a response suggestion. In this context, our AI processes all content of your message, including names, email addresses, communication content, or technical information (e.g. IP addresses, device information).

The use of the deployed AI software is based on Article 6(1)(f) of the GDPR. We have a legitimate interest in achieving the most efficient customer communication through the use of modern technical solutions.

We use the following AI applications:

ChatGPT

We use ChatGPT for our customer communication. The provider is OpenAI, 3180 18th St, San Francisco, CA 94110, USA,https://openai.comSo, if you contact us, your requests, including metadata, may be transmitted to the ChatGPT servers and processed there to generate an appropriate response.

We have configured ChatGPT so that the data we forward to ChatGPT is not used to train the ChatGPT algorithm.

For more information, please click here:https://openai.com/policies/privacy-policy.

Order processing

We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Odoo.com

We use Odoo.com for our customer communication. The provider is Odoo.com, Rue du Laid Burniat 5, 1348 Neulöwen. Therefore, if you contact us, your inquiries, including metadata, may be transmitted to the servers of this provider and processed there to generate an appropriate response.

Order processing

We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Inquiry by email, telephone or fax

If you contact us by email, telephone or fax, your request, including all personal data arising from it (name, request), will be stored and processed by us for the purpose of handling your concern. We do not share this data without your consent.

The processing of this data is based on Article 6(1)(b) of the GDPR, insofar as your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the requests addressed to us (Article 6(1)(f) of the GDPR) or on your consent (Article 6(1)(a) of the GDPR) if this has been requested; consent can be withdrawn at any time.

The data you have sent to us via contact requests will remain with us until you request its deletion, revoke your consent to storage, or the purpose for data storage ceases to exist (e.g. after the completion of processing your request). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

Communication via WhatsApp

For communication with our customers and other third parties, we use the instant messaging service WhatsApp, among others. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The communication takes place via end-to-end encryption (peer-to-peer), which prevents WhatsApp or any other third parties from accessing the content of the communications. However, WhatsApp does have access to metadata generated during the communication process (e.g. sender, recipient, and time). We further point out that WhatsApp, according to its own statement, shares personal data of its users with its parent company Meta, which is based in the USA. Further details on data processing can be found in WhatsApp's privacy policy at:https://www.whatsapp.com/legal/#privacy-policy.

The use of WhatsApp is based on our legitimate interest in achieving the fastest and most effective communication with customers, prospects, and other business and contractual partners (Art. 6 para. 1 lit. f GDPR). If consent has been requested, data processing is carried out solely on the basis of that consent; it can be revoked at any time with effect for the future.

The communication content exchanged between you and us on WhatsApp will remain with us until you request its deletion, revoke your consent for storage, or the purpose for data storage ceases to exist (e.g. after your request has been processed). Mandatory legal provisions – particularly retention periods – remain unaffected.

The company has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. For more information, you can contact the provider at the following link:https://www.dataprivacyframework.gov/participant/7735.

We use WhatsApp in the "WhatsApp Business" version.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:https://www.whatsapp.com/legal/business-data-transfer-addendum.

We have set up our WhatsApp accounts so that there is no automatic data synchronisation with the address book on the smartphones in use.

We have entered into a contract for data processing (DPA) with the above-mentioned provider.

5. Social Media

eRecht24 Safe Sharing Tool

The content on this website can be shared in compliance with data protection regulations on social networks such as Facebook, X, and others. This page uses theeRecht24 Safe Sharing ToolThis tool establishes direct contact between the networks and users only when the user actively clicks on one of these buttons. Clicking the button constitutes consent within the meaning of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDG. This consent can be revoked at any time with effect for the future.

An automatic transfer of user data to the operators of these platforms does not occur through this tool. If the user is logged into one of the social networks, an information window will appear when using the social media elements of Facebook, X & Co., in which the user can confirm the text before sending it.

Our users can share the content of this page in compliance with data protection regulations on social networks, without complete browsing profiles being created by the operators of the networks.

The use of the service is carried out to obtain the legally required consents for the use of certain technologies. The legal basis for this is Article 6(1)(c) of the GDPR.

Facebook

Elements of the social network Facebook are integrated on this website. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. However, according to Facebook, the collected data is also transferred to the USA and other third countries.

An overview of the Facebook social media elements can be found here:https://developers.facebook.com/docs/plugins/?locale=de_DE.

If the social media element is active, a direct connection is established between your device and the Facebook server. This allows Facebook to receive information that you have visited this website with your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This enables Facebook to associate your visit to this website with your user account. We would like to point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information can be found in Facebook's privacy policy at:https://de-de.facebook.com/privacy/explanation.

The use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDG. Consent can be withdrawn at any time.

Insofar as personal data is collected on our website using the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing that takes place by Facebook after the forwarding is not part of the joint responsibility. The obligations that we share have been documented in an agreement on joint processing. You can find the text of the agreement at:https://www.facebook.com/legal/controller_addendumAccording to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of its products. Rights of the data subjects (e.g. requests for information) regarding the data processed by Facebook can be asserted directly with Facebook. If you assert your rights with us, we are obliged to forward them to Facebook.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 und https://www.facebook.com/policy.php.

The company has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. For more information, you can contact the provider at the following link:https://www.dataprivacyframework.gov/participant/4452.

X (formerly Twitter)

Functions of the service X (formerly Twitter) are integrated on this website. These functions are offered by the parent company X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. For the data processing of individuals living outside the USA, the branch Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, is responsible.

If the social media element is active, a direct connection is established between your device and the X server. X (formerly Twitter) thereby receives information about your visit to this website. By using X (formerly Twitter) and the "Re-Tweet" or "Repost" function, the websites you visit are linked to your X (formerly Twitter) account and shared with other users. We would like to point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by X (formerly Twitter). Further information can be found in the privacy policy of X (formerly Twitter) at:https://x.com/de/privacy.

The use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDG. Consent can be withdrawn at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:https://gdpr.x.com/en/controller-to-controller-transfers.html.

Your privacy settings on X (formerly Twitter) can be found in the account settings underhttps://x.com/settings/account ändern.

The company has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. For more information, you can contact the provider at the following link:https://www.dataprivacyframework.gov/participant/2710.

Instagram

Functions of the Instagram service are integrated on this website. These functions are offered by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

If the social media element is active, a direct connection is established between your device and the Instagram server. This allows Instagram to receive information about your visit to this website.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or how it is used by Instagram.

The use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDG. Consent can be withdrawn at any time.

Insofar as personal data is collected on our website using the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook or Instagram. The processing that occurs after the forwarding by Facebook or Instagram is not part of the joint responsibility. The obligations that we share have been documented in an agreement on joint processing. The text of the agreement can be found at:https://www.facebook.com/legal/controller_addendumAccording to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tools and for the data protection-compliant implementation of the tools on our website. Facebook is responsible for the data security of the Facebook or Instagram products. Rights of the data subjects (e.g. requests for information) regarding the data processed by Facebook or Instagram can be asserted directly with Facebook. If you assert the rights of the data subjects with us, we are obliged to forward these to Facebook.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/ und https://de-de.facebook.com/help/566994660333381.

For more information, please see Instagram's privacy policy:https://privacycenter.instagram.com/policy/.

The company has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. For more information, you can contact the provider at the following link:https://www.dataprivacyframework.gov/participant/4452.

LinkedIn

This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Each time a page of this website that contains elements from LinkedIn is accessed, a connection is established to LinkedIn's servers. LinkedIn is informed that you have visited this website with your IP address. If you click the "Recommend" button from LinkedIn and are logged into your LinkedIn account, LinkedIn can associate your visit to this website with you and your user account. We would like to point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn.

The use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDG. Consent can be withdrawn at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:https://www.linkedin.com/help/linkedin/answer/a1343190/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de

For more information, please see LinkedIn's privacy policy at:https://www.linkedin.com/legal/privacy-policy.

The company has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. For more information, you can contact the provider at the following link:https://www.dataprivacyframework.gov/participant/5448.

Pinterest

On this website, we use elements of the social network Pinterest, which is operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

If you visit a page that contains such an element, your browser establishes a direct connection to Pinterest's servers. This social media element transmits log data to Pinterest's server in the USA. This log data may include your IP address, the addresses of the websites you have visited that also contain Pinterest features, the type and settings of your browser, the date and time of the request, your usage of Pinterest, as well as cookies.

The use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDG. Consent can be withdrawn at any time.

For more information on the purpose, scope, and further processing and use of data by Pinterest, as well as your related rights and options for protecting your privacy, please refer to Pinterest's privacy policy:https://policy.pinterest.com/de/privacy-policy.

6. Analysis Tools and Advertising

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that allows us to integrate tracking or analytics tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies, and does not perform independent analyses. It is solely used for the management and delivery of the tools integrated through it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google's parent company in the United States.

The use of the Google Tag Manager is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on their website. If appropriate consent has been obtained, processing is carried out solely on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TDDG. Consent can be revoked at any time.

The company has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. For more information, you can contact the provider at the following link:https://www.dataprivacyframework.gov/participant/5780.

Google Analytics

This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. In this process, the website operator receives various usage data, such as page views, duration of stay, operating systems used, and the origin of the user. This data is compiled into a User ID and assigned to the respective device of the website visitor.

Furthermore, we can record your mouse and scroll movements and clicks using Google Analytics, among other things. Additionally, Google Analytics employs various modelling approaches to supplement the collected datasets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that enable the recognition of users for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transferred to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDG. Consent can be withdrawn at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:https://privacy.google.com/businesses/controllerterms/mccs/.

The company has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. For more information, you can contact the provider at the following link:https://www.dataprivacyframework.gov/participant/5780.

IP Anonymisation

The Google Analytics IP anonymisation is activated. This means that your IP address is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities, and to provide further services related to website usage and internet usage to the website operator. The IP address transmitted by your browser in the context of Google Analytics will not be merged with other data from Google.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link:https://tools.google.com/dlpage/gaoptout?hl=de.

More information on the handling of user data in Google Analytics can be found in Google's privacy policy:https://support.google.com/analytics/answer/6004245?hl=de.

Google Signals

We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history, and YouTube history, as well as demographic data (visitor data). This data can be used with the help of Google Signals for personalised advertising. If you have a Google account, the visitor data from Google Signals is linked to your Google account and used for personalised advertising messages. The data is also used to create anonymised statistics on the user behaviour of our users.

Order processing

We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Google Analytics E-Commerce-Messung

This website uses the "E-commerce Measurement" feature of Google Analytics. With the help of E-commerce Measurement, the website operator can analyse the purchasing behaviour of website visitors to improve their online marketing campaigns. This involves collecting information such as completed orders, average order values, shipping costs, and the time from viewing to purchasing a product. This data can be aggregated by Google under a transaction ID that is associated with the respective user or their device.

ClickFunnels

We use the marketing tool ClickFunnels. The provider is Etison, LLC., 3443 W. Bavaria Street, Eagle, Idaho 83616, USA (hereinafter referred to as ClickFunnels).

ClickFunnels is a tool for optimising and automating our marketing activities. With ClickFunnels, we can create landing pages, funnels, and forms, plan, execute, and evaluate marketing campaigns, as well as manage our customer data and set up automation processes.

Furthermore, we can analyse the user behaviour of our website visitors as they navigate through the funnels. Based on this information, further marketing actions can be triggered. For example, we can identify which customer has made a download with us and, for this reason, is eligible for certain additional marketing measures.

ClickFunnels uses technologies that enable cross-site user recognition for the analysis of user behaviour (e.g. cookies or device fingerprinting). Website visitors are assigned a unique ID, which allows them to be recognised during a subsequent visit to the website. Furthermore, ClickFunnels collects the IP address, the user's language, visited URLs, and the time of access.

Insofar as consent has been obtained, the use of the aforementioned service is based solely on Article 6(1)(a) of the GDPR and Section 25 of the TDDG. Consent can be revoked at any time. If no consent has been obtained, the use of this service is based on Article 6(1)(f) of the GDPR; the website operator has a legitimate interest in optimising their marketing campaigns.

The company has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. For more information, you can contact the provider at the following link:https://www.dataprivacyframework.gov/participant/1747.

Order processing

We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising programme of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites when users enter specific search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available on Google (e.g., location data and interests) (audience targeting). As website operators, we can quantitatively evaluate this data by analysing, for example, which search terms led to the display of our advertisements and how many ads resulted in corresponding clicks.

The use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDG. Consent can be withdrawn at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:https://policies.google.com/privacy/frameworks und https://business.safety.google/controllerterms/.

The company has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. For more information, you can contact the provider at the following link:https://www.dataprivacyframework.gov/participant/5780.

7. Newsletter

Newsletter data

If you would like to receive the newsletter offered on the website, we require an email address from you, as well as information that allows us to verify that you are the owner of the provided email address and that you agree to receive the newsletter. No further data will be collected, or only on a voluntary basis. We use this data solely for the dispatch of the requested information and do not pass it on to third parties.

The processing of the data entered into the newsletter registration form is carried out solely on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke the consent given for the storage of the data, the email address, and their use for sending the newsletter at any time, for example, via the "Unsubscribe" link in the newsletter. The lawfulness of the data processing operations that have already taken place remains unaffected by the revocation.

The data you provided for the purpose of subscribing to our newsletter will be stored by us until you unsubscribe from the newsletter with us or the newsletter service provider, and will be deleted from the newsletter distribution list after unsubscribing from the newsletter or after the purpose has ceased. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion in accordance with our legitimate interests under Article 6(1)(f) of the GDPR.

Data that has been stored with us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter distribution list, your email address may be stored in a blacklist with us or the newsletter service provider, if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be combined with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest in accordance with Article 6(1)(f) of the GDPR). The storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest.

Newsletter dispatch to existing customers

If you order goods or services from us and provide your email address, this email address may subsequently be used by us for the sending of newsletters, provided we inform you in advance. In such a case, the newsletter will only send direct advertising for our own similar goods or services. You can unsubscribe from this newsletter at any time. For this purpose, there is a corresponding link in every newsletter. The legal basis for sending the newsletter in this case is Article 6(1)(f) of the GDPR in conjunction with Section 7(3) of the UWG.

After your removal from the newsletter distribution list, your email address may be stored on a blacklist with us to prevent future mailings to you. The data from the blacklist will only be used for this purpose and will not be combined with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest in accordance with Article 6(1)(f) of the GDPR). The storage on the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest.

8. Plugins and Tools

Google Maps

This page uses the mapping service Google Maps. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. With the help of this service, we can integrate map material on our website.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence over this data transmission. When Google Maps is activated, Google may use Google Fonts for the purpose of uniform font representation. When you access Google Maps, your browser loads the necessary web fonts into its browser cache to display texts and fonts correctly.

The use of Google Maps is in the interest of providing an appealing presentation of our online offerings and ensuring easy findability of the locations specified by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TDDG. Consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

For more information on how to handle user data, please see Google's privacy policy: https://policies.google.com/privacy?hl=de.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

OpenStreetMap

We use the mapping service from OpenStreetMap (OSM).

We integrate the map data from OpenStreetMap on the server of the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The United Kingdom is considered a third country that is safe in terms of data protection law. This means that the United Kingdom has a level of data protection that corresponds to the level of data protection in the European Union. When using the OpenStreetMap maps, a connection is established to the servers of the OpenStreetMap Foundation. In this process, your IP address and other information about your behaviour on this website may be forwarded to the OSMF. OpenStreetMap may store cookies in your browser or use comparable recognition technologies for this purpose.

The use of OpenStreetMap is in the interest of providing an appealing presentation of our online offerings and ensuring easy findability of the locations we specify on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If corresponding consent has been requested, processing will occur solely on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TDDG. Consent can be revoked at any time.

Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter referred to as "reCAPTCHA") on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is used to verify whether the data entry on this website (e.g. in a contact form) is performed by a human or an automated program. To do this, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various pieces of information (e.g. IP address, duration of the website visitor's stay on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place.

The storage and analysis of data is carried out on the basis of Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and from SPAM. If appropriate consent has been requested, processing is carried out solely on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TDDG. Consent can be revoked at any time.

For more information on Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Cloudflare Turnstile

We use Cloudflare Turnstile (hereinafter referred to as "Turnstile") on this website. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter referred to as "Cloudflare").

Turnstile is used to verify whether data entry on this website (e.g. in a contact form) is performed by a human or by an automated program. To do this, Turnstile analyses the behaviour of the website visitor based on various characteristics.

This analysis begins automatically as soon as the website visitor enters a website with Turnstile enabled. For the analysis, Turnstile evaluates various pieces of information (e.g. IP address, duration of the website visitor's stay on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Cloudflare.

The storage and analysis of data is carried out on the basis of Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and from SPAM. If appropriate consent has been requested, processing is carried out solely on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TDDG. Consent can be revoked at any time.

The data processing is based on standard contractual clauses, which you can find here: https://www.cloudflare.com/cloudflare-customer-scc/.

For more information on Cloudflare Turnstile, please refer to the privacy policy at https://www.cloudflare.com/cloudflare-customer-dpa/.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/participant/5666.

9. eCommerce and Payment Providers

Processing of customer and contract data

We collect, process, and use personal customer and contract data for the establishment, content design, and modification of our contractual relationships. We only collect, process, and use personal data regarding the use of this website (usage data) to the extent necessary to enable the user to utilise the service or to bill for it. The legal basis for this is Article 6(1)(b) of the GDPR.

The collected customer data will be deleted after the completion of the order or the termination of the business relationship and the expiry of any applicable statutory retention periods. Statutory retention periods remain unaffected.

Data transmission upon contract conclusion for online shops, retailers, and goods shipping

If you order goods from us, we will pass your personal data to the transport company responsible for delivery as well as to the payment service provider tasked with processing payments. Only data that the respective service provider needs to fulfil their task will be released. The legal basis for this is Article 6(1)(b) of the GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. If you have given your consent in accordance with Article 6(1)(a) of the GDPR, we will pass your email address to the transport company responsible for delivery so that they can inform you by email about the shipping status of your order; you can withdraw your consent at any time.

Data transmission upon conclusion of contracts for services and digital content

We only transmit personal data to third parties when this is necessary for the execution of the contract, for example, to the bank responsible for processing the payment.

A further transmission of the data will not take place, or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your explicit consent, for example for advertising purposes.

The basis for data processing is Article 6(1)(b) of the GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

Order processing via dropshipping

If you order goods from us, it is possible that your order will be shipped directly to you by our merchants (dropshipping). To do this, we will provide your name, delivery address, and – as far as necessary for the delivery – your telephone number to the shipping company. This information is shared solely for the purpose of delivering the goods.

The legal basis for data processing is Article 6(1)(b) of the GDPR (contract fulfilment) and our legitimate interest in a swift and effective purchase processing in accordance with Article 6(1)(f) of the GDPR.

We are using the following retailer as part of the dropshipping process:

mkm International GmbH

GF Kevin Lind

Boschstr. 16

47533 Kleve

Payment services

We integrate payment services from third-party providers on our website. When you make a purchase with us, your payment data (e.g. name, payment amount, account details, credit card number) will be processed by the payment service provider for the purpose of payment processing. The respective contractual and data protection provisions of the respective providers apply to these transactions. The use of payment service providers is based on Art. 6 para. 1 lit. b GDPR (contractual processing) as well as in the interest of a smooth, comfortable, and secure payment process (Art. 6 para. 1 lit. f GDPR). Insofar as your consent is requested for certain actions, Art. 6 para. 1 lit. a GDPR serves as the legal basis for data processing; consents can be revoked at any time for the future.

The following payment services / payment service providers are used on this website:

PayPal

The provider of this payment service is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal").

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

You can find details in PayPal's privacy policy:https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Stripe

The provider for customers within the EU is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter referred to as "Stripe").

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:https://stripe.com/de/privacy und https://stripe.com/de/guides/general-data-protection-regulation.

You can read the details in Stripe's privacy policy at the following link:https://stripe.com/de/privacy.

10. Audio and Video Conferences

Data processing

For communication with our customers, we use online conference tools among others. The specific tools we use are listed below. If you communicate with us via video or audio conference over the internet, your personal data will be collected and processed by us and the provider of the respective conference tool.

The conference tools collect all data that you provide/use for the utilisation of the tools (email address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, the start and end (time) of participation in the conference, the number of participants, and other "context information" related to the communication process (metadata).

Furthermore, the provider of the tool processes all technical data necessary for the execution of online communication. This particularly includes IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, as well as the type of connection.

If content is exchanged, uploaded or otherwise provided within the tool, it will also be stored on the servers of the tool providers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared during the use of the service.

Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the corporate policies of the respective providers. Further information on data processing by the conference tools can be found in the privacy statements of the tools used, which we have listed below this text.

Purpose and Legal Basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer specific services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR). If consent has been requested, the use of the relevant tools is based on this consent; the consent can be revoked at any time with effect for the future.

Storage duration

The data collected directly by us through the video and conference tools will be deleted from our systems as soon as you request deletion, revoke your consent for storage, or the purpose for data storage ceases to exist. Stored cookies will remain on your device until you delete them. Mandatory legal retention periods remain unaffected.

We have no influence over the duration for which your data is stored by the operators of the conference tools for their own purposes. For details on this, please consult the operators of the conference tools directly.

Used conference tools

We use the following conference tools:

Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details regarding data processing can be found in the privacy policy of Microsoft Teams: https://privacy.microsoft.com/de-de/privacystatement.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/participant/6474.

Order processing

We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

11. Own Services

OneDrive

We have integrated OneDrive on this website. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (hereinafter referred to as "OneDrive").

OneDrive allows us to embed an upload area on our website where you can upload content. When you upload content, it is stored on OneDrive's servers. Additionally, when you enter our website, a connection to OneDrive is established so that OneDrive can determine that you have visited our website.

The use of OneDrive is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in having a reliable upload area on their website. If consent has been requested, the processing is carried out solely on the basis of Article 6(1)(a) of the GDPR; consent can be revoked at any time.

The company has a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. For more information, you can contact the provider at the following link:https://www.dataprivacyframework.gov/participant/6474.

Order processing

We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.