Privacy Policy

 

A. Our contact details and general information on data processing by us

A.1 Name and contact details of the controller

The controller within the meaning of data protection law for the collection and use of personal data is:

LenioBio GmbH, Erkrather Straße 401, D-40231 Düsseldorf

Represented by Dr. Remberto Martis

Telephone: +49 (0) 211 – 8909 40300

Fax: +49 (0) 2871 – 240 015 11

E-mail: info@leniobio.com

Entry in the commercial register.

Register court: Düsseldorf Local Court

Register number: HRB 88248

 

A.2 Contact details of the data protection officer of the controller

Our data protection officer is Timo Schutt, MeinDatenschutzPartner.de GbR, Kriegsstraße 37, D-76133 Karlsruhe, e-mail dsb@meindatenschutzpartner.de

 

A.3 General information on the legal basis for the processing of personal data

In general, the following applies to the processing of personal data by us:

  • Insofar as we obtain your consent for the processing of personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
  • When processing personal data that is necessary for the performance of a contract with you, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies if the processing is necessary to carry out pre-contractual measures, e.g. orders, offers, contract negotiations.
  • Insofar as the processing of personal data is necessary to fulfill a legal obligation to which we are subject, Art. 6 para. 1 letter c) GDPR serves as the legal basis.
  • In the event that your vital interests or those of another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
  • If the processing of your personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, this is done on the legal basis of Art. 6 (1) (e) GDPR.
  • If processing is necessary for the purposes of the legitimate interests pursued by us or by a third party and your interests, fundamental rights and freedoms do not override these interests, the legal basis for processing is Article 6(1)(f) GDPR.

 

A.4 General information on data erasure and storage duration

We generally erase or block personal data as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which we as the controller are subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

Specifically, this means:

If we process the personal data on the basis of consent to data processing (Art. 6(1)(a) General Data Protection Regulation, GDPR for short), the processing ends when you withdraw your consent, unless there is another legal basis for processing the data, which is the case, for example, if we are still entitled to process your data for the purpose of fulfilling the contract at the time of withdrawal (see below in each case).

If we process the data on the basis of our legitimate interests (Art. 6 (1) (f) GDPR) as part of a prior assessment, we will store the data until the legitimate interest no longer exists, the assessment comes to a different conclusion or you have effectively objected in accordance with Art. 21 GDPR (see the visually highlighted “Reference to special right of objection” under C).

If we process the data to fulfill the contract, we will store the data until the contract has been finally fulfilled and processed and no more claims can be asserted under the contract, i.e. until the statute of limitations has expired. The general limitation period according to § 195 BGB is three (3) years. However, certain claims, such as claims for damages, only become time-barred after 30 years (see Section 197 BGB). If there is justified reason to assume that this is relevant in individual cases, we will store the personal data for this period. The aforementioned limitation periods begin at the end of the year (i.e. on December 31) in which the claim arose and the creditor becomes aware of the circumstances giving rise to the claim and the identity of the debtor or should have become aware of them without gross negligence.

We would like to point out that we are also subject to statutory retention obligations for commercial, tax and accounting reasons. These oblige us to retain certain data, which may also include personal data, for a period of six (6) to ten (10) years as proof of our proper business activities and accounting. These retention periods take precedence over the aforementioned deletion obligations. The retention periods also begin at the end of the relevant year, i.e. on December 31.

 

A.5 General information on the sources of personal data

The personal data processed by us originates primarily from the data subjects themselves, for example:

  • as users of our website, by transmitting information, such as the IP address, to us or our web server via the web browser and their end device (e.g. a PC, smartphone, tablet or notebook)
  • upon order from us as a buyer/customer or to maintain a customer account,
  • request for information material or an offer from us as an interested party,
  • to conclude a contract with us as a participant in an event,
  • to request information material, press releases, statements, etc. as a representative of the press,
  • to supply us with goods as agreed as a supplier or provide us with services or similar as a business partner.

Only in very exceptional cases can the personal data processed by us also originate from third parties, for example if a person is acting on behalf of a third party.

 

A.6 Recipients or categories of recipients of personal data

Your personal data will only be passed on or transmitted to third parties if this is absolutely necessary and permissible for the respective purpose. We explain to whom we pass on data and for what purpose in each case in connection with the data processing described below or, in the case of transfers to other EU countries, additionally in the context of this privacy policy.

Categories of recipients can generally be:

  • Service providers,
  • Suppliers, business partners,
  • Accounting, tax consultants.

Depending on the category of data involved, we process personal data for the following purposes and on the basis of the respective legal basis of the General Data Protection Regulation (GDPR):

User data

We collect and process data from users of our website on a non-personal basis. It is not possible for us to identify specific persons. The IP address is only processed anonymously. If, in exceptional cases, personal data is involved, we process it to protect our legitimate interests on the basis of Art. 6(1)(f) GDPR. Our legitimate interests in this sense are our interest in the security and integrity of our website and the data on our web server (in particular fault and error detection, as well as tracking unauthorized access), as well as marketing interests and interests in statistical surveys (to improve our website and our services and offers). Having weighed up these interests, we have come to the conclusion that data processing is necessary to safeguard the aforementioned legitimate interests and that your interests or fundamental rights and freedoms, which require the protection of personal data, do not outweigh them.

Data of interested parties/data of press representatives

Insofar as we process data from those interested in our services or from representatives of the press, this only takes place if they enter this data in an input field or by e-mail for the purpose of sending us an inquiry. These entries are voluntary. We then process this data exclusively for the purpose of processing the request. The processing of this data voluntarily transmitted to us for the purpose of providing information about our services is carried out as pre-contractual processing in accordance with Art. 6 (1) (b) GDPR and/or on the basis of the consent you have given by transmitting it in accordance with Art. 6 (1) (a) GDPR.

Customer data

We process the data of our customers for the purpose of contract initiation and contract processing in accordance with Art. 6(1)(b) GDPR or, in the case of a customer account, (also) in accordance with Art. 6(1)(a) GDPR on the basis of consent given during registration.

Supplier data/data of business partners

We process the data of our suppliers and business partners for the purpose of contract processing in accordance with Art. 6(1)(b) GDPR and/or on the basis of consent granted in accordance with Art. 6(1)(a) GDPR. This also applies to processing operations that are necessary for the implementation of pre-contractual measures (e.g. in the context of the preparation and negotiation of offers).

 

A.7 Contacting us by e-mail, fax and telephone call

You can contact us via various channels if you wish. You will also find an e-mail address, telephone number and fax number on the website. If you write us an e-mail, call us or send us a fax, we will inevitably process your personal data. This is because at least the personal data transmitted with the e-mail, fax or your telephone will be stored by us or our systems.

The data will not be passed on to third parties in this context. The data is used exclusively for processing the conversation.

Purposes of data processing

The processing of personal data transmitted by e-mail, fax or telephone serves us to process your contact and your request. We need your e-mail address, your fax number or your telephone number in order to be able to reply at all. This is also the legitimate interest in processing the data.

Legal basis for data processing

The legal basis for the processing of the data is the existence of consent in accordance with Art. 6 (1) (a) GDPR, which you have given by actively contacting us.

If the contact or your request is aimed at the conclusion of a contract, the legal basis for the processing is Art. 6 para. 1 letter b) GDPR (implementation of pre-contractual measures).

Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.

For personal data sent by email, this is the case when the respective conversation with you has ended and we have waited for a waiting period of up to 3 months to see whether we may need to revisit your request or the details of the communication. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

Fax data is stored separately from print data in the fax machine’s memory. After the fax has been printed, the occupied memory space is released again so that the next fax can be received and stored there. Parts of the fax can remain temporarily in the device memory after printing until they are overwritten by the next fax received. As a rule, this leads to automatic deletion of the data after approx. 1-2 weeks. If it is a computer fax, we will receive your fax as an e-mail and the information on e-mail will apply accordingly.

When you make an incoming telephone call or an outgoing call to us, your telephone number or your name/company name stored with your telephone provider as well as the date and time of the call are stored in our telephone system in a so-called ring buffer, which overwrites the oldest data with new data. As a rule, this leads to automatic deletion of the data in the telephone system after approx. 3-4 months.

The communication may be subject to a retention obligation under commercial or tax law, which then takes precedence (see the explanations above on “Data deletion and storage period”).

Right of objection and removal

You have the option at any time to revoke your consent to the processing of personal data or to object to further data processing on the grounds of legitimate interest (see the reference to the special right of objection under C. of this data protection information). In such a case, the conversation cannot be continued.

You can withdraw your consent or object to further data processing by sending us an informal message (e.g. by email). All personal data stored in the course of contacting us will be deleted in this case.

B. Scope of the processing of personal data via our website

We only collect and use users’ personal data when they use our website insofar as this is necessary to provide a functional website and our content and services. The collection and use of our users’ personal data generally only takes place with the user’s consent. An exception applies in cases where it is not possible to obtain prior consent for factual reasons and/or the processing of the data is permitted by law.

 

B.1 Provision of the website and creation of log files

For technical reasons, our system automatically collects data and information each time the website is accessed. This is stored in the log files of the web server. These are:

  • Date and time of access,
  • URL (address) of the referring website (referrer),
  • Websites accessed by the user’s system via our website,
  • Screen resolution of the user,
  • Retrieved file(s) and notification of the success of the retrieval,
  • The amount of data sent,
  • The user’s internet service provider,
  • Browser, browser type and browser version, browser engine and engine version,
  • Operating system, operating system version, operating system type, as well as
  • The anonymized IP address and the user’s internet service provider.

This data is processed separately from other data. This data is not processed together with other personal data of the user. It is not possible for us to assign this data to a specific person.

The website was created with the website builder and content management system from Duda, Inc, 577 College Ave, Palo Alto, CA 94306, USA and is hosted on a web server from Amazon Web Services (AWS). AWS is an American cloud computing provider based in Seattle, Washington, USA and a subsidiary of the online mail order company Amazon.com. However, we use the AWS data centers within the EU. The provider is therefore Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg. You can view the provider’s privacy policy and cookie policy here: https://aws.amazon.com/privacy/

Purposes of the data processing

The temporary processing of data by the system is necessary to enable the content of our website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimize our offer and the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context.

We also use the IP address to find and show you the nearest sales outlet for our products.

Legal basis for data processing

The temporary storage of the data and the log files is based on the legal basis of Art. 6(1)(f) GDPR. Our overriding legitimate interest in this data processing lies in the aforementioned purposes.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client.

Possibility of objection and removal

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object to this. However, the user can stop using the website at any time and thus prevent the further collection of the aforementioned data.

 

B.2 Contact form and e-mail contact

A contact form is available on our website, which can be used for electronic contact or directly for ordering purposes. If you use this option, the data entered in the input mask will be transmitted to us and stored.

These data are:

  • Name, e-mail address, message
  • When ordering also: telephone number (for queries), company name and company address (for shipping)

The following data is also stored when the message is sent:

  • The IP address of the user,
  • Date and time of sending.

Alternatively, it is possible to contact us via the e-mail address we provide. In this case, the personal data transmitted with the e-mail will be stored.

The data will not be passed on to third parties in this context. The data is used exclusively for the processing of the conversation or order processing.

Purposes of data processing

The processing of the personal data from the input mask serves us to process the contact and your request. For example, this may be a question about technical support, product inquiries, inquiries from investors, the press or media or similar. The various forms of inquiry can be found in the drop-down menu of the form and allow you to specify the reason for your contact.

In the case of an order via the form, the data processing serves to process and fulfill your order.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

Legal basis for data processing

The legal basis for the processing of data is our legitimate interest in data processing in accordance with Art. 6 (1) (f) GDPR.

If the contact or your inquiry is aimed at the conclusion of a contract (e.g. order) or if an order is placed directly, the legal basis for the processing is Art. 6 para. 1 letter b) GDPR (implementation of pre-contractual or contractual measures).

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

If an order is placed, the data will be stored until the final processing of the contract between us plus the limitation period (usually three years from December 31 of the year in which the contract is processed).

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

Right of objection and removal

You can prevent specific data processing by contacting us in another way.

You have the option to object to further data processing at any time on the grounds of legitimate interest (see above note on special right to object). In such a case, the conversation cannot be continued. The objection to further data processing is made possible by informal notification to us (e.g. by e-mail).

 

B.3 Use of cookies by us and by third-party providers

When using our website, so-called cookies may be used. These are small text files that are stored on your end device (PC, smartphone, tablet, etc.). When you access a website, a cookie may be stored by your browser. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

Cookies are used to make our website usable at all (technically necessary cookies) or to make it more user-friendly (non-technically necessary cookies).

Third-party cookies may also be used. These cookies may also enable an analysis of the user’s surfing behaviour. If this is the case, we will inform you about this separately in this or specific data protection information directly in the information about the respective third-party tools (such as analysis tools, plugins, etc.). For example, Google Analytics sets its own cookies for analysis purposes (see below).

When you visit our website, you will be informed about the use of cookies for analysis purposes and your consent to the processing of the personal data used in this context will be obtained.

Cookies are used to make our website usable or to make it more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change. The following data is temporarily stored in the cookies:

  • Language settings
  • Management of the login area and the user’s actions there for the respective session
  • Shopping cart function
  • Processing of online payment transactions

Our Duda content management system also uses technically necessary cookies to enable functions such as logging into the administrator area or, if applicable, writing and posting comments for registered visitors (if activated by us). The setting of cookies is then necessary to recognize logged-in visitors.

Purpose of data processing

The purpose of using technically necessary cookies is to enable the use of desired or expressly requested functions of the website for users. Some functions cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change. The user data collected by technically necessary cookies is not used to create user profiles.

Cookies that are not technically necessary are generally used for the purpose of improving the quality of our website and its content. For example, analysis cookies tell us how the website is used and enable us to constantly optimize our offering.

Legal basis for data processing

The following applies to strictly necessary cookies: The legal basis for storing strictly necessary cookies on the user’s device and accessing them is Section 25(2)(2) TTDSG.

The legal basis for the further processing of personal data using the information stored in the cookie is Article 6(1)(f) GDPR, i.e. a legitimate interest on our part. Our legitimate interest lies in the above-mentioned purposes.

The following applies to non-essential cookies: The legal basis for storing non-essential cookies on the user’s device and accessing them is your consent in accordance with Section 25 (1) of the GDPR. The legal basis for the further processing of personal data using technically non-essential cookies is Section 25(1) TTDSG Art. 6(1)(a) GDPR, i.e. the user’s consent.

Duration of storage

Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies).

Other cookies remain on your end device and enable us or the third-party providers to recognize your browser on your next visit (persistent or static cookies).

If we have stored the cookies on the basis of the user’s consent, we will end further data processing upon revocation by the user. Otherwise, we store the data collected on the basis of a legitimate interest until the legitimate interest no longer exists, the consideration comes to a different result or you have effectively objected in accordance with Art. 21 GDPR (see the visually highlighted “Note on special right of objection” under C.). We regularly check whether the legitimate interest still exists. In the case of analysis cookies, our interest no longer exists in particular if the data is no longer sufficiently relevant to us in terms of the evaluation and statistics of website use due to the passage of time, which can be assumed after three years at the latest.

Objection and removal options

Cookies are stored on your computer and transmitted from it to our website. You therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time.

Note: If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

If you do not give your consent or revoke your consent, you can also prevent the use of technically unnecessary cookies.

 

B.4 Use of the analysis tool Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site.

Note: The USA is generally regarded by the European Court of Justice as a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for monitoring and surveillance purposes, possibly without the possibility of legal recourse.

Please note that on this website Google Analytics has been extended by the code “anonymizeIp” to ensure an anonymized collection of IP addresses (so-called IP masking). By activating IP anonymization on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You can find more information on terms of use and data protection at http://www.google.com/analytics/terms/de.html or at https://www.google.de/intl/de/policies/.

Note: Please note that your data is generally transferred to a server in the USA and stored there. The USA is considered by the European Court of Justice to have an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without the possibility of legal recourse.

Purpose of the data processing

The purpose of using the analysis tool or analysis cookies is to improve the quality of our website and its content. This enables us to find out how the website is used and to constantly optimize our offering. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Legal basis for data processing

The legal basis for storing non-essential cookies on the user’s device and accessing them is your consent in accordance with Section 25 (1) of the German Data Protection Act (TTDSG). The legal basis for the further processing of personal data using technically unnecessary cookies is Section 25(1) TTDSG Art. 6(1)(a) GDPR, i.e. the user’s consent.

Duration of storage

The cookies are stored on the user’s computer and transmitted to our website. We store the data until consent is withdrawn, but for no longer than 50 months.

Possibility of objection and removal

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de).

You can prevent the collection of data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent the future collection of your data when you visit this website.

 

B.5 Use of Google Tag Manager

Our website uses Google Tag Manager from Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). This service provided by Google allows website tags to be managed via an interface. The Google Tag Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tag Manager triggers other tags, which in turn may collect data. However, Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, it will remain in place for all tracking tags if they are implemented with Google Tag Manager.

Among other things, the above-mentioned tools/plugins Facebook Pixel, LinkedIn Insight Tag etc. and Google Analytics are controlled via this.

The Google Tag Manager therefore does not lead to any additional data processing, but merely makes it easier to set tags within the website. Additional personal data is therefore not processed through the use of Google Tag Manager.

Further information about data processing by Google can be found in Google’s privacy policy. There you can also change your settings in the data protection center so that you can manage and protect your data.

Here you will find further instructions on how to manage your own data in connection with Google products.

Note: Please note that data is usually transferred to a server in the USA and stored there. The USA is considered by the European Court of Justice to have an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for monitoring and surveillance purposes, possibly without the possibility of legal recourse.

 

B.6 Use of the Vimeo video platform

We use plugins from the provider Vimeo on our website for the integration of videos, among other things. Vimeo is operated by Vimeo, LLC, headquartered at 555 West 18th Street, New York, New York 10011.

When you access the pages of our website that contain such a plugin, a connection to the Vimeo servers is established. This tells the Vimeo server which of our pages you have visited. If you are logged in to Vimeo as a member, Vimeo assigns this information to your personal user account. When you use the plugin, e.g. by clicking on the start button of a video, this information is also assigned to your user account.

Vimeo also calls up the Google Analytics tracker via an iFrame in which the video is called up. This is Vimeo’s own tracking, to which we have no access. You can prevent tracking by Google Analytics by using the deactivation tools that Google offers for some Internet browsers. Users can also prevent Google from collecting the data generated by Google Analytics and relating to their use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de

Further information on data processing and notes on data protection by Vimeo can be found at https://vimeo.com/privacy. You can find Vimeo’s cookie policy here: https://vimeo.com/cookie_policy

Note: Please note that your data is usually transferred to a server in the USA and stored there. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without the possibility of legal recourse.

Purpose of the data processing

The purpose of embedding Vimeo videos is to be able to present multimedia content to the user on the website and thereby enhance and improve the user experience on the website. As this makes our website more attractive, the use of Vimeo also serves our marketing and advertising purposes.

Legal basis for data processing

The legal basis for storing non-essential cookies on your device and accessing them is your consent in accordance with Section 25 (1) of the German Data Protection Act (TTDSG). The legal basis for the further processing of personal data using technically unnecessary cookies is Art. 6 (1) (a) GDPR, i.e. your consent given in accordance with the GDPR. We ask for both consents at the start of website use or before playing a Vimeo video.

Duration of storage

If you are logged in to Vimeo as a member, Vimeo itself stores your data for as long as your Vimeo member account exists (see Vimeo’s privacy policy: https://vimeo.com/privacy). If you are not logged in to Vimeo, we assume that your personal data will not be stored beyond the retrieval of the video. Unfortunately, Vimeo itself does not provide any information on this, but Vimeo states that its services comply with European data protection law. In this case, Vimeo will therefore delete the data as soon as the purpose for which it was collected no longer applies.

We ourselves do not store your data in connection with the use of Vimeo videos on our website.

Objection and removal options

If you have a Vimeo user account and do not want Vimeo to collect data about you via this website and link it to your membership data stored with Vimeo, you must log out of Vimeo before visiting this website. You can also delete the corresponding cookies from Vimeo via your browser.

If you do not wish to enable data processing by Vimeo, do not click on any Vimeo videos on our website.

 

B.7 Use of Mapbox

We use the map service Mapbox from the US provider Mapbox, Inc. on our website (see https://mapbox.com). You can view the privacy policy of the provider Mapbox here: https://www.mapbox.com/legal/privacy

Note: Please note that your data is generally transferred to a server in the USA and stored there. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without the possibility of legal recourse.

We have concluded a Data Processing Agreement (DPA) with Mapbox, which you can view here: https://powerforms.docusign.net/c3c6c1cf-40e8-4447-9e26-adc3de215cf1?env=na3&acct=fde34650-bd40-4fbf-b830-f3ab855c3fec

This expressly refers to the EU standard contractual clauses approved by the EU Commission for the transfer of data to the USA.

Purposes of data processing

The purpose of using Mapbox is to improve the quality of our website and its content and to provide you with a map service for orientation, to display our company headquarters, to plan your journey, etc.

Legal basis for data processing

The legal basis for the storage of non-essential cookies in the user’s terminal device and access to them is your consent in accordance with Section 25 (1) TTDSG. The legal basis for the further processing of personal data using technically unnecessary cookies is Section 25(1) TTDSG Art. 6(1)(a) GDPR, i.e. the user’s consent.

Duration of storage

We store the data until you withdraw your consent, but for no longer than 3 years.

Possibility of objection and removal

You have the option of easily deactivating the service and thus preventing the transfer of data: To do this, deactivate JavaScript in your browser. To prevent the execution of Java Script code altogether, you can also install a Java Script blocker, such as the browser plug-in NoScript (e.g. www.noscript.net or www.ghostery.com).Note: If the execution of Java Script is deactivated, it may no longer be possible to use all functions of the website to their full extent.

 

B.8 Use of Google reCAPTCHA

In selected cases, we use the reCAPTCHA service provided by Google, Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to protect the transmission of forms (e.g. contact form).

Google reCAPTCHA establishes several connections to Google servers and sets a third-party cookie. This collects hardware and software information, e.g. device and application data, and transmits it to Google for analysis purposes. The service includes sending your IP address and any other data required by Google for the reCAPTCHA service to Google. The deviating data protection provisions of Google apply to this data. According to Google, this data is not used for personalized advertising. Google also states that it will never associate your IP address with other Google data. Nevertheless, it would be technically possible for Google to identify at least individual users on the basis of the data received. It is possible that personal data and personality profiles of users of the website could be processed by Google for other purposes over which we have and can have no influence.

You can find Google’s privacy policy at https://policies.google.com/privacy?hl=de

Purpose of the data processing

Google reCAPTCHA is used for the purpose of preventing so-called bots, i.e. small malicious programs, from impairing the security and integrity of our website and the web server. In this way, we want to ensure the functionality of the website. In addition, we use the data to ensure the security of our information technology systems.

Legal basis for data processing

The legal basis for storing non-essential cookies on your end device and accessing them is your consent in accordance with Section 25 (1) of the German Data Protection Act (TTDSG). The legal basis for the further processing of personal data using technically unnecessary cookies is Art. 6 para. 1 letter a) GDPR, i.e. your consent given in accordance with the GDPR. If you do not give your consent, the web forms protected with reCAPTCHA can unfortunately not be used. However, you can then contact us in another way.

Duration of storage

We store the data until you withdraw your consent, but for no longer than 3 years.

Possibility of objection and removal

You have the option of not using the Google reCAPTCHA service by not clicking on the service button. You can then contact us in another way, for example by e-mail or telephone.

You can also deactivate Java Script in your browser and thus prevent the transfer of data to Google. To prevent the execution of Java Script code altogether, you can also install a Java Script blocker, such as the browser plug-in NoScript (e.g. www.noscript.net or www.ghostery.com).

Note: If the execution of JavaScript is deactivated, you will not be able to use the reCAPTCHA service or our contact and web forms equipped with reCAPTCHA.

 

B.9 Use of the Ecwid store system

We use the Ecwid store system. This is operated by the company Ecwid, Inc, 144 West D Street, Suite 103, Encinitas, California 92024, USA.

You can find more information on data protection at Ecwid here: https://www.ecwid.com/eu-privacy-policy

Note: Please note that your data is generally transferred to a server in the USA and stored there. The USA is considered by the European Court of Justice to have an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without the possibility of legal recourse.

Purpose of data processing

We use the store system so that you can order our company’s products directly and easily on our website.

Legal basis for data processing

The legal basis for storing non-essential cookies on the user’s device and accessing them is your consent in accordance with Section 25 (1) of the German Data Protection Act (TTDSG). The legal basis for the further processing of personal data using technically unnecessary cookies is Section 25(1) TTDSG Art. 6(1)(a) GDPR, i.e. the user’s consent.

In the case of an order, the legal basis for further data processing by us is Art. 6 (1) (b) GDPR, i.e. the fulfillment of the purchase contract concluded between you and us. In the run-up to the order, the same legal basis is relevant in the context of contract preparation (e.g. if you are interested in a purchase).

Duration of storage

In the case of an order, data is stored as part of the use of the store system until the end of the limitation period of the purchase contract concluded between you and us (usually three years after fulfillment of the purchase contract, starting on 31.12. of the year).

Right of objection and removal

You can prevent the collection and processing of your data by Ecwid by deactivating the execution of script code or Java Script in your browser or by installing a script blocker in your browser (e.g. www.noscript.net or www.ghostery.com).

Note: If the execution of Java Script is deactivated, you will not be able to use the store on our website.

 

B.10 Use of Font Awesome

We use the Font Awesome tool from the provider Fonticons. Inc, 6 Porter Road, Apartment 3R, Cambridge, MA 02140, USA. Font Awesome is a toolkit for fonts and symbols on websites based on CSS and Less.

In this context, the provider of Font Awesome collects, among other things, data on the browser, the operating system and the IP address.

You can find more information on data protection at Font Awesome here: https://fontawesome.com/privacy

Note: Please note that your data is usually transferred to a server in the USA and stored there. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection by EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without the possibility of legal recourse.

Purpose of the data processing

We use the tool to integrate certain fonts and symbols on our website.

Legal basis for data processing

The legal basis is the consent you have given us in accordance with Art. 6 (1) (a) GDPR.

Duration of storage

We do not store any personal data when you use the toolkit. In particular, the provider uses your IP address to load the fonts and symbols. To our knowledge, this information is deleted when it is no longer required, i.e. when you leave our website.

Possibility of objection and removal

You can revoke the consent you have given us at any time. This data processing will then no longer take place.

 

B.11 Use of the CDN service cloudfront.net

We use a CDN service on our website. A CDN service ensures that our website can be displayed worldwide, quickly and without delays or outages. This is achieved by storing the website on different servers of the service. The geographically closest or the best and fastest web server from the user’s access location is then used to load the website. As a result, the user’s IP address, the operating system on the end device and other information about the user’s end device and information about the browser used are processed on the web server of the CDN service. This is technically necessary in order to be able to access and display the website. It is also possible that further data transmissions that occur during the visit to the website are then processed via this web server of the CDN service, so that further user-related data could be exchanged in addition to the IP address.

We use the cloudflare.net service, which in turn belongs to Amazon Web Services (AWS). As the website is hosted on various web servers worldwide via the CDN service, it is also necessary to transfer usage-related data to non-EEA countries, i.e. countries outside the European Economic Area.

Note: Please note that many countries outside the European Economic Area EEA (so-called third countries) do not have an adequate level of data protection. However, when you use the website, your data is transferred to servers in such third countries (e.g. the USA) and stored there at least temporarily while you are using the website. There is therefore a particular risk that your data may be processed by authorities in these third countries for control and monitoring purposes, possibly without the possibility of legal recourse.

You can view the provider’s privacy policy and cookie policy here: https://aws.amazon.com/privacy/

Purpose of the data processing

Data processing via the CDN network takes place in order to be able to deliver and display the website to users quickly and reliably.

Legal basis for data processing

This data processing takes place on the basis of our overriding legitimate interest in the fast and reliable delivery of our website worldwide, i.e. in accordance with Art. 6 (1) (f) GDPR.

Duration of storage

The data is deleted as soon as it is no longer required, i.e. when the use of the website has ended, i.e. when the user leaves the website.

Possibility of objection and removal

The delivery of the data for the provision of the website and the temporary storage of the data on the corresponding web server is absolutely necessary for the operation of the website. Consequently, the user has no option to object to this. However, the user can stop using the website at any time and thus prevent the further collection of the aforementioned data.

 

B.12 Use of gstatic.com

We use gstatic.com on the website, a domain of Alphabet Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, United States of America (hereinafter “Google”).

This is a domain used by Google to move static content to another domain name in order to reduce bandwidth usage and improve network performance for the end user.

Note: Please note that your data is usually transferred to a server in the USA and stored there. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection by EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without the possibility of legal recourse.

Purpose of data processing

Data processing takes place in order to be able to deliver and display the website to users quickly and reliably. This applies in particular to image files, CSS files (i.e. files relating to the design of the website) and, if applicable, fonts.

Legal basis for data processing

This data processing takes place on the basis of our overriding legitimate interest in the fast and reliable delivery of our website worldwide, i.e. in accordance with Art. 6 para. 1 letter f) GDPR.

Duration of storage

CSS requests are stored temporarily for one day, font files for one year. Otherwise, information is stored until it is removed by the user or until the user’s Google account is deleted.

Objection and removal options

The delivery of the data for the provision of the website and the temporary storage of the data on the corresponding web server is absolutely necessary for the operation of the website. Consequently, the user has no option to object to this. However, the user can stop using the website at any time and thus prevent the further collection of the aforementioned data.

 

B.13 Use of the DoubleClick tool for retargeting advertising

DoubleClick is a service of Alphabet Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). DoubleClick uses cookies to present you with advertisements that are relevant to you. DoubleClick uses information (but not personal data such as your name or e-mail address) about your visits to this and other websites in order to display advertisements about products and services that are of interest to you. A pseudonymous identification number (ID) is assigned to your browser in order to check which ads have been displayed in your browser and which ads have been viewed. The cookies do not contain any personal information. The use of DoubleClick cookies only enables Google and its partner websites to display ads based on previous visits to our or other websites on the Internet. The information generated by the cookies is transmitted by Google to a server in the USA for analysis and stored there. A transfer of data by Google to third parties only takes place on the basis of legal regulations or in the context of order data processing. Under no circumstances will Google combine your data with other data collected by Google.

If you would like to find out more about these methods or would like to know what options you have to prevent this information from being used by DoubleClick, click here: www.google.de/policies/technologies/ads/.

You can find Google’s privacy policy here: https://policies.google.com/?hl=de

Note: Please note that your data is generally transferred to a server in the USA and stored there. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without the possibility of legal recourse.

Purpose of data processing

DoubleClick is used for the purpose of improving the quality of our website and its content by showing you advertising that is optimized to your actual individual needs and interests. This tells us how the website is used and enables us to constantly optimize our offering.

Legal basis for data processing

The legal basis for the processing of personal data is the user’s consent to the storage in and retrieval from their terminal device in accordance with Section 25 (1) TTDSG and, with regard to further data processing, consent in accordance with the GDPR pursuant to Art. 6 (1) (a) GDPR.

Duration of storage

The cookies are stored on the user’s computer and transmitted from there to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

Objection and removal options

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent Google from collecting the data generated by the cookies and relating to your use of the website and from processing this data by Google by downloading and installing the browser plug-in available under the following link under the DoubleClick deactivation extension. Alternatively, you can deactivate the DoubleClick cookies on the Digital Advertising Alliance website by clicking on the following link.

If you use Google Chrome or Chromium, then – in addition to the decisions made in the “Settings” menu – a plugin can be installed on the website https://www.google.com/settings/ads/plugin, which deactivates personalized advertising. Please note, however, that you will then receive just as much advertising as before – it will just no longer be tailored to your surfing habits.

 

B.14 Use of Google web fonts

External fonts are used on our website via the use of Google Web Fonts. Google Fonts is a service of Google Inc (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. These web fonts are integrated by a server call, usually a Google server in the USA. This tells the server which of our web pages you have visited. The IP address of the browser of the end device of the visitor to this website is also stored by Google.

Note: The USA is generally regarded by the European Court of Justice as a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for monitoring and surveillance purposes, possibly without any legal recourse.

If you have activated JavaScript in your browser and have not installed a JavaScript blocker, your browser may transmit personal data to Google. We do not know what data Google links to the data received and for what specific purposes Google uses this data. Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at https://www.google.de/intl/de/policies/.

Purpose of the data processing

The fonts are used for the purpose of an improved and distinctive presentation of our website for the user and thus also for our advertising and marketing interests.

For more information on the purpose and scope of data collection and the further processing and use of data by Google, as well as Google’s terms of use and privacy policy, as well as your rights in this regard and setting options for protecting your privacy, please refer to Google’s privacy policy at https://www.google.de/intl/de/policies/.

Legal basis for data processing

The legal basis for the processing of personal data is Art. 6 (1) (a) GDPR, i.e. your consent given in accordance with the GDPR.

Duration of storage

As a user, you can decide for yourself whether to execute the JavaScript code required for the tool via your browser settings. By changing the settings in your Internet browser, you can deactivate or restrict the execution of JavaScript and thus also prevent it from being saved. Note: If the execution of JavaScript is deactivated, it may no longer be possible to use all functions of the website to their full extent. Your browser will then load the standard fonts instead of the Google fonts.

Objection and removal option

You can prevent the execution of the Java Script code required for the tool by setting your browser software accordingly.

To prevent the execution of JavaScript code altogether, you can also install a JavaScript blocker, such as the browser plugin NoScript or Ghostery (e.g. www.noscript.net or www.ghostery.com).

 

B.15 Use of an analysis tool integrated into the website (Site Analytics)

An analysis tool is integrated into our website, which collects information about visitors to the website by setting cookies. This includes, in particular, the browser used and the browser language settings (language), the date and time of the visit to the website, information about the end device used (in particular operating system, screen resolution, etc.), the visitor’s time zone, the extent of data usage on our website (e.g. downloads), the anonymized IP address, the pages visited on our website and the web address from which the visitor came to our site (referrer URL).

Note: Please note that your data will be transferred to a server in the USA and stored there. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without the possibility of legal recourse.

Purpose of data processing

It is not possible for us to recognize from this information which person or which end device has specifically visited our website. This is also not important to us. Rather, we only want to obtain general information about website usage in order to be able to make further decisions about the design and content of the website.

Legal basis for data processing

The legal basis for the processing of personal data is the user’s consent to the storage and retrieval of cookies on their end device in accordance with Section 25 (1) TTDSG and, with regard to further data processing, consent in accordance with the GDPR pursuant to Art. 6 (1) (a) GDPR. The legal basis for the transfer of data to the USA is consent in accordance with Art. 49 (1) (a) GDPR.

Duration of storage

The cookie is only stored during your visit to the website and is deleted when you leave the website (end of session). The data collected using the cookie is stored in a non-personalized form for the above-mentioned purpose until the purpose no longer applies or consent is withdrawn.

Possibility of objection and removal

You can prevent the storage of cookies by selecting the appropriate settings in your browser software. You can also delete cookies that have already been saved in your browser settings.

You can also prevent data processing by not giving your consent or by withdrawing consent you have already given, which you can do at any time.

 

B.16 Use of personalization integrated into the website (site personalization)

Integrated into our website is the option of saving the user’s individual settings for subsequent visits so that they can then be called up again. For this purpose, cookies are stored in the visitor’s browser after consent has been given. These record the date of the visit, the total number of visits and information about the end device used (see section B.16 and the data specified there).

Note: Please note that your data will be transferred to a server in the USA and stored there. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without the possibility of legal recourse.

Purpose of the data processing

Data processing is carried out to enable customization and personalization of the website experience for visitors.

Legal basis for data processing

The legal basis for the processing of personal data is the user’s consent to the storage and retrieval of cookies on their end device in accordance with Section 25 (1) TTDSG and, with regard to further data processing, consent in accordance with the GDPR pursuant to Art. 6 (1) (a) GDPR. The legal basis for the transfer of data to the USA is consent in accordance with Art. 49 (1) (a) GDPR.

Duration of storage

We do not store the data. The information stored in the stored cookie is stored for one year and then deleted.

Possibility of objection and removal

You can prevent the storage of cookies by setting your browser software accordingly. You can also delete cookies that have already been saved in your browser settings.

You can also prevent data processing by not giving your consent or by withdrawing consent you have already given, which you can do at any time.

 

B.17 Encryption of the website and communication

All protected areas and forms on the website and thus the data transmissions via these are encrypted in accordance with the SSL standard (HTTPS).

 

B.18 Transfer of personal data to a third country

Personal data may be transferred to the United States of America (USA).

The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without the possibility of legal recourse.

We have clearly noted this at the top of each individual tool.

The companies concerned have subjected themselves to a level of regulation comparable to the EU level of data protection by bindingly agreeing to the EU Standard Contractual Clauses (SCC, see Article 46 (2) c) GDPR). The transfer of data to these companies is therefore generally permitted.

Furthermore, in the case of order processing, corresponding order processing contracts have been concluded with these companies to secure the data and our rights to issue instructions.

If you consciously click on a button or voluntarily use one of the services of one of these companies on our website and thus trigger a data transfer outside the EU or the EEA, the following applies: You also consent to your data being processed in the USA in accordance with Art. 49 para. 1 sentence 1 letter a) GDPR.

C. Rights of data subjects

If your personal data is processed, you are a “data subject” and you have the following rights vis-à-vis us as the controller

C.1 Right to information

You have the right to obtain confirmation from us free of charge as to whether we are processing personal data concerning you. If this is the case, you have a right to information about this personal data and to further information, which you can find in Art. 15 GDPR. You can contact us by post or email for this purpose.

C.2 Right to rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. You also have the right – taking into account the purposes of processing mentioned above – to request the completion of incomplete personal data, including by means of a supplementary declaration. You can contact us by post or email for this purpose.

C.3 Right to erasure

You have the right to demand the immediate erasure of personal data concerning you if one of the requirements of Art. 17 GDPR is met. You can contact us by post or email to exercise this right.

C.4 Right to restriction of processing

You have the right to demand that we restrict processing if one of the requirements of Art. 18 GDPR is met. You can contact us by post or email to exercise this right.

C.5 Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed of these recipients by the controller.

C.6 Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit this data to another controller without hindrance from us if the requirements of Art. 20 GDPR are met. You can contact us by post or email for this purpose.

C.7 Right to object to processing based on legitimate interest and to direct marketing

If, in exceptional cases, we process personal data on the basis of Art. 6(1)(f) GDPR (i.e. for legitimate interests), you have the right to object to the processing of your personal data by us at any time on grounds relating to your particular situation. If we cannot demonstrate compelling legitimate grounds for further processing which override your interests, rights and freedoms, or if we process your data for direct marketing purposes, we will no longer process your data (see Art. 21 GDPR). You can contact us by post or email to do this.

A technical procedure that you use, e.g. clear technical information that your web browser sends us (“do-not-track” message), is also considered an objection in this sense.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

C.8 Right to withdraw consent given

You have the right to withdraw your consent to the collection and use of personal data at any time with effect for the future. To do so, you can contact us by post or email. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

C.9   Automated decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Unless the decision is necessary for the conclusion or performance of a contract between you and us, it is permissible on the basis of Union or Member State legislation to which we are subject and this legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or the decision is made with your express consent.

We do not carry out such automated decision-making.

C.10   Voluntary nature of the provision of data

If the provision of personal data is required by law or contract, we will always point this out when collecting the data. In some cases, the data collected by us is required for the conclusion of a contract, namely if we would otherwise not be able to fulfill our contractual obligation to you, or not sufficiently. You are under no obligation to provide the personal data. However, failure to provide it may mean that we are unable to perform or offer a service, action, measure or similar requested by you or that it is not possible to conclude a contract with you.

C.11 Right to lodge a complaint with a supervisory authority

Without prejudice to any other rights, you have the right to lodge a complaint with a data protection supervisory authority at any time, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes data protection law.

Status of this data protection notice: 22.11.2022

Contact us

No results