1. PRIVACY AT A GLANCE

General Information

Good day and welcome to our beautiful website. Our privacy policy gives you a simple overview of the type, scope, and purpose of collecting and processing personal data when visiting and using our online presence, the associated websites, features, and content as well as external online presentations. Our privacy policy is based on terms used by the European General Data Protection Regulation (GDPR) as well as the new Federal Data Protection Act (BDSG). You can view the corresponding definitions of terms (Art. 4 GDPR) for example at https://dejure.org/gesetze/DSGVO/4.html.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is done by the website operator. You can find the operator's contact details in the "Information about the responsible party" section of this privacy policy.

How do we collect your data?

Your data is collected in several ways. For one, by providing us with it. This could be, for example, data that you enter into a contact form. Other data is automatically collected by our IT systems or with your consent when visiting the website. This primarily includes technical data (e.g., internet browser, operating system, or time of page access). This data is automatically collected as soon as you enter this website.

Your data is collected in part because you provide it to us. This may

include data that you enter in a contact form.

Other data is collected automatically or with your consent when you visit the website

by our IT systems. This is primarily technical data (e.g.

web browser, operating system, or time of page view). This data is collected

automatically as soon as you enter this website.

What do we use your data for?

Part of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right to obtain information about the origin, recipient, and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given consent for data processing, you can revoke this consent at any time for the future. Additionally, under certain circumstances, you have the right to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority. For this and other questions regarding data protection, you can contact us at any time.

Analysis tools and third-party tools

When visiting this website, your surfing behavior can be statistically evaluated. This is primarily done with so-called analysis programs. Detailed information on these analysis programs can be found in the following privacy policy.

2. GENERAL INFORMATION AND MANDATORY INFORMATION

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done. We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may have security vulnerabilities. Complete protection of data from access by third parties is not possible.

Note on the responsible body

The responsible body for data processing on this website is:

Actimi GmbH

Represented by Dr. Maximilian Weiß

Albert-Schäffle-Str. 119

70186 Stuttgart

Email: info@actimi.com

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

Storage duration

Unless a more specific storage period is mentioned within this privacy policy, your personal data will remain with us until the purpose for data processing ceases. If you make a legitimate deletion request or revoke consent for data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial retention periods); in the latter case, deletion will occur once these reasons cease to apply.

General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR, if special categories of data are processed according to Art. 9 (1) GDPR. In the event of explicit consent to the transfer of personal data to third countries, data processing also takes place on the basis of Art. 49 (1) lit. a GDPR. If you have consented to the storage of cookies or access to information on your terminal device (e.g. via device fingerprinting), data processing is also carried out on the basis of § 25 (1) TDDDG. The consent can be revoked at any time. If your data is necessary for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 (1) lit. b GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation based on Art. 6 (1) lit. c GDPR. Data processing may also be based on our legitimate interest according to Art. 6 (1) lit. f GDPR. Information about the relevant legal bases is provided in the following paragraphs of this privacy policy.

Data protection officer

We have appointed a data protection officer.

LIEBENSTEIN CONFIDENTIAL GmbH

Prof. Dr. Hans-Hermann Dirksen

Eschersheimer Landstrasse 351

60320 Frankfurt am Main

Telefon: +49 (0) 69 - 2729 5921

E-Mail: mail@liebenstein-confidential.de

Notice on the transfer of data to data protection-insecure third countries as well as

the transfer to US companies that are not DPF certified

We use, among other things, tools from companies based in third countries that are not secure in terms of data protection, as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). If these tools are active, your personal data may be transferred to and processed in these countries. We would like to point out that no level of data protection comparable to that of the EU can be guaranteed in third countries that are not secure in terms of data protection. We would like to point out that, as a rule, the USA as a secure third country generally has a level of data protection comparable to that of the EU. A transfer of data to the USA is therefore permissible if the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or has appropriate additional guarantees. Information on transfers to third countries, including the recipients of the data, can be found in this privacy policy.

Recipient of personal data/Order processing

As part of our business activities, we work with various external entities. In some cases, it is necessary to transfer personal data to these external entities. We only pass on personal data to external entities if it is necessary for the fulfillment of a contract, if we are legally obligated to do so (e.g. disclosure of data to tax authorities), if we have a legitimate interest under Art. 6 para. 1 lit. f GDPR in the disclosure, or if another legal basis allows the transfer of data.


When using data processors, we only pass on personal data of our customers based on a valid data processing agreement. If we commission third parties to process data based on a data processing agreement, this is done on the basis of Art. 28 GDPR. These are carefully selected and commissioned by us, are bound by our instructions, and are regularly checked.


In the case of joint processing, a contract for joint processing in accordance with Art. 26 GDPR is concluded.

3. YOUR RIGHTS

You have the following rights regarding your personal data:

  • according to Art. 15 GDPR the right to obtain confirmation as to whether or not personal data concerning you is being processed, and access to information about this data as well as a copy of the data.

  • according to Art. 16 GDPR the right to obtain the completion of data concerning you or the rectification of inaccurate data concerning you.

  • according to Art. 17 GDPR the right to request the erasure of data concerning you without undue delay, or alternatively, the right to restrict the processing of the data according to Art. 18 GDPR.

  • according to Art. 20 GDPR the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and to transmit those data to another controller.

  • according to Art. 77 GDPR the right to lodge a complaint with a supervisory authority.

4. INFORMATION, CORRECTION AND DELETION

You have the right to obtain free information at any time in accordance with applicable legal provisions pursuant to Art. 15 GDPR about your stored personal data, their origin and recipients, and the purpose of data processing, as well as, if applicable, a right to rectification or erasure of this data. In accordance with legal requirements in Germany, data is stored for a period of 6 years in particular pursuant to § 257 (1) HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records, etc.) and for a period of 10 years pursuant to § 147 (1) AO (books, records, management reports, accounting records, commercial and business letters, documents relevant for taxation, etc.). You can contact us at any time regarding this as well as other questions about personal data.

5. RIGHT TO RESTRICTION OF PROCESSING

You have the right to request the restriction of processing of your personal data. To do this, you can contact us at any time. The right to restrict processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored with us, we usually need time to review this. During the review period, you have the right to request the restriction of processing of your personal data.

  • If the processing of your personal data has/had happened unlawfully, you can request the restriction of data processing instead of deletion.

  • If we no longer need your personal data, but you need it for the exercise, defense, or assertion of legal claims, you have the right to request the restriction of processing of your personal data instead of deletion.

  • If you have objected pursuant to Art. 21 para. 1 GDPR, a balancing of your interests and ours must be undertaken. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of processing of your personal data.

If you have restricted the processing of your personal data, these data may only be processed – apart from their storage – with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

6. WITHDRAWAL OF YOUR CONSENT TO DATA PROCESSING

Many data processing operations are only possible with your explicit consent. You can revoke any consent given at any time. The legality of data processing until revocation remains unaffected by the revocation.

7. RIGHT TO OBJECT TO DATA COLLECTION IN SPECIAL CASES AND TO DIRECT ADVERTISING (ART. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR). IF YOUR PERSONAL DATA IS BEING PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR). You can inform us of your objection using the following contact details:

Actimi GmbH

Represented by Dr. Maximilian Weiß

Albert-Schäffle-Str. 119

70186 Stuttgart

Email: info@actimi.com

8. RIGHT TO DATA PORTABILITY

You have the right to have data, which we process automatically on the basis of your consent or in fulfillment of a contract, handed over to yourself or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

9. RIGHT TO LODGE A COMPLAINT WITH THE COMPETENT SUPERVISORY AUTHORITY

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.


You can contact the responsible state data protection officer at:


The state data protection officer for data protection and freedom of information in Baden-Württemberg

PO Box 10 29 32, 70025 Stuttgart

Tel .: 07 11 / 61 55 41-0

Fax: 07 11 / 61 55 41-15

Email: poststelle@lfdi.bwl.de

10. OBJECTION TO ADVERTISING EMAILS

The use of contact data published in the context of the imprint obligation for sending unsolicited advertising and informational materials is hereby rejected. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of promotional information, such as spam emails.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:


  • Browser type and browser version

  • operating system used

  • Referrer URL

  • hostname of the accessing computer

  • time of the server request

  • IP address


These data will not be merged with other data sources.


The collection of this data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website – for this purpose, the server log files must be recorded.

SSL or TLS encryption

This page uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.


When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website

Is there an obligation to provide us with your payment details (e.g. account number for direct debit) after concluding a paid contract, these data will be necessary for payment processing.


The payment transactions using the common payment methods (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.


In the case of encrypted communication, your payment data that you transmit to us cannot be read by third parties.

Contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not share this data without your consent.


The processing of this data is based on Art. 6 para. 1 lit. b GDPR, if your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time.


The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after completion of processing your request). Mandatory legal provisions – in particular retention periods – remain unaffected.

Inquiry by email, phone or fax

If you contact us by email, phone, or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your concern. We do not disclose this data without your consent.


The processing of this data is based on Art. 6 para. 1 lit. b DSGVO, provided your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO) if this has been requested; the consent can be revoked at any time.


The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent for storage, or the purpose for data storage ceases to apply (e.g., after completed processing of your concern). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

Google Calendar

On our website, you have the opportunity to make appointments with us. For planning, we use Google Calendar. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google").


For the purpose of making an appointment, enter the requested data and the desired date into the designated form. The entered data will be used for the planning, execution, and, if necessary, the follow-up of the appointment. The appointment data is stored for us on Google Calendar's servers, the privacy policy of which you can view here: https://policies.google.com/privacy.


The data you enter will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Mandatory legal provisions – in particular retention periods – remain unaffected.


The legal basis for data processing is Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in a as uncomplicated as possible appointment arrangement with interested parties and customers. If the corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g. for device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.


Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://workspace.google.com/terms/dpa_terms.html and here https://cloud.google.com/terms/sccs.


The company has been certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-

search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

11. HOSTING AND CONTENT DELIVERY NETWORKS (CDN)

In order to provide our online services securely and efficiently, we use the services of one or more web hosting providers, from whose servers (or servers managed by them) the online services can be accessed. For these purposes, we may utilize infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services. We host the contents of our website with the following provider:

webgo

We use the web hosting service of webgo for our website. The service provider is the German company webgo GmbH, Heidenkampsweg 81, 20097 Hamburg. Webgo is a full-service provider from Hamburg, which also operates its own servers in a data center in Germany. The use of webgo is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the most reliable presentation of our website. If the corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

For more information, please refer to webgo's privacy policy:

https://www.webgo.de/datenschutz/

order processing

We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

12. SOCIAL MEDIA

Social media elements with Shariff

On this website, elements of social media are used (e.g. Facebook, Twitter, Instagram, Pinterest, XING, LinkedIn, Tumblr).


You can generally recognize the social media elements by their respective social media logos. To ensure data protection on this website, we only use these elements in conjunction with the so-called 'Shariff' solution. This application prevents the social media elements integrated on this website from transmitting your personal data to the respective provider as soon as you enter the page.


Only when you activate the respective social media element by clicking on the associated button, a direct connection to the server of the provider is established (consent). Once you activate the social media element, the respective provider receives information that you have visited this website with your IP address. If you are simultaneously logged into your respective social media account (e.g. Facebook), the respective provider can associate the visit to this website with your user account.


Activating the plugin constitutes consent within the meaning of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. You can withdraw this consent at any time with effect for the future.


The use of the service is to obtain the legally required consents for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

LinkedIn

This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.


Each time a page of this website containing elements from LinkedIn is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited this website with your IP address. If you click on the LinkedIn "Recommend" button and are logged into your LinkedIn account, LinkedIn is able to associate your visit to this website with you and your user account. We would like to point out that as the provider of these pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn.


If consent has been obtained, the use of the above service is based on Art. 6 para. 1 lit. a DSGVO and § 25 TDDDG. The consent can be revoked at any time. If no consent has been obtained, the service is used based on our legitimate interest in the most comprehensive visibility in social media.


Data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here:

https://www.linkedin.com/help/linkedin/answer/62538/data-transfers-from-the-eu-the-eea-and-switzerland?lang=en

https://www.linkedin.com/help/linkedin/answer/62538/data-transfers-from-the-eu-the-eea-and-switzerland?lang=en


For more information, please refer to LinkedIn's Privacy Policy:

https://www.linkedin.com/legal/privacy-policy.

13. ANALYSIS TOOLS AND ADVERTISING

Google Analytics

This website uses features of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.


Google Analytics allows the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, dwell time, operating systems used, and the user's origin. This data is summarized in a user ID and assigned to the respective end device of the website visitor.


Furthermore, we can record your mouse and scroll movements and clicks with Google Analytics, among other things. Google Analytics also uses various modeling approaches to supplement the collected data sets and employs machine learning technologies in data analysis.


Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information about the use of this website collected by Google is usually transferred to a server of Google in the USA and stored there.


The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. The consent can be revoked at any time.


The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.


The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA which is supposed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-

search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Browser Plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link:

https://tools.google.com/dlpage/gaoptout?hl=en.


For more information on how Google Analytics handles user data, please refer to Google's privacy policy:

https://support.google.com/analytics/answer/6004245?hl=en.

14. PLUGINS AND TOOLS

YouTube with enhanced privacy

This website embeds videos from the YouTube website. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.


We use YouTube in the extended data protection mode. According to YouTube, this mode means that YouTube does not store information about visitors to this website before they watch the video. However, the extended data protection mode does not necessarily exclude the transfer of data to YouTube partners. So, irrespective of whether you watch a video, YouTube establishes a connection to the Google DoubleClick network.


Once you start a YouTube video on this website, a connection to the YouTube servers is established. The YouTube server is informed about which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to directly associate your surfing behavior with your personal profile. You can prevent this by logging out of your YouTube account.


Furthermore, after starting a video, YouTube may store various cookies on your device or use similar recognition technologies (e.g. device fingerprinting). This allows YouTube to obtain information about visitors to this website. Among other things, this information is used to capture video statistics, improve user-friendliness, and prevent fraud attempts.


Following the start of a YouTube video, additional data processing operations may be triggered over which we have no influence.


The use of YouTube is in the interest of an attractive presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If the corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, to the extent that the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.


Further information on data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=en.


The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Google Fonts (local hosting)

This page uses Google Fonts for consistent font display, provided by Google. The Google Fonts are installed locally. There is no connection to Google servers.


For more information about Google Fonts, visit

https://developers.google.com/fonts/faq and Google's privacy policy:

https://policies.google.com/privacy?hl=en.

Google Tag Manager

For our website we use the Google Tag Manager from the company Google Inc.. For the European region, the company responsible is Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland). This Tag Manager is one of many helpful marketing products from Google, with which we can centrally incorporate and manage code snippets from various tracking tools that we use on our website. We have a legitimate interest in analyzing the behavior of website visitors in order to improve our offer technically and economically. The legal basis for this is Art. 6 para. 1 lit. f GDPR. Google also processes data from you, among other things, in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data to the USA. More information can be found at: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Google also uses so-called standard contractual clauses (Art. 46 para. 2 and 3 GDPR), which are model templates provided by the EU to ensure European data protection standards for data transfer to third countries (such as the USA). Through the EU-US Data Privacy Framework and the standard contractual clauses, Google undertakes to comply with European data protection standards in data processing.

These clauses are based on the decision of the European Commission:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de


Find more information here:

https://policies.google.com/privacy?hl=de?tid=331722842100

Framer

Our website uses services from Framer B.V. or Framer Inc., Wibautstraat 131D, 1091 GL Amsterdam, Netherlands, to enhance the user experience and provide interactive and engaging content. Framer is a design tool that enables us to integrate prototypes and animations directly on our website.


The processing of this data is for the purpose of optimizing our website to provide our users with a better and more interactive experience. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.


As Framer Inc. is also based in the USA, there may be a transfer of data to a third country outside the EU. Framer uses so-called standard contractual clauses (Art. 46 para. 2 and 3 GDPR), which are model templates provided by the EU to ensure European data protection standards when transferring data to third countries (such as the USA). Through the EU-US Data Privacy Framework and the standard contractual clauses, Google undertakes to comply with European data protection standards during data processing. These clauses are based on the EU Commission's implementing decision: https://eur-

lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de


More information can be found here: https://www.framer.com/legal/privacy-

statement/?via=anh97&gad_source=1&gclid=Cj0KCQjw8MG1BhCoARIsAHxSiQmKZFja0lIP

yDUIB-gnm-HP9M26yD47dNNWLpBPsV-2x1xLOe0lh9YaAie6EALw_wcB

Order processing

We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a legally required contract that ensures that it processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

15. ECOMMERCE AND PAYMENT PROVIDERS

Processing of customer and contract data

We collect, process and use personal customer and contract data to establish, design and modify our contractual relationships. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill for it. The legal basis for this is Art. 6 para. 1 lit. b GDPR. The collected customer data will be deleted after the order has been completed or the business relationship has ended and any statutory retention periods have expired. Statutory retention periods remain unaffected.

Data transmission when concluding a contract for online shops, merchants and goods shipping

If you order goods from us, we will pass on your personal data to the transport company responsible for delivery and to the payment service provider entrusted with payment processing. Only data that the respective service provider needs to fulfill its task will be disclosed. The legal basis for this is Art. 6 para. 1 lit. b GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures. If you have given corresponding consent in accordance with Art. 6 para. 1 lit. a GDPR, we will pass on your email address to the transport company responsible for delivery so that it can inform you by email about the shipping status of your order; you can revoke the consent at any time.

Data transmission during conclusion of contract for services and digital content

We only pass on personal information to third parties if this is essential for the execution of a contract, for example to the financial institution responsible for payment processing. There is no additional disclosure of the data unless you have expressly consented to the disclosure. Your data will not be disclosed to third parties without your express consent, for example for advertising purposes. The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, which allows the processing of data for the performance of a contract or for pre-contractual measures. Medical services: We process the information of our patients and interested parties as well as other clients or contractual partners (hereinafter referred to as "patients") in order to be able to offer our services. The processed data and their scope, purpose and necessity are based on the respective contractual and patient relationship. In the course of our work, we may also process special categories of data, in particular health information of the patients, possibly concerning their sexual life or sexual orientation, data relating to race and ethnic origin, political opinions, religious or philosophical beliefs or trade union membership. If necessary, we obtain explicit consent from the patients and otherwise process the special categories of data for the purpose of health care or to protect the vital interests of the patients. If it is necessary for the performance of the contract, the protection of vital interests or is legally required, or if consent of the patients exists, we disclose or transmit the patient data to third parties or agents such as authorities, medical facilities, laboratories, billing services, as well as service providers in the IT sector, in office organization or similar services, in compliance with professional regulations.

Using our webshop

If you want to place an order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we need for the processing of your order. Mandatory information required for the processing of contracts is marked separately, further information is voluntary. We process the data you provide to process your order. For this purpose, we may pass on your payment data to our house bank. The legal basis for this is Art. 6 (1) sentence 1 lit. b) GDPR.

[OPTIONAL: You can voluntarily create a customer account through which we can store your data for future purchases. If an account is created under “My Account”, the data provided by you will be stored revocably. All further data, including your We may also process the data you provide to inform you about other interesting products from our portfolio or to send you emails with technical information. Due to commercial and tax law requirements, we are obliged to store your address, payment, and order data for a period of ten years. However, after two years, we restrict the processing, i.e. your data will only be used to comply with legal obligations. To prevent unauthorized access by third parties to your personal data, especially financial data, the ordering process is encrypted using TLS technology.

Timeliness and amendment of this privacy policy

This privacy policy is currently valid and has the status of August 2024. Due to the further development of our website and offers thereon or due to changed legal or regulatory requirements, it may be necessary to change this privacy policy. The current privacy policy can be accessed and printed at any time on the website at [https://www.xyzname.de/datenschutz].