Privacy Policy

Privacy policy of Math2Market GmbH

With the following declaration of privacy policy, we would like to inform you which types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. The declaration of privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and, in particular, on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as the "Online Offer").

Due to the ECJ (European Court of Justice) ruling of July 2020 on the Privacy Shield and EU-US data flows, we see it as necessary to explicitly inform you about the processing of your data outside the EU. Currently, an audit of all services we use is being conducted. The lack of transparency of different service providers, prompts us to inform you,

  • that these services may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection.
  • If the data is transferred to the United States, there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, without you possibly having any legal recourse.

Each of these services is referred to separately in this privacy policy.

The terms used are not gender specific.

Only the German version of this Privacy Policy is legally binding. The English version is solely provided for information purposes.

As of December 10, 2020

Math2Market GmbH
Huberstraße 7
67657 Kaiserslautern, Germany

Authorized representative: Andreas Wiegmann, PhD

E-Mail: info@math2market.de

Bernd Niestroj
Alfred Nobel Platz 1
76829 Landau, Germany
Telefon: +49 (173) 93 09 457

E-Mail: b.niestroj@enigma-it.eu

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of processed data

  • Inventory data (e.g., names, addresses).
  • Job applicant data (e.g., personal details, postal and contact addresses, the documents belonging to the job application and the information contained therein, such as cover letter, curriculum vitae, certificates, as well as other information provided with regard to a specific position or voluntarily by job applicants concerning their person or qualifications).
  • Content data (e.g., text input in online forms).
  • Contact details (e.g., e-mail, telephone numbers).
  • Meta / communication data (e.g., device information, IP addresses).
  • Usage data (e.g., websites visited, interest in content, access times).
  • Location data (information about the geographical position of a device or person).
  • Contract data (e.g., subject of the contract, duration, customer category).

Categories of data subjects

  • Employees (e.g., employees, job applicants, former employees).
  • Job applicants.
  • Persons interested in us and our projects.
  • Communication partners.
  • Customers.
  • Users (e.g., website visitors, users of online services).

Purposes of processing

  • Provision of our online offer and user-friendliness.
  • Conversion measurement (measurement of the effectiveness of marketing measures).
  • Job application procedure (establishment and possible subsequent implementation as well as possible subsequent termination of the employment relationship).
  • Office and organizational procedures.
  • Content Delivery Network (CDN).
  • Feedback (e.g., collecting feedback via online form).
  • Interest-based and behavioral marketing.
  • Contact requests and communication.
  • Profiling (creation of user profiles).
  • Remarketing.
  • Reach measurement (e.g., access statistics, recognition of returning visitors).
  • Security measures.
  • Tracking (e.g., interest/behavioral profiling, use of cookies).
  • Contractual performance and service.
  • Management and answering of inquiries.

Relevant legal bases

Only the German version is legally binding. The English version is solely provided for information purposes.

In the following, we inform you about the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process personal data. Please note that, in addition to the regulations of the GDPR, the national data protection requirements in your or our country of residence and domicile may apply. If, in addition, more specific legal bases are relevant in individual cases, we will inform you of these in the data protection declaration.

  • Consent (Art. 6 Para. 1 S. 1 lit. a GDPR) - The people concerned have given their consent to the processing of their personal data for a specific purpose or several specific purposes.
  • Fulfillment of contracts and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR) - The processing is necessary to fulfill a legal obligation to which the person responsible is subject, or necessary for the performance of pre-contractual measures, which are carried out at the request of the data subject.
  • Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR) - Processing is necessary to safeguard the legitimate interests of the person responsible or a third-party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, predominate
  • Job application procedure as a pre-contractual or contractual relationship (Art. 9 (2) (b) GDPR) - Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR (e.g., health data, such as severely disabled status or ethnic origin) are requested from applicants as part of the application procedure, so that the controller or the data subject can exercise his or her rights under labor law and social security and social protection law and fulfill his or her obligations in this regard, they are processed in accordance with Art. 9 (2) (b) GDPR. exercise his or her rights under employment law and social security and social protection law and to comply with his or her obligations in this regard, their processing is carried out in accordance with Art. 9 (2) lit. b. GDPR, in case of protection of vital interests of the applicants or other persons pursuant to Art. 9 Para. 2 lit. c. GDPR, or for the purposes of preventive health care or occupational medicine, for the assessment of the employee's ability to work, for medical diagnostics, care or treatment in the health or social sector, or for the management of systems and services in the health or social sector pursuant to Art. 9 Para. 2 lit. h. GDPR. In the case of a communication of special categories of data based on voluntary consent, their processing is based on Art. 9 Para. 2 lit. a. GDPR.

National data protection regulations in Germany

In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. This includes in particular the law on the protection against misuse of personal data during data processing (Federal Data Protection Act - BDSG). The BDSG contains in particular special regulations on the right to information, the right to erasure, the right of objection, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases including profiling. It also regulates data processing for the purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states can be applied.

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural people to ensure a level of protection appropriate to the risk.

The measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, securing of availability and their separation. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to the threat to the data. We also consider the protection of personal data when developing or selecting hardware, software and procedures in accordance with the principle of data protection, through technology design and data protection-friendly default settings.

Masking of the IP address:

If it is possible for us or the storage of the IP address is not necessary, we shorten or have your IP address shortened. When the IP address is shortened, also known as "IP masking", the last octet, i.e., the last numbers of an IP address are deleted (the IP address in this context is an identifier individually assigned to an Internet connection by the online access provider). By shortening the IP address, the identification of a person on the basis of their IP address is to be prevented or made considerably more difficult.

SSL encryption (https):

We use SSL encryption to protect your data transmitted via our online offer. You can recognize such encrypted connections by the prefix https: // in the address line of your browser.

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user's computer. A cookie is primarily used to store information about a user during or after his visit within an online offer. The information stored may include, for example, language settings on a website, login status, a shopping cart, or where a video was watched. The term cookies also includes other technologies that perform the same functions as cookies (e.g., when user information is stored using pseudonymous online identifiers, also known as "user IDs").

The following cookie types and functions are distinguished:

  • Temporary cookies (also: session cookies): Temporary cookies are only stored for a limited time during a session and are deleted from the device as soon as the user has left an online offer and closed his browser.
  • Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved, or preferred content can be displayed directly, when the user visits a website again. Likewise, the interests of users used for reach measurement or marketing purposes can be stored in such a cookie.
  • First-party cookies: First-party cookies are set by us.
  • Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
  • Necessary (also: essential or absolutely necessary) cookies: Cookies may be absolutely necessary for the operation of a website (e.g., to store logins or other user input or for security reasons).
  • Statistics, marketing and personalization cookies: Furthermore, cookies are generally also used in the context of range measurement and when a user's interests or behavior (e.g., viewing certain content, using functions, etc.) on individual websites are stored in a user profile. Such profiles are used, for example, to show users content that matches their potential interests. This process is also referred to as "tracking", i.e., following the potential interests of users. Insofar as we use cookies or "tracking" technologies, we will inform you separately in our data protection declaration or in the context of obtaining consent.

Notes on legal bases:

The legal basis on which we process your personal data with the help of cookies depends on whether we ask for your consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, the data processed with the help of cookies will be processed on the basis of our legitimate interests (e.g., in the business operation of our online offer and its improvement) or, if the use of cookies is necessary, in order to fulfill our contractual obligations.

Storage period:

Unless we provide you with explicit information about the storage period of permanent cookies (e.g., in the context of a so-called cookie opt-in), please assume that the storage period can be up to two years.

General information on revocation and objection (opt-out):

Regardless of whether the processing is based on consent or legal permission, you have the option at any time to revoke any consent you have given or to object to the processing of your data by cookie technologies (collectively referred to as "opt-out"). You can first explain your objection using the settings of your browser, e.g., by deactivating the use of cookies (which can also restrict the functionality of our online offer). You can object to the use of cookies for online marketing purposes using a variety of services, especially in the case of tracking, via the US website https://www.aboutads.info/choices/ or the EU website https://www.youronlinechoices.com/. In addition, you can receive further instructions on how to object in the context of the information on the service providers and cookies used.

Processing of cookie data based on consent:

Before we process or have data processed within the scope of the use of cookies, we ask users for consent that can be revoked at any time. Before the consent has been expressed, at most, cookies are used which are absolutely necessary for the operation of our online offer.

  • Processed data types: usage data (e.g., websites visited, interest in content, access times), meta / communication data (e.g., device information, IP addresses).
  • Data subjects: users (e.g., website visitors, users of online services).
  • Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

In order to be able to provide our online offer safely and efficiently, we use the services of one or more web hosting providers, from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we can use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.

The data processed as part of the provision of the hosting offer can include all information relating to the users of our online offer that is generated in the context of use and communication. This regularly includes the IP address that is necessary in order to be able to deliver the content of online offers to browsers, and all entries made within our online offer or from websites.

E-mail dispatch and hosting:

The web hosting services we use also include the dispatch, receipt and storage of e-mails. For these purposes, the addresses of the recipients and senders as well as other information relating to the sending of e-mails (e.g., the providers involved) and the content of the respective e-mails are processed. The aforementioned data can also be processed for the purpose of recognizing SPAM. Please note that emails on the Internet are generally not sent in encrypted form. As a rule, e-mails are encrypted on the transport route, but (if no so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore not assume any responsibility for the transmission path of the e-mails between the sender and receipt on our server.

Collection of access data and log files:

We (or our web hosting provider) collect data on every access to the server (so-called server log files). The server log files can include the address and name of the websites and files accessed, the date and time of the access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP Addresses and the requesting provider belong.

The server log files can be used on the one hand for security purposes, e.g., to avoid overloading the server (especially in the case of abusive attacks, so-called DDoS attacks) and on the other hand to ensure the load on the server and its stability.

Content-Delivery-Network:

We use a content delivery network (CDN). A CDN is a service with the help of which the content of an online offer, in particular large media files such as graphics or program scripts, can be delivered faster and more securely with the help of regionally distributed servers connected via the Internet.

  • Processed data types: content data (e.g., text input, photographs, videos), usage data (e.g., websites visited, interest in content, access times), meta / communication data (e.g., device information, IP addresses).
  • Data subjects: users (e.g., website visitors, users of online services).
  • Purposes of processing: contractual performance and service.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

Services and service providers being used:

Users can create a user account. Within the scope of registration, the mandatory information required is communicated to the users and processed for the purposes of providing the offer on the basis of contractual fulfilment of obligations. The processed data includes in particular the registration information (name, password as well as an e-mail address). The data entered during registration will be used for the purposes of using the offer and its purpose.

Users may be informed by e-mail on proceedings relevant to their registration, such as technical changes. If users have terminated their registration, their data with regard to the registration are deleted, subject to a statutory retention obligation. In the event of termination, it is the responsibility of the users to secure their data before the end of the contract. We are entitled to irretrievably delete all user data stored during the term of the contract.

Within the scope of using our registration and login functions as well as the use of the user account, we may store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the users’ protection against misuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

Online-Forum:

Participation in the Forum requires registration, which, unless otherwise specified in the registration form, must include a name or your name, a password and the e-mail address to which the access data will be sent. For security reasons, the password should be state of the art, i.e., complicated (users will be advised of this during registration if necessary) and should not be used elsewhere. Forum posts are visible to the public unless their visibility is restricted to certain members or groups of members. The contributions of the authors are stored with their name, if registered or indicated, the time and the entry content. When registering and writing entries, the IP addresses of the users are also stored, in case the entries should have an illegal content and the IP addresses could serve the prosecution. The responsible person reserves the right to delete the applications and entries based on proper consideration.

  • Processed data types: Inventory data (e.g., names, addresses), contact data (e.g., e-mail, telephone numbers), content data (e.g., text input in online forms), meta/communication data (e.g., device information, IP addresses), usage data (e.g., websites visited, interest in content, access times).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Contractual services and support, security measures, managment of and reply to inquiries.
  • Legal Basis: Consent (Art. 6 (1) (a) GDPR), Performance of a contract and prior requests (Art. 6 Para. 1 S. 1 lit. b GDPR), Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

We use Messenger for communication purposes and therefore ask you to observe the following information on the functionality of Messenger, on encryption, on the use of the metadata of the communication and on your options for objection.

You can also contact us by alternative means, e.g., telephone or e-mail. Please use the contact options provided to you or use the contact options provided within our online services.

In the case of encryption of content (i.e., the content of your message and attachments), we point out that the communication content (i.e., the content of the message and attachments) is encrypted end-to-end. This means that the content of the messages is not visible, not even by the messenger service providers themselves. You should always use a current version of the messenger service with activated encryption, so that the encryption of the message contents is guaranteed.

However, we would like to point out to our communication partners that although messenger service providers do not see the content, they can find out that and when communication partners communicate with us and process technical information on the communication partner's device used and, depending on the settings of their device, also location information (so-called metadata).

Information on Legal basis:

If we ask communication partners for permission before communicating with them via Messenger, the legal basis of our processing of their data is their consent. Otherwise, if we do not request consent and you contact us, for example, voluntarily, we use Messenger services in our dealings with our contractual partners and as part of the contract initiation process as a contractual measure and in the case of other interested parties and communication partners on the basis of our legitimate interests in fast and efficient communication and meeting the needs of our communication partners for communication via Messenger services. We would also like to point out that we do not transmit the contact data provided to us to the Messenger service providers for the first time without your consent.

Withdrawal, objection, and deletion:

You can withdraw your consent or object to communication with us via messenger services at any time.In the case of communication via messenger services, we delete the messages in accordance with our general data retention policy (i.e., as described above after the end of contractual relationships, archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any information provided by the communication partners, if no reference to a previous conversation is to be expected and there are no legal obligations to store the messages to prevent their deletion.

Reservation of reference to other means of communication:

Finally, we would like to point out that we reserve the right, for reasons of your safety, not to answer inquiries about messenger services. This is the case if, for example, internal contractual matters require special secrecy or if an answer via the messenger services does not meet the formal requirements. In such cases we refer you to more appropriate communication channels.

Skype:

Skype's end-to-end encryption requires its activation (if it should not be activated by default).

  • Processed data types: Contact data (e.g., e-mail, telephone numbers), Usage data (e.g., websites visited, interest in content, access times), Meta/communication data (e.g., device information, IP addresses), Content data (e.g., text input in online forms).
  • Data subjects: Communication partner.
  • Purposes of processing: Contact requests and communication, Direct marketing (e.g., by e-mail or postal).
  • Legal Basis: Consent (Article 6 (1) (a) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

Services and service providers being used:

  • Mattermost: Self-hosted one-to-one and group messaging, file sharing and search; Mattermost, Inc., 530 Lytton Avenue, Suite 201, Palo Alto, CA, 94301, USA; Website: https://mattermost.com/
    • The processed data from Mattermost are stored on our server with German location.

The following services process your data on servers in the USA. There is a risk that your data may be processed by US authorities for control and monitoring purposes without you possibly having any legal recourse.

We use platforms and applications of other providers (hereinafter referred to as "Third Party Providers") for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings. When selecting third-party providers and their services, we observe the legal requirements.

In this context, data of the communication participants will be processed and stored on the servers of third parties, as far as these are part of communication processes with us. This data may include, but is not limited to, registration and contact details, visual and voice contributions, chat entries and shared screen content.

If users are referred to the third-party providers or their software or platforms in the context of communication, business or other relationships with us, the third-party provider processing may process usage data and metadata that can be processed by them for security purposes, service optimization or marketing purposes. We therefore ask you to observe the data protection information of the respective third-party providers.

Information on Legal basis:

If we ask the users for their consent to the use of third-party providers or certain functions (e.g., permission to record conversations), the legal basis of the processing is consent. Furthermore, the processing can be a component of our (pre)contractual services, provided that the use of the third-party was agreed within this context. Otherwise, user data will be processed on the basis of our legitimate interest in efficient and secure communication with our communication partners. In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

  • Processed data types: Inventory data (e.g., names, addresses), Contact data (e.g., e-mail, telephone numbers), Content data (e.g., text input in online forms), Usage data (e.g., websites visited, interest in content, access times), Meta/communication data (e.g., device information, IP addresses).
  • Data subjects: Communication partners, users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of contractual services and customer support, Contact requests and communication, Office and organizational procedures, direct marketing (e.g., by e-mail or postal mail).
  • Legal Basis: Consent (Article 6 (1) (a) GDPR), Performance of a contract and prior requests (Article 6 Part 1 S. 1 lit. b GDPR), Legitimate Interests (Article 6 Part 1 S. 1 lit. f GDPR).

Services and service providers being used:

Cisco WebEx:

Due to the ECJ (European Court of Justice) ruling of July 2020 on the Privacy Shield and EU-US data flows, we consider it necessary to explicitly inform you about the processing of your data outside the EU.
Please note that WebEx processes the data (Pool1 in London, UK) outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection.

Microsoft Teams:

Due to the ECJ (European Court of Justice) ruling of July 2020 on the Privacy Shield and EU-US data flows, we consider it necessary to explicitly inform you about the processing of your data outside the EU.
Microsoft Teams processes your data on servers in the USA. There is a risk that your data may be processed by US authorities for control and monitoring purposes without you possibly having any legal recourse.

The application process requires job applicants to provide us with the data necessary for their assessment and selection. The information required is specified in the job description.

Basically, the required information includes personal information such as the name, address, a means of contact and proof of the qualifications required for a position. Upon request, we will be happy to provide additional information about which details are required.

Job applicants can send us their applications by e-mail. However, please note that e-mails are generally not encrypted when sent over the Internet. As a rule, e-mails are encrypted in transit, but not on the servers from which they are sent and received. Therefore, we cannot take responsibility for the transmission path of the application between the sender and the reception on our server.

For the purposes of the search for job applicants, submission of applications and selection of job applicants, we may use applicant management or recruitment software and platforms and services of third-party providers in compliance with legal requirements.

Job applicants are welcome to contact us regarding the method of application submission or to send us the application by postal mail.

Processing of special categories of data:

Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR (e.g., health data, such as severely disabled status or ethnic origin) are requested from job applicants in the context of the application process so that the controller or the data subject can exercise the rights accruing to him or her under labor law and social security and social protection law and fulfill his or her obligations in this regard, their processing shall be carried out in accordance with Art. 9 (2) letter b. GDPR, in case of protection of vital interests of the job applicants or other persons according to Art. 9 para. 2 lit. c. GDPR or for the purposes of preventive health care or occupational medicine, for the assessment of the employee's ability to work, for medical diagnostics, for care or treatment in the health or social sector or for the management of systems and services in the health or social sector pursuant to Art. 9 para. 2 lit. h. GDPR. In the case of a notification of the special categories of data based on voluntary consent, their processing is based on Art. 9 para. 2 lit. a. GDPR.

Deletion of data:

The data provided by job applicants may be further processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a job offer is not successful, the job applicants' data will be deleted. Job applicants' data will also be deleted if an application is withdrawn, which job applicants are entitled to do at any time. Subject to a justified withdrawal by the job applicants, the deletion will take place at the latest after the expiry of a period of six months so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the regulations on equal treatment of job applicants. Invoices for any reimbursement of travel expenses are archived in accordance with tax law requirements.

Inclusion in a job applicant pool:

Inclusion in a job applicant pool, if offered, is based on consent. Job applicants are informed that their consent to inclusion in the talent pool is voluntary, has no influence on the current job application process and that they can revoke their consent at any time for the future.

  • Processed data types: Job applicant data (e.g., personal details, postal and contact addresses, the documents belonging to the job application and the information contained therein, such as cover letter, curriculum vitae, certificates, as well as other information provided with regard to a specific position or voluntarily by job applicants concerning their person or qualifications).
  • Data subjects: Job applicant.
  • Purposes of processing: Job application procedure (establishment and possible subsequent implementation as well as possible subsequent termination of the employment relationship).
  • Legal basis: Job application procedure as a pre-contractual or contractual relationship (Art. 9 (2) lit. b GDPR).

We use software services (so-called "cloud services", also referred to as "software as a service") that are accessible via the Internet and run on the servers of their providers for the following purposes: document storage and administration, calendar management, sending e-mails, spreadsheets and presentations, exchange of documents, content and information with specific recipients or publication of websites, forms or other content and information as well as chats and participation in audio and video conferences.

In this context, personal data can be processed and stored on the servers of the provider, provided that they are part of communication processes with us or otherwise processed by us, as set out in this data protection declaration. This data can include, in particular, master data and contact details of the users, data on operations, contracts, other processes and their content. The providers of the cloud services also process usage data and metadata that are used by them for security purposes and for service optimization.

If we use cloud services to provide forms or other documents and content to other users or publicly accessible websites, the providers may store cookies on users' devices for the purposes of web analytics or to remember users' settings (e.g., in the case of media control).

Notes on legal bases:

If we ask for consent to the use of cloud services, the legal basis for processing is consent. Furthermore, their use can be part of our (pre) contractual services, provided that the use of cloud services has been agreed in this context. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient and secure administrative and collaboration processes)

  • Processed data types: inventory data (e.g., names, addresses), contact data (e.g., e-mail, telephone numbers), content data (e.g., text entries, photographs, videos), usage data (e.g., websites visited, interest in content, access times), meta / communication data (e.g., Device information, IP addresses), contract data (e.g., subject of the contract, duration, customer category).
  • Data subjects: Customers, employees (e.g., employees, job applicants, former employees), interested parties, communication partners.
  • Purposes of processing: office and organizational procedures.
  • Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

Services and service providers being used:

Nextcloud:

KaleidoSim:

Due to the ECJ (European Court of Justice) ruling of July 2020 on the Privacy Shield and EU-US data flows, we consider it necessary to explicitly inform you about the processing of your data outside the EU.

KaleidoSim stores all data in the Google Datacenter in the Netherlands. Google processes your data on servers in the USA. There is a risk that your data may be processed by US authorities for control and monitoring purposes without you possibly having any legal recourse.

Web analysis (also referred to as "reach measurement") is used to evaluate the visitor flows to our online offer and can include behavior, interests or demographic information about the visitors, such as age or gender, as pseudonymous values. With the help of the range analysis, we can, for example, recognize at what time our online offer or its functions or content are used most often or invite you to reuse. We can also understand which areas need optimization.

In addition to the web analysis, we can also use test methods, for example, to test and optimize different versions of our online offer or its components.

For these purposes, so-called user profiles can be created and stored in a file (so-called "cookie") or similar processes can be used for the same purpose. This information can include, for example, the content viewed, websites visited, and the elements and technical information used there, such as the browser used, the computer system used and information on usage times. If users have consented to their location data being collected, this can also be processed, depending on the provider.

It also stores the IP addresses of the users. However, we use an IP masking method (i.e., pseudonymization by truncating the IP address) to protect users. In general, in the context of web analysis, A / B-testing and optimization, no clear data of users (such as e-mail addresses or names) are stored, but pseudonyms. This means that we as well as the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

Notes on legal bases:

If we ask users for their consent to use the third-party providers, the legal basis for processing data is consent. Otherwise, the users' data is processed on the basis of our legitimate interests (i.e., interest in efficient, economical and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

  • Processed data types: Usage data (e.g., web pages visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors), tracking (e.g., interest/behavior-based profiling, use of cookies), conversion measurement (measurement of the effectiveness of marketing measures), profiling (creation of user profiles).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Services and service providers being used:

  • Matomo: The information generated by the cookie about your use of this website is stored only on our server and is not shared with third parties; Service provider: Self-hosted web analytics/reach measurement;
    • Website: https://matomo.org/;
    • Deletion of data: The cookies have a maximum storage period of 13 months.

We maintain online profiles within social networks and process user data in this context in order to communicate with the active users there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may entail risks for users, e.g., by making it more difficult to enforce users' rights.

In addition, user data is usually processed within social networks for market research and advertising purposes. For example, user profiles can be created on the basis of user behavior and the associated interests of users. The user profiles can then be used, for example, to place advertisements within and outside the networks which are presumed to correspond to the interests of the users. For these purposes, cookies are usually stored on the user's computer, in which the user's usage behavior and interests are stored. Furthermore, data can be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective networks or will become members later on).

For a detailed description of the respective processing operations and the opt-out options, please refer to the respective data protection declarations and information provided by the providers of the respective networks.

Also, in the case of requests for information and the exercise of rights of data subjects, we point out that these can be most effectively pursued with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, please do not hesitate to contact us.

Notes on legal bases:

  • Processed data types: Inventory data (e.g., names, addresses), Contact data (e.g., e-mail, telephone numbers), Content data (e.g., text input in online forms), Usage data (e.g., websites visited, interest in content, access times), Meta/communication data (e.g., device information, IP addresses).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Contact requests and communication, tracking (e.g., interest/behavioral profiling, use of cookies), remarketing, reach measurement (e.g., access statistics, recognition of returning visitors).
  • Legal basis: Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Services and service providers being used:

The following services process your data on servers in the USA. There is a risk that your data may be processed by US authorities for control and monitoring purposes without you possibly having any legal recourse.

We incorporate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These can be graphics, videos or social media buttons as well as posts (hereinafter uniformly referred to as "content").

The integration always presupposes that the third-party providers of this content process the IP address of the user, since without the IP address they would not be able to send the content to their browser. The IP address is therefore required for the display of this content or functions. We strive to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and contain, among other things, technical information about the browser and operating system, the websites to be referred to, the time of visit and other information about the use of our online offer, as well as being linked to such information from other sources.

Notes on legal bases:

If we ask the users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economical and recipient-friendly services). In this context, we would like to draw your attention to the information on the use of cookies in this data protection declaration.

  • Processed data types: usage data (e.g., websites visited, interest in content, access times), meta / communication data (e.g., device information, IP addresses).
  • Data subjects: users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online offer and user-friendliness, contractual services and services.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Services and service providers being used:

  • Google Maps:

We do not embed the Map from Google Map directly but provide a link to Google Maps with our address pre-selected. This means that the tracking of Google Maps is not used on our website.

Google Maps processes your data on servers in the USA. There is a risk that your data may be processed by US authorities for control and monitoring purposes without you possibly having any legal recourse.

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
Parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA;

The data processed by us will be deleted in accordance with the legal requirements as soon as the consent allowed for processing is revoked or other permissions are no longer applicable (e.g., if the purpose of processing this data is no longer applicable or is not required for the purpose).

If the data is not deleted because it is required for other legally permissible purposes, its processing will be limited to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax law reasons, or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

Further information on the deletion of personal data can also be found in the individual data protection information of this data protection declaration.

We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your participation (e.g., consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and please check the information before contacting us.

As the data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

  • Right of objection: You have the right, for reasons that arise from your particular situation, to object at any time to the processing of your personal data, which is based on Art. 6 Para. 1 lit. e or f GDPR takes place to object; this also applies to profiling based on these provisions. If the personal data concerning you are processed in order to operate direct mail, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
  • Right of revocation for consent: You have the right to revoke your consent at any time.
  • Right to information: You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with legal requirements.
  • Right to correction: In accordance with the legal requirements, you have the right to request the completion of the data relating to you or the correction of incorrect data relating to you.
  • Right to deletion and restriction of processing: In accordance with the legal requirements, you have the right to request that the data relating to you be deleted immediately or, alternatively, to request a restriction on the processing of the data in accordance with the legal requirements.
  • Right to data portability: You have the right to receive data relating to you that you have provided to us in accordance with the legal requirements in a structured, common and machine-readable format or to request that it be transmitted to another person responsible.
  • Complaint to the supervisory authority: In accordance with the legal requirements, you also have the right to submit a complaint to a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of the personal data concerning you violates the GDPR.

This section gives you an overview of the terms used in this data protection declaration. Many of the terms are taken from the law and primarily defined in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are intended primarily for understanding. The terms are sorted alphabetically.

  • Content Delivery Network (CDN): is a service with the help of which the content of an online offer, in particular large media files such as graphics or program scripts, can be delivered faster and more securely with the help of regionally distributed servers connected via the Internet.
  • IP masking: "IP masking" refers to a method in which the last octet, i.e., the last two numbers of an IP address, is deleted so that the IP address can no longer be used to uniquely identify a person. Therefore, IP masking is a means of pseudonymizing processing procedures, particularly in online marketing
  • Interest-based and behavior-related marketing: One speaks of interest-based and / or behavior-related marketing when potential interests of users in advertisements and other content are predetermined as precisely as possible. This is done on the basis of information on their previous behavior (e.g., visiting certain websites and lingering on them, buying behavior or interaction with other users), which are stored in a so-called profile. Cookies are usually used for these purposes.
  • Conversion Tracking: "Conversion Tracking" describes a procedure with which the effectiveness of marketing measures can be determined. For this purpose, a cookie is usually stored on the users' devices within the websites on which the marketing measures are carried out and then retrieved again on the target website. For example, we can see whether the advertisements we placed on other websites were successful).
  • Personal data: "Personal data" are all information relating to an identified or identifiable natural person (hereinafter "data subject"); A natural person is regarded as identifiable who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie) or one or more special features, which express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
  • Profiling: "Profiling" is any type of automated processing of personal data that consists of using this personal data to identify certain personal aspects that relate to a natural person (depending on the type of profiling, this includes information relating to the Age, gender, location data and movement data, interaction with websites and their content, shopping behavior, social interactions with other people) to analyze, evaluate or predict them (e.g., the interests in certain content or products, the click behavior on a website or Cookies and web beacons are often used for profiling purposes.
  • Web Analytics: Web Analytics serves the evaluation of visitor traffic of online services and can determine their behavior or interests in certain information, such as content of websites. With the help of web analytics, website owners, for example, can recognize at what time visitors visit their website and what content they are interested in. This allows them, for example, to optimize the content of the website to better meet the needs of their visitors. For purposes of web analytics, pseudonymous cookies and web beacons are frequently used in order to recognize returning visitors and thus obtain more precise analyses of the use of an online service.
  • Remarketing: Remarketing" or "retargeting" is the term used, for example, to indicate for advertising purposes which products a user is interested in on a website in order to remind the user of these products on other websites, e.g., in advertisements.
  • Location data: Location data is generated when a mobile device (or another device with the technical requirements for location determination) connects to a radio cell, a Wi-Fi network or similar technical means and functions for location determination. Location data is used to indicate the geographically determinable position on earth at which the respective device is located. Location data can be used, for example, to display map functions or other information dependent on a location.
  • Tracking: Tracking" is the term used when the behavior of users can be traced across several websites. As a rule, behavior and interest information with regard to the websites used is stored in cookies or on the servers of the tracking technology providers (so-called profiling). This information can then be used, for example, to display advertisements to users presumably corresponding to their interests.
  • Controller: "Controller" means the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data.
  • Processing: "Processing" is any process carried out with or without the aid of automated processes or any such series of processes in connection with personal data. The term goes far and includes practically every handling of data, be it the collection, the evaluation, the storage, the transmission or the deletion.