Privacy policy

I. Person responsible

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is

Janna Lingenfelder
Alte Palmbacher Straße 5a
76228 Karlsruhe
Phone: +491766250395
E-Mail: info@janna-lingenfelder.de

This privacy policy applies to the website www.janna-lingenfelder.de

II General information on data processing / legal basis

1. we collect and use your personal data only to the extent necessary to provide a functional website and our content and services.

You can use our website without providing any personal data. If you wish to use special functions of our website (such as the contact form), it will be necessary to process personal data.

Insofar as the collection and use of your personal data is necessary, this processing takes place on a legal basis or we obtain your consent.

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies.

Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject.

The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

Insofar as we obtain consent from you as the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data required for the fulfilment of a contract to which you as the data subject are a party. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which we are subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of you as the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

2. SSL/TLS-Encryption (HTTPS)

We use state-of-the-art transport encryption (SSL/TLS) on this website for the secure transmission of confidential content – such as enquiries via our forms. You can usually recognise an encrypted connection by the address line of your browser (“https://” and lock symbol). The encryption is only effective during transmission between your device and our servers or the server of our hosting service provider.

a) Functionality
When SSL/TLS encryption is active, the data you send to us is transmitted in such a way that it cannot be read by third parties. During the connection, a cryptographic key exchange is carried out and a session key is established (perfect forward secrecy, depending on the cipher suite used). At least TLS 1.2 is supported, preferably TLS 1.3; older, insecure protocols (e.g. SSLv3) are not used.

b) Purpose and legal basis
The purpose of transport encryption is to protect the confidentiality and integrity of your communication data and to prevent unauthorised access by third parties. The legal basis is our legitimate interest in the secure provision of our online services (Art. 6 para. 1 sentence 1 lit. f GDPR) and – as a technical and organisational security measure – Art. 32 GDPR. The use of encryption does not require consent and is not dependent on cookie settings.

c) Recognisability and HSTS
You can recognise active encryption by the prefix “https://” and the lock symbol displayed in modern browsers. If activated on the server side, we use HTTP Strict Transport Security (HSTS) to instruct browsers to only establish encrypted connections. This reduces the risk of so-called “downgrade” or “man-in-the-middle” attacks.

d) Processing and recipients
Technically necessary connection and log data (e.g. IP address, timestamp, requested resources, user agent, TLS version/cipher suite) are processed when the connection is established. The processing takes place on our systems or on the systems of our hosting service provider (see section “Hosting”). No further content-related processing is associated with transport encryption.

e) Safety instructions
Despite encryption, security outside our area of responsibility (e.g. on your end device, in other networks or in the case of unencrypted e-mail communication) cannot be fully guaranteed. Please use our encrypted web forms for particularly sensitive content and avoid sending sensitive data in unencrypted emails.

III Provision of the website and creation of log files

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

This may include (1) information about the browser type and version used, (2) the user’s operating system, (3) the user’s internet service provider, (4) the user’s IP address, (5) the date and time of access, (6) websites from which the user’s system accesses our website, (7) websites that are accessed by the user’s system via our website.

The data is stored in the log files of our system. This data is not stored together with other personal data of the user. It is therefore not possible to draw conclusions about the person concerned.

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Data is stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The data is not analysed for marketing purposes.

These purposes constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR, which also constitutes the legal basis for the temporary storage of data and log files.

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

Since the collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website, there is no possibility of objection on your part.

IV. Use of cookies

1. description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.

Log-in information is stored and transmitted in the cookies in order to recognise users of our website.

The purpose of using technically necessary cookies is to simplify the use of our website for you. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognised even after a page change.

The user data collected by technically necessary cookies is not used to create user profiles.

Information on plug-ins used by third-party providers that set so-called third-party cookies can be found below in this privacy policy under the relevant point. In this context, there is also a note on how the setting or storage of cookies can be prevented or restricted.

2. legal basis of the processing

These purposes also constitute our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f GDPR, which also constitutes the legal basis for the processing of personal data using cookies.

3. duration of storage

Cookies are stored on your computer and transmitted from it to our website. You therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser.

4. objection and cancellation options

Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

V. Contact forms and e-mail contact

1. description and scope of data processing

There are several contact forms on our website which can be used to contact us electronically.

If you contact us in this way, the data entered in the input mask will be transmitted to us and stored. When collecting the data, we proceed as sparingly as possible. You therefore only need to enter your first name
Please state your surname, position, company, telephone number, e-mail address and describe your request.

Alternatively, you can contact us via the e-mail address provided. In this case, your personal data transmitted with the e-mail will be stored.

No data will be passed on to third parties in this context unless you consent to this. The data you provide to us on a voluntary basis will be used exclusively for processing the conversation.

2 Legal basis and purpose of data processing

The legal basis for the processing of data transmitted in the course of sending an email or using the contact form is Art. 6 para. 1 lit. f GDPR. If your e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Otherwise, it is a user relationship between you and us if you use our contact form. In order to fulfil our obligations arising from this relationship, we store your data as part of the communication. The legal basis in this respect is also Art. 6 para. 1 lit. b GDPR.

The processing of the personal data from the input mask serves us solely to process the contact. If you contact us by email, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

3. duration of storage

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

4. objection and cancellation options

You have the option of objecting to the storage of your personal data transmitted via the contact form or by e-mail at any time by informing us of your request by telephone, e-mail or post. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

VI Third-party providers

As part of the operation of our website, we use – with the necessary technical and legal restraint – certain services from third-party providers to ensure security, functionality, reach and user-friendliness. In the following, we explain the type, scope, purposes and legal basis of the respective processing, the integration into our consent management, any data transfers to third countries and your options for objection and cancellation. If technologies are used that are not technically necessary, they will only be used after you have given your express consent in the cookie/consent banner.

1. google analytics (with consent mode)

We use Google Analytics, a web analytics service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses cookies and similar tracking technologies to analyse interactions with our website pseudonymously. Google processes the information generated by the cookies on our behalf in order to compile reports on website activities, to collect usage figures (e.g. page views, dwell times, bounce rates) and to provide other services associated with the use of our website. Pseudonymised user profiles can be created from the processed data.

a) Functionality
We only use Google Analytics with activated IP anonymisation. This means that your IP address will be truncated by Google within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area; only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser will not be merged with other Google data. We use the following reports and functions, among others: Standard and real-time reports, cross-device analyses, event tracking (e.g. clicks on buttons/forms), target intent/conversions and – if enabled – demographic characteristics and interests (pseudonymous).

b) Consent mode and control via the cookie/consent banner
Google Analytics is used exclusively on the basis of your consent via our consent management tool (Art. 6 para. 1 sentence 1 lit. a GDPR; § 25 para. 1 TTDSG). We use the Google “Consent Mode”: Depending on the consent you have given, cookies are set completely or – if you have not given your consent – only aggregated, anonymised measured values are processed without personal cookies. Services are only activated after you have given your consent in the banner; until then, data collection remains deactivated.

c) Purposes of the processing
The processing is carried out for the statistical analysis of the use of our website, for range measurement, for error analysis and for the needs-based design and optimisation of our content and usability.

d) Data transfer and order processing
There is a contract with Google for order processing in accordance with Art. 28 GDPR. If personal data is transferred to the USA, this is done on the basis of the EU standard contractual clauses or within the framework of the EU-U.S. Data Privacy Framework, if applicable.

e) Revocation and opt-out
You can revoke your consent at any time with effect for the future via our consent management tool. Irrespective of this, you can prevent the storage of cookies by setting your browser software accordingly and prevent the collection and processing of data generated by cookies by downloading and installing the browser add-on: http://tools.google.com/dlpage/gaoptout?hl=de. You can find more information about Google’s use of data at https://policies.google.com/privacy?hl=de and https://policies.google.com/technologies/partner-sites.

2 Google Ads Conversion Tracking and Remarketing (with Consent Mode)

We use the online advertising programme “Google Ads” and the associated conversion tracking and remarketing of Google Ireland Ltd, Dublin (“Google”). This allows us to measure the success of our adverts and re-target users who have shown an interest in our content on other websites.

a) Functionality
When you click on a Google advert, a so-called conversion cookie is set on your end device. If you subsequently visit certain pages of our website and the cookie is still active, Google and we can recognise that you clicked on the ad and were redirected to a page with a conversion tag. We only receive statistical, non-personalised reports (e.g. total number of conversions). As part of remarketing, Google analyses usage behaviour on our website in order to present you with interest-based ads on other websites within the Google advertising network (e.g. Google Search, YouTube) (pseudonymously, without direct personal reference).

b) Consent mode and legal basis
They are used exclusively with your consent via our consent management tool (Art. 6 para. 1 sentence 1 lit. a GDPR; Section 25 para. 1 TTDSG). The tags are dynamically controlled via the consent mode according to your decision; without consent, no personal cookies are set and only aggregated measured values are processed.

c) Purposes of the processing
Measurement of the effectiveness of our advertising measures (attribution), reach control, interest-based ad control and optimisation of our marketing budgets.

d) Data transfer and order processing
There is a contract with Google for order processing in accordance with Art. 28 GDPR. If data is transferred to the USA, this is based on the EU standard contractual clauses or the EU-U.S. Data Privacy Framework, if applicable.

e) Revocation and opt-out
You can revoke your consent at any time via our consent management tool and also deactivate personalised advertising at https://adssettings.google.com/authenticated. Further information: https://policies.google.com/privacy?hl=de and https://policies.google.com/technologies/ads.

3. borlabs Cookie (Consent-management)

We use the consent management tool “Borlabs Cookie” from Borlabs GmbH, Rübenkamp 32, 22305 Hamburg (“Borlabs”) to obtain, manage and document the consent of our website visitors to the use of technically unnecessary cookies and external services in a legally secure manner.

a) Functionality
When you visit our website, a technically necessary cookie (“borlabs cookie”) is set in which the consent status you have selected (consent/refusal per category) is stored. This cookie does not contain any personal content, but only the consent status. Based on the stored status, the respective services (e.g. Google Analytics, Google Ads) are only activated after consent has been given.

b) Purposes and legal bases
The purpose is to obtain, manage and document your consent in accordance with the law (Art. 7 para. 1 GDPR; § 25 TTDSG). The legal basis for the use of the tool is Art. 6 para. 1 sentence 1 lit. c GDPR (fulfilment of legal obligations) and Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest in a user-friendly and legally compliant design).

c) Retention and cancellation
The consent status is saved until the cookie is deleted or until you change your selection. You can change or revoke your consent at any time with effect for the future via our banner.

d) Further information
Data protection at Borlabs: https://borlabs.io/datenschutz/.

4. google tag manager

We use the Google Tag Manager of Google Ireland Ltd, Dublin (“Google Tag Manager”) to centrally manage website tags and control them in compliance with data protection regulations.

a) Functionality
The Google Tag Manager implements code snippets (“tags”) and triggers them. The Tag Manager itself does not process user profiles and does not independently access personal data; rather, it enables the triggering of other services (e.g. Google Analytics, Google Ads). Whether and to what extent data is collected is therefore determined by the respective integrated services.

b) Purposes and legal bases
The purpose is the efficient, secure and low-error integration and control of tools requiring consent. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest). Insofar as the Tag Manager triggers services requiring consent, the legal basis is also based on the consent you have given (Art. 6 para. 1 sentence 1 lit. a GDPR; § 25 para. 1 TTDSG).

c) Data transmission
As part of the technical provision, data may be transferred to third countries (e.g. USA). The legal basis for this is the EU standard contractual clauses or the EU-U.S. Data Privacy Framework, if applicable.

d) Further information
Usage policy: https://www.google.com/intl/de/tagmanager/use-policy.html.

5. google fonts

We use Google Fonts (Google Ireland Ltd., Dublin) on our website to display fonts in a standardised and high-performance manner.

a) Type of integration and mode of operation
To protect your data, we always integrate the fonts used locally from our server. As a result, no connection to Google’s servers is established when our pages are accessed and your IP address is not transmitted to Google. Only in very limited exceptional cases (e.g. older subpages that have not yet been converted) can a retrieval via Google servers take place; in this case, the transmission of the IP address is technically necessary in order to deliver the font to your browser.

b) Purposes and legal basis
The purpose is the uniform, accessible and user-friendly presentation of our content and the optimisation of loading times. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest in an appealing and technically optimised website).

c) Data transmission
In the case of local integration, no data is transferred to Google. For any exceptional cases of external integration, the EU standard contractual clauses or the EU-U.S. Data Privacy Framework apply, if applicable.

d) Further information
https://policies.google.com/privacy?hl=de and https://developers.google.com/fonts/faq.

6. google reCAPTCHA

We use Google reCAPTCHA (Google Ireland Ltd., Dublin) on selected form pages to recognise and prevent abusive, automated access (spam and bot protection).

a) Functionality
reCAPTCHA analyses the behaviour of visitors based on various characteristics (e.g. IP address, length of stay, mouse and touch inputs, previously visited pages, if applicable) in order to differentiate between human users and bots. The information collected in this way is transmitted to Google and analysed there. The analysis runs in the background and is generally not visible to visitors.

b) Purposes and legal basis
The purpose is to protect our systems and forms from abusive, automated entries (spam defence). The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest in IT security). Insofar as reCAPTCHA uses cookies or similar technologies, Section 25 (1) of the German Data Protection Act (TTDSG) is also relevant and use is only made with consent via our consent banner.

c) Data transmission
Personal data may be transferred to the USA. The legal bases for this are the EU standard contractual clauses or the EU-U.S. Data Privacy Framework, if applicable.

d) Further information
https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

7 Cloudflare Turnstile

On form and interaction pages, we use the captcha system “Cloudflare Turnstile” from Cloudflare, Inc, 101 Townsend St., San Francisco, CA 94107, USA (“Cloudflare”) to recognise automated entries (bots) without having to resort to classic image puzzles.

a) Functionality
Turnstile analyses technical parameters (e.g. IP address, browser information, time and interaction data, JavaScript challenges) to determine whether an input is human or automated. According to Cloudflare, the data is processed exclusively for security purposes and is not used for advertising or tracking purposes.

b) Purposes and legal basis
The purpose is to defend against spam, misuse and attacks and to ensure the stability of our online services. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest). Insofar as absolutely necessary information is stored or read out on your end device, this is done on the basis of § 25 para. 2 no. 2 TTDSG.

c) Data transmission
Cloudflare operates servers in the EU, among other places; a transfer to the USA may nevertheless take place. The legal basis is the EU standard contractual clauses or the EU-U.S. Data Privacy Framework, if applicable.

d) Further informationn
https://www.cloudflare.com/de-de/privacypolicy/ and https://developers.cloudflare.com/turnstile/.

8. wordfence (website-security service)

To secure our website, we use the Wordfence security service from Defiant Inc, 800 5th Ave, Suite 4100, Seattle, WA 98104, USA (“Wordfence”).

a) Functionality
Wordfence monitors access in real time, compares it with reputation and threat intelligence lists and blocks suspicious requests (e.g. brute force attempts, anomalies in request patterns). In particular, the IP address, timestamp, requested resources, user agent and referrer information and – in the event of an incident – technical metadata for attack detection are processed.

b) Purposes and legal basis
The purpose is to protect our website and the data processed on it from unauthorised access, cyberattacks and malware. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest in IT security).

c) Order processing and data transfer
There is an order processing contract with Defiant Inc. in accordance with Art. 28 GDPR. Insofar as data is transferred to the USA, this is done on the basis of the EU standard contractual clauses or within the framework of the EU-U.S. Data Privacy Framework, if applicable.

d) Further information
https://www.wordfence.com/help/general-data-protection-regulation/ and https://www.wordfence.com/privacy-policy/.

9. ManageWP (website maintenance and administration)

We use the ManageWP service from GoDaddy.com WP Europe, Koširnikova 4, 1000 Ljubljana, Slovenia (“ManageWP”) for the technical maintenance and central administration of our website.

a) Functionality
ManageWP enables automated backups to be created, availability to be monitored (uptime monitoring), updates to be installed and performance to be analysed. For this purpose, technical connection data is regularly exchanged between our website and ManageWP (e.g. IP addresses of the servers, time stamps, status and error codes). This processing is used exclusively for maintenance and security purposes.

b) Purposes and legal basis
Ensuring the functionality, security and up-to-dateness of our website and efficient administration. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest).

c) Order processing and data transfer
There is a contract with ManageWP for order processing in accordance with Art. 28 GDPR. Processing generally takes place within the EU. If, in exceptional cases, a transfer to third countries (e.g. USA within the GoDaddy Group) is necessary, this is carried out on the basis of the EU standard contractual clauses or within the framework of the EU-U.S. Data Privacy Framework, if applicable.

d) Further information
https://managewp.com/privacy

10. google calendar

We use Google Calendar, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) for administration and scheduling.

a) Functionality
If you make an appointment with us via our website or by e-mail, the personal data you provide for this purpose (e.g. name, e-mail address, telephone number, appointment request, request) will be entered into Google Calendar for the purpose of organising the appointment and processed there.

b) Basis
The processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR (fulfilment of contract or implementation of pre-contractual measures) or – if no specific contract exists – on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to efficiently manage appointments and ensure smooth communication.

c) Data transfer to third countries
A transfer of personal data to Google servers in the USA cannot be ruled out. Google is certified in accordance with the EU-US Data Privacy Framework (DPF), which guarantees an adequate level of data protection in accordance with Art. 45 GDPR.

d) Data processing by order
We have concluded an order processing contract with Google (Art. 28 GDPR), in which Google undertakes to process our users’ data only in accordance with our instructions and to comply with European data protection regulations.

Storage duration

e) Storage periods
Personal data will only be stored for as long as is necessary for the organisation of the appointment. After the appointment has been held or cancelled, the data is regularly deleted, provided there are no legal obligations to retain it.

f) Further information
Further information on data protection at Google can be found at: https://policies.google.com/privacy?hl=de

11th Newsletter

Newsletter data

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only on a voluntary basis. For the handling of the newsletter, we use newsletter service providers, which are described below.

Brevo

This website uses Brevo for the sending of newsletters. The provider is the Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Brevo services can, among other things, be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter are archived on servers of Sendinblue GmbH in Germany.

Data analysis by Brevo

Brevo enables us to analyze our newsletter campaigns. For instance, it allows us to see whether a newsletter message has been opened and, if so, which links may have been clicked. This enables us to determine, which links drew an extraordinary number of clicks.

Moreover, we are also able to see whether once the e-mail was opened or a link was clicked, any previously defined actions were taken (conversion rate). This allows us to determine whether you have made a purchase after clicking on the newsletter.

Brevo also enables us to divide the subscribers to our newsletter into various categories (i.e., to “cluster” recipients). For instance, newsletter recipients can be categorized based on age, gender, or place of residence. This enables us to tailor our newsletter more effectively to the needs of the respective target groups.

If you do not want to permit an analysis by Brevo, you must unsubscribe from the newsletter. We provide a link for you to do this in every newsletter message. Moreover, you can also unsubscribe from the newsletter right on the website.

For detailed information on the functions of Brevo please follow this link: https://www.brevo.com/de/newsletter-software/.

Legal basis

The data is processed based on your consent (Art. 6(1)(a) GDPR). You may revoke any consent you have given at any time by unsubscribing from the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place prior to your revocation.

Storage period

The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist, if such action is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

For more details, please consult the Data Protection Regulations of Brevo at: https://www.brevo.com/de/datenschutz-uebersicht/ and https://www.brevo.com/de/legal/privacypolicy/.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

VII Hosting

We are hosting the content of our website at the following provider:

Raidboxes

The provider is the Raidboxes GmbH, Hafenstr. 32, 48153 Münster, Germany (hereinafter referred to as: Raidboxes). Whenever you visit our website, Raidboxes will record a variety of logfiles, including your IP addresses.

For details, please refer to the Data Privacy Policy of Raidboxes: https://raidboxes.io/legal/privacy/.

We use Raidboxes on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in making the depiction of our website as dependable as possible. If you have been asked for your respective consent, processing shall occur exclusively on the basis of Art. 6 (1)(a) GDPR and § 25(1) TDDDG, if the consent comprises the archiving of cookies or access to information on the user’s device (e.g., device finger printing) as defined in the TDDDG. Such consent may be revoked at any time.

Data processing

VIII Rights of the data subject

If and to the extent that we process your personal data, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1. right to information

If personal data is being processed, you can request information about the purposes for which the personal data is being processed, the categories of personal data being processed, the recipients or categories of recipients to whom the personal data relating to you has been or will be disclosed, the planned duration of storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the duration of storage, the existence of a right to rectification or erasure of the personal data relating to you, a right to data portability, a right to data portability and a right to data portability in accordance with Art. the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period, the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing, the existence of a right of appeal to a supervisory authority, all available information on the origin of the data if the personal data are not collected from the data subject. You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

2. right to rectification

In accordance with Art. 16 GDPR, you have a right to rectification and/or completion if the processed personal data concerning you is incorrect or incomplete. The correction must be made immediately.

3. right to cancellation

In accordance with Art. 17 GDPR, you can demand that the personal data concerning you be deleted immediately. The right to erasure does not exist if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims.

4. right to restriction of processing

You may request the restriction of the processing of your personal data in accordance with Art. 18 GDPR if you contest the accuracy of the data, the processing is unlawful, the personal data are no longer required for the purposes of the processing but you require them for the establishment, exercise or defence of legal claims, or you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.

5. right to information

If you have exercised your right to rectification, erasure or restriction of processing, all recipients to whom the personal data concerning you have been disclosed must be informed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

6. right to data portability

In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller if the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and the processing is carried out using automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest.

7. right of objection

Pursuant to Art. 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR.

The objection can be declared to the controller by e-mail, fax or letter (see point 10.1). In the event of an objection, the controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

8. right to revoke the declaration of consent under data protection law

In accordance with Art. 7 (3) GDPR, you have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal, but no further processing shall take place in the future.

9. automated decision-making in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is necessary for the conclusion or performance of a contract between you and the controller, is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or is based on your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

In the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

is the supervisory authority:
State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
Phone: 0711-615541-0
E-mail: poststelle@lfdi.bwl.de