With the following Privacy Policy, we aim to inform you about what types of your personal data (hereinafter also referred to as “Data”) we process, for what purposes, and to what extent. This Privacy Policy applies to all processing of personal data that we carry out, both in the context of providing our services and, in particular, on our websites, mobile applications, and external online presences, such as our social media profiles (hereinafter, collectively, the “Online Service”).
The terms used are gender-neutral. Date: July 17, 2023.
The following summary outlines the types of data processed and the purposes of their processing, referring to the affected individuals.
Applicable legal bases under the GDPR: Below is a summary of the GDPR legal bases upon which we rely for the processing of personal data. Please note that, in addition to GDPR provisions, national data protection regulations may apply in your country of residence or ours. If there are more specific legal bases in individual cases, you will be informed of them in the Privacy Policy.
In addition to the GDPR data protection regulations, there are national data protection regulations in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains specific provisions, in particular, on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making, including profiling. Additionally, state-level data protection laws of the various federal states in Germany may be applicable.
These data protection indications serve both to provide information in accordance with the Swiss Data Protection Act and the General Data Protection Regulation (GDPR). Therefore, please note that, due to broader geographical application and general understanding, we use GDPR terms. Specifically, instead of the terms “processing” of “personal data” and “predominant interest” used in the Swiss Data Protection Act, we use the terms “processing” of “personal data” and “legitimate interests” from the GDPR. However, the legal meaning of the terms continues to be determined in accordance with the Swiss Data Protection Act to the extent that they are available.
Rights of the data subjects according to the GDPR: As an affected individual, you have various rights under the GDPR, which particularly derive from Articles 15 to 21 of the GDPR:
Cookies are small text files or other storage notes that store information on end devices and retrieve information from these devices. For example, to store the login status in a user account, the contents of a shopping cart in an online store, accessed content, or functions used in an online offer. Cookies can also be used for various purposes such as functionality, security, and convenience of online offers, as well as for creating visitor flow analyses.
Notes on Consent: We use cookies in accordance with legal regulations. Therefore, we request prior consent from users unless required by law. Consent is not necessary, in particular, if the storage and reading of information, including cookies, are absolutely necessary to provide users with a telecommunications service desired by them (our online offer). Absolutely necessary cookies usually include cookies with functions that relate to the display and functionality of the online offer, load distribution, security, storage of user preferences and options, or similar purposes related to the provision of main and secondary functions of the online offer requested by users. Revocable consent is clearly communicated to users and includes information about the specific use of cookies.
Notes on Legal Bases for Data Protection: The legal basis on which we process users’ personal data using cookies depends on whether we request users’ consent. If users give their consent, the legal basis for processing their data is the declared consent. Otherwise, data processed using cookies is based on our legitimate interests (e.g., in the commercial operation of our online offer and improving its usability) or, if this is carried out in fulfillment of our contractual obligations, if the use of cookies is necessary to fulfill our contractual obligations. The purposes for which we process cookies will be explained in detail in this privacy policy or in the context of our consent and processing procedures.
Storage Duration: In terms of storage duration, the following types of cookies are distinguished: • Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest after a user leaves an online offer and closes their end device (e.g., browser or mobile app). • Persistent cookies: Persistent cookies are stored even after closing the end device. For example, the login status or preferred content can be stored directly when a user revisits a website. It is also possible to use data collected through cookies to measure reach. If we do not provide users with explicit information about the type and duration of cookie storage (e.g., as part of obtaining consent), it is assumed that cookies are permanent and that the storage duration can be up to two years.
Legal Bases: Legitimate interests (Article 6(1)(f) of the GDPR); Consent (Article 6(1)(a) of the GDPR).
Cookie Data Processing Based on Consent: We employ a cookie consent management process wherein user consents for cookie usage, as well as operations and providers mentioned in the cookie consent management process, are obtained, managed, and revoked. In this process, the consent declaration is stored to avoid the need for repetitive requests and to be able to demonstrate consent in accordance with legal obligations. Storage can occur on the server and/or in a cookie (referred to as an “Opt-In Cookie” or similar technologies) to assign consent to a user or device. Subject to specific information provided by cookie management service providers, the following notes apply: The storage duration of consent can be up to two years. In this case, a pseudonymous user identifier is created and stored along with the time of consent, details about the scope of consent (e.g., categories of cookies and/or service providers), and the browser, system, and end device used; Legal basis: Consent (Article 6(1)(a) of the GDPR).
We process user data in order to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.
When you communicate with us (e.g., via postal mail, contact form, email, phone, or through social media), as well as within the scope of existing relationships with users and businesses, data provided by individuals making inquiries is processed to the extent necessary to respond to contact inquiries and any requested actions.
We maintain an online presence on social media platforms and in this context, we process user data to communicate with active users there or to provide information about us. It should be noted that in this process, user data may be processed outside the European Economic Area. This can pose risks to users, as, for example, the enforcement of user rights could be more challenging. Furthermore, user data within social networks is generally processed for market research and advertising purposes. For instance, user profiles may be created based on usage behaviour and resulting interests of users. These user profiles can then be used to display ads that presumably match the users’ interests both within and outside the networks. For these purposes, cookies are usually stored on users’ computers, where users’ usage behaviour and interests are saved. Moreover, user profiles may also contain data independent of the devices used by users (especially if users are members of the respective platforms and are logged into them). For a detailed description of the respective processing methods and options for objection (Opt-Out), please refer to the privacy policies and information provided by the operators of the respective networks. Also, in the case of information inquiries and the exercise of data subject rights, we point out that these can be most effectively exercised with the providers. Only the providers have access to user data and can take appropriate measures and provide direct information. If you need assistance, you can contact us.
More information about processing, procedures, and services:
In this section, you will find an overview of the terminologies used in this privacy policy. Where the terminologies are legally defined, their legal definitions apply. The following explanations are primarily intended to aid understanding.