Privacy

1. Foreword

Data protection has a particularly high priority for ZVO GmbH.

This data protection declaration informs you about the type, scope and purpose of the processing of personal data within our online offer and the websites, functions and content connected with it (hereinafter jointly referred to as "online offer" or "website"). The privacy policy applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) used on which the online offer is executed.

2. Responsible Party


The responsible party within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

ZVO GmbH
Tullastraße 58
76131 Karlsruhe

Tel.: 06201 7101212
E-Mail: office@crcie.com
Website: www.zvo-gmbh.de

3. Data protection officer


The data protection officer of the controller is:

DSBX GmbH
Gablonzer Str. 4
76185 Karlsruhe
Germany

Tel.: 0721 98615899
E-mail: zvo@dsbx.one

Any data subject may contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

4. Definition of terms

Our data protection declaration is based on the terms used by the European Directive and Ordinance Maker when adopting the General Data Protection Regulation (DSGVO). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners.

To ensure this, we would like to explain the terminology used in advance. The terminology used, such as "personal data" or its "processing" are defined in Article 4 of the General Data Protection Regulation (GDPR).
We use the following terms, among others, in this privacy policy:

Personal data


Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

Data subject


Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

 

Processing


Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

RESTRICTION OF PROCESSINGY
RESTRICTION OF PROCESSING IS THE MARKING OF STORED PERSONAL DATA WITH THE AIM OF LIMITING THEIR FUTURE PROCESSING.

 

Profiling


Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

 

Pseudonymization


Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

 

Controller or person responsible for processing


The controller or data processor is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

 

Processor


Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.

 

Recipient


Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered as recipients.

 

Third party


Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

 

Consent


Consent shall mean any freely given indication of the data subject's wishes for the specific case in an informed and unambiguous manner, in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

 

Statistical coverage measurement


Statistical coverage measurement includes procedures that are primarily intended to analyze the use of the website. This includes, for example, information such as length of stay, end device used, language settings, origin, region, location or user actions. This can be done in particular through technologies such as Java Script, cookies and tracking pixels.

 

Tracking


Tracking includes procedures that primarily focus on the evaluation of visitors. This includes, in particular, all those procedures that enable the identification of the user and an analysis of the behavior over a longer period of time in order to assign personal characteristics or interests to the user (profiling). On the basis of such user profiles, if applicable, advertising measures can be played out to a specific user in a more targeted and personalized manner.

 

5. General information on data processing

Scope of the processing of personal data


As a matter of principle, we collect and use personal data of our users only to the extent necessary to provide a functional website and our content and services. The collection and use of personal data of our users is regularly only carried out with the consent of the user. An exception applies in those cases in which it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by legal regulations.

Legal basis for rhe processing of personal data


Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) p. 1 lit. a EU General Data Protection Regulation (DSGVO) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) p. 1 lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) p. 1 lit. c DSGVO serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) p. 1 lit. d DSGVO serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1) p. 1 lit. f DSGVO serves as the legal basis for the processing.

Deletetion of data and storage period


The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject.
Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

6. Techninal and organization measures


In order to ensure that personal data cannot be read, copied, changed or removed by unauthorized persons during electronic transmission, transport or storage on data carriers, we use a state-of-the-art encryption procedure in accordance with Art. 9 DSGVO.

This site uses TLS encryption (Transport Layer Security) for security reasons and to protect the transmission of confidential content, such as requests you send to our system. This means that data that you transmit to our system cannot be read by third parties without further ado.
You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

7. Provision of the website and creation of log files


Description and scope of data processing


Each time our website is called up, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected in this process:

Information about the browser type and the version used
the user's operating system
the IP address of the user
the date and time of access
websites from which the user's system accesses our website
websites that are accessed by the user's system via our website

7.1.3 The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

Legal basis for data processing


The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 p. 1 lit. f DSGVO.

Purpose of data processing


The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 p. 1 lit. f DSGVO.

Duration of storage


The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

Possibility of objection and elimination


The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

8. Use of coockies


Description and scope of data processing


We use so-called cookies on this website based on our legitimate interests. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user calls up a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

Technically unnecessary coockies


If we use cookies other than those that are technically necessary, you will be informed of this on the website.

Legal basis for data processing


The legal basis for the processing of personal data using cookies for analysis, marketing and/or tracking purposes, if the user has given his consent in this regard, is Art. 6 para. 1 p. 1 lit. a DSGVO.

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 p. 1 lit. a DSGVO if the user has given his consent in this regard. If there is no consent of the user, the legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO.

Purpose of data processing


The use of technically necessary cookies is for the purpose of simplifying the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. The user data collected through technically necessary cookies are not used to create user profiles.

Duration of storage, possibility of objection and elimination


Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

When calling up our website, users are informed by an info banner about the use of cookies and the user is asked whether he or she also agrees to the setting of the named cookies. The user can freely decide whether to make a selection as well as whether consent is given. If the user does not give consent, no / only technically necessary cookies are set and no further storage of cookies takes place.

When requesting an insurance quote, depending on the type of insurance chosen, the following data is required:

Tariff
Salutation
First and last name
Street and house number
Zip code and city
E-mail address
Date of birth
Health insurance
Height and weight
Copy of identity card
Bank details
All other questions regarding previous insurances or questions regarding health status vary depending on the insurance company and result from the respective insurance request or application.

At the time of sending the message, the following data will also be stored:

IP address of the calling computer
Date and time of registration

For the processing of data, your consent is obtained during the submission process and reference is made to this privacy policy.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data will be used exclusively for the processing of the conversation, for consultation or preparation of an application to an insurance company.

Legal basis for data processing


The legal basis for the processing of the data is Art. 6 para. 1 p. 1 lit. a DSGVO if the user has given his consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 p. 1 lit. f DSGVO.
If the contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. b DSGVO.

Purpose of data processing


The processing of personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of storage


The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process is not stored.

Possibility of objection and cancellation


The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
Revocation and objection are also possible in particular in text form by e-mail to our aforementioned e-mail address. In order to make it easier for us to clearly assign the data, the revocation should, if possible, be sent from the e-mail address that is also linked to possible data of the user.
All personal data stored in the course of contacting us will be deleted in this case, provided that tax and/or commercial regulations do not prevent this. If deletion is necessary due to legal tax and/or commercial regulations (e.g. § 147 para. 1 AO, § 257 para. 1 HGB), the user will be informed separately.

10. Data transmission to partners / boker pools 


Description and scope of data processing


In order to obtain an individual insurance offer for you within the scope of our business purpose, we currently work together with so-called broker pools. This involves the pooling and forwarding of contract applications to possible product providers.

Our cooperation is with the following entities:

blau direkt GmbH, Kaninchenborn 31, 23560 Lübeck

FondsFinanz maklerservice GmbH, Riesstraße 25, 80992 München

As the person responsible, we keep a continuously updated list of broker pools with which we cooperate on a basis of trust. An up-to-date list can also be requested from the person responsible at any time.

Your data will only be passed on on the basis of your prior separate consent to such a transfer for the purpose of obtaining an insurance quote for you as a customer. Without your consent, your data will not be passed on to third parties in this context.

In the event of your consent, you hereby agree that the data controller may transmit data to the aforementioned entities for the aforementioned business purpose in order to store, modify and use it there. The following personal data, which the responsible person has collected from you in connection with the execution of the contract, may be transmitted:

Personal data, such as name, address, date of birth, gender, marital status, social status, profession or comparable data,
required data on income and financial circumstances,
risk-relevant data, in particular health data about you,
data on existing contracts, in particular applications, premiums, risk and contract changes or comparable data,
data that must be collected in accordance with statutory obligations to provide information, advice and documentation.
You also consent to the aforementioned entities transmitting the aforementioned data to product providers of insurance companies or transmitting data to the person responsible within the scope of the business purpose.

The responsible person does not carry out certain tasks which may involve the collection, processing or use of your health data himself/herself, but delegates the execution to some of these bodies. If your data protected under Section 203 of the German Criminal Code (StGB) is disclosed in this context, a release from the obligation to maintain confidentiality will be required for these offices, if necessary.

The responsible person keeps a continuously updated list of the offices that collect, process or use health data for the responsible person in accordance with the agreement, stating the tasks transferred. An updated list may be requested from the responsible party at any time. For the disclosure of your health data to and use by the bodies named in the list, the responsible person requires this consent from you.

In particular, you consent to the responsible party transferring your health data to the previously named entities and to the health data being collected, processed and used there for the above-mentioned business purpose to the same extent as the responsible party would be permitted to do so. To the extent necessary, the employees of the responsible party and the aforementioned offices are released from their duty of confidentiality with regard to the transfer of health data and other data protected under Section 203 of the German Criminal Code (StGB).

Legal basis for data processing


The legal basis for the processing of the data is Art. 6 para. 1 p. 1 lit. a DSGVO if the user has given his consent.
If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. b DSGVO.

Purpose of data processing


The processing as well as the forwarding of the personal data from the input mask is carried out for processing by us as well as the generation of an insurance application via the broker pool.

Duration of storage


The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected and provided that tax and/or commercial regulations do not conflict with this. For the personal data from the input mask of the form, this is therefore regularly the case when the respective application has been generated for you and sent to you.

Possibility od objection and cancellation


The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he or she can object to the storage as well as the transfer of his or her personal data at any time.

In such a case, the generation of an insurance application cannot be continued.

All personal data stored in the course of the transmission through the form will be deleted in this case, provided that tax and/or commercial law regulations do not oppose this. If deletion is not possible due to legal tax and/or commercial regulations (e.g. § 147 para. 1 AO, § 257 para. 1 HGB), the user will be informed separately.

11. Google analytics


Scope of the data processing of personal data


Based on our legitimate interests, we use the web analytics service Google Anayltics of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). In the case of access by users who do not have their habitual residence in the European Economic Area or Switzerland, inquiries to Google could be made via servers of the company Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We have no influence on a possible forwarding of requests by Google.

Google Inc. has recognized the standard contractual clauses of the EU Commission for the transfer of personal data to third countries and thereby offers a guarantee of compliance with European data protection law

The use is made to analyze the surfing behavior of our users.

Prior to the start of any web analysis, the user's consent to the corresponding processing of their data is obtained and reference is made to this privacy policy.

Google uses cookies. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server and stored there.

By setting the cookie, Google is enabled to analyze the use of our website. By each call of one of the individual pages of this website, which is operated by the controller and on which a Google Analytics component has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently enable commission calculations.

By means of the cookie, personal information, for example the access time, the location from which an access originated and the frequency of visits to our website by the data subject, is stored. Each time the data subject visits our website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical procedure to third parties.

If individual pages of our website are called up, the following data is stored:

Two bytes of the IP address of the user's calling system.
The website called up
The website from which the user accessed the accessed website (referrer)
The subpages accessed from the accessed website
The time spent on the website
The frequency with which the website is accessed

Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and the Internet. In doing so, pseudonymous usage profiles of the users can be created from the processed data.

The IP address transmitted by the user's browser is not merged with other data from Google.

We use Google Analytics to display the ads placed by within advertising services of Google and its partners, only to those users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited), which we transmit to Google (so-called "Remarketing Audiences", or "Google Analytics Audiences"). With the help of Remarketing Audiences, we also want to ensure that our ads correspond to the potential interest of users and do not have a harassing effect.

Wir setzen Google Analytics nur mit aktivierter IP-Anonymisierung ein. Das bedeutet, die IP-Adresse der Nutzer wird von Google gekürzt. Nur in Ausnahmefällen wird die volle IP-Adresse an einen Server von Google übertragen und dort gekürzt.

Rechtsgrundlage für die verarbeitung personenbezogener Daten

Rechtsgrundlage für die Verarbeitung der personenbezogenen Daten der Nutzer zum Zwecke statistischer Reichweitenmessung ist Art. 6 Abs. 1 S. 1 lit. f DSGVO.

Rechtsgrundlage für die Verarbeitung der personenbezogenen Daten der Nutzer zum Zwecke des Tracking ist Art. 6 Abs. 1 S. 1 lit. a DSGVO.

Zweck der Datenverarbeitung

The processing of the users' personal data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. In these purposes also lies our legitimate interest in processing the data in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO.

By anonymizing the IP address, the interest of users in their personal data protection is sufficiently taken into account.

Duration of storage


The data is deleted as soon as it is no longer required for our recording purposes.

In our case, this is after 26 months.

Possibility of objection and removal


Cookies are stored on the user's computer and transmitted by it to our site and Google. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

Users may prevent the storage of cookies by selecting the appropriate settings on their browser software; users may also prevent the collection of data generated by the cookie and related to their use of the online offer from Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

This browser plugin tells Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics. The installation of the browser plugin is considered by Google as an objection. If the information technology system of the data subject is deleted, formatted or reinstalled at a later time, the data subject must reinstall the browser plug-in in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within the data subject's sphere of control, it is possible to reinstall or reactivate the browser plug-in.

For more information about Google's use of data, settings and opt-out options, please visit the Google websites: https://www.google.com/intl/de/policies/privacy/partners ("Google's use of data when you use our partners' websites or apps"), https://www.google.com/policies/technologies/ads ("Use of data for advertising purposes"), https://www.google.de/settings/ads ("Manage the information Google uses to serve you ads").

Tracking takes place exclusively on the basis of previously granted consent of the user. The consent can be revoked at any time.

12. Google re/marketing services


Description and scope of data processing


We use the marketing and remarketing services (in short "Google marketing services") of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") on the basis of our legitimate interests. In the case of access by users who do not have their usual place of residence in the European Economic Area or Switzerland, inquiries to Google could be made via servers of the company Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We have no influence on a possible forwarding of requests by Google.

Google Inc. has recognized the EU Commission's standard contractual clauses for the transfer of personal data to third countries and thereby offers a guarantee of compliance with European data protection law.

The Google marketing services allow us to display advertisements for and on our website in a more targeted manner in order to present users only with ads that potentially match their interests. If, for example, a user is shown ads for products he or she was interested in on other websites, this is referred to as "remarketing". For these purposes, when our website and other websites on which Google marketing services are active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com.This file records which web pages the user has visited, which content the user is interested in and which offers the user has clicked on, as well as technical information about the browser and operating system, referring web pages, time of visit and other information about the use of the online offer. The IP address of the user is also recorded, whereby we inform Google Analytics that the IP address is shortened and only in exceptional cases transferred in full to a Google server and shortened there. The IP address is not merged with data of the user within other offers of Google. The aforementioned information may also be combined on the part of Google with such information from other sources. If the user subsequently visits other websites, he can be shown ads tailored to his interests.

User data is processed pseudonymously as part of Google's marketing services. I.e. Google does not store and process e.g. the name or email address of the users, but processes the relevant data cookie-related within pseudonymous user profiles. I.e. from Google's perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected by Google marketing services about users is transmitted to Google and stored on Google servers.

The Google marketing services we use include the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". Cookies can therefore not be tracked across the websites of AdWords customers. The information obtained using the cookie is used to create conversion statistics for AdWords customers who have opted in to conversion tracking. The AdWords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to identify users personally.

We may integrate third-party advertisements based on the Google marketing service "DoubleClick". DoubleClick uses cookies that enable Google and its partner websites to serve ads based on users' visits to this website or other websites on the Internet.

We may include third-party advertisements based on Google's "AdSense" marketing service. AdSense uses cookies that enable Google and its partner websites to display ads based on users' visits to this website or other websites on the Internet. By each call of one of the individual pages of this website, which is operated by the controller and on which a Google AdSense component has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Google AdSense component to transmit data to Google for the purpose of online advertising and commission accounting. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently enable commission settlements.

Google AdSense also uses so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in Internet pages to enable log file recording and log file analysis, whereby a statistical evaluation can be performed. By means of the embedded tracking pixel, Google can see whether and when a web page was opened by a data subject and which links were clicked by the data subject. Among other things, tracking pixels are used to evaluate the flow of visitors to a website.

For more information about Google AdSense, please visit https://www.google.de/intl/de/adsense/start/.

We can also use the "Google Optimizer" service. Google Optimizer allows us to track the effects of various changes to a website (e.g. changes to the input fields, design, etc.) as part of so-called "A/B testing". Cookies are placed on users' devices for these testing purposes. Only pseudonymous data of the users is processed in the process.
Furthermore, we may use the "Google Tag Manager" to integrate and manage Google analytics and marketing services on our website.

For more information about Google's use of data for marketing purposes, please see the overview page: https://www.google.com/policies/technologies/ads, Google's privacy policy is available at https://www.google.com/policies/privacy.

Legal basis for data processing


The legal basis for the processing of the users' personal data for tracking purposes is Art. 6 para. 1 p. 1 lit. a DSGVO if the user has given his consent in this regard.

The legal basis for the processing of the users' personal data for the purpose of statistical coverage measurement is in each case Art. 6 para. 1 p. 1 lit. f DSGVO.

The legal basis for the processing of the users' personal data is furthermore Art. 6 para. 1 p. 1 lit. f DSGVO.

Purpose of data processing


The data processing is carried out in the interest of the analysis, optimization and economic operation of the online offer.

Duration of storage


The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

Possibility of objection and elimination


If you wish to object to interest-based advertising by Google marketing services, you can use the settings and opt-out options provided by Google: https://www.google.com/ads/preferences.

Consent can be revoked at any time.

13. Google Fonts


Scope of the processing of personal data


We use the Google Fonts service of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") on the basis of our legitimate interests. In the case of access by users who do not have their habitual residence in the European Economic Area or Switzerland, inquiries to Google could be made via servers of the company Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We have no influence on a possible forwarding of requests by Google.

Google Inc. has recognized the standard contractual clauses of the EU Commission for the transfer of personal data to third countries and thereby offers a guarantee of compliance with European data protection law.

Google Fonts provides an intuitive and robust directory of open source designer web fonts. With an extensive catalog, typography can be seamlessly incorporated and integrated into any design project.

The service is used to embed fonts (web fonts) on our websites. The integration of Google Fonts is done by a server call at Google, regularly via the URL https://fonts.google.com. The fonts come from various designers and are open source.

When users call up our online offer, a request is usually transmitted to a Google server, where it is stored and processed.

Technically, the fonts embedded in our website are stored on a Google server and then loaded from there when the page is called up. By using Google Fonts, Google's servers send corresponding file to each user based on the technologies supported by the user's browser.

The connection to Google Fonts is not authenticated. When visiting our online presence, no cookies or login information are sent to Google via the Google Fonts service. Corresponding requests to the servers of the Google Fonts service are made to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com, so that requests for fonts are basically separate from login information that is otherwise sent to domains of Google, for example google.com or google.de, and may be authenticated.

Google Fonts logs records of CSS and font file requests. Google assigns aggregate usage numbers to how popular font families are for statistical purposes and publishes these results on an Analytics page (https://fonts.google.com/analytics).

More information about the Google Fonts service can be found at https://developers.google.com/fonts/faq.

Legal basis for the processing of personal data


The legal basis for the processing of users' personal data is Art. 6 para. 1 p. 1 lit. f DSGVO.

Purpose of data processing


Data processing is carried out in the interest of analyzing, optimizing and economically operating the online offer in order to integrate content or service offers from third-party providers or their content and services.

We use Google Fonts to design our website independently of the fonts installed on the user's computer, the so-called system fonts, and to ensure a consistent display image on different systems.
The purpose and scope of the data collection and the further processing and use of the data by Google can be found in the Google privacy policy at https://policies.google.com/privacy?hl=de.

Duration of storage


The data will be deleted as soon as it is no longer required for our recording purposes.

Possibility of objection and removal

Further information on data use by Google, setting and objection options can be obtained on the websites of Google https://www.google.com/intl/de/policies/privacy/partners ("Data use by Google when you use websites or apps of our partners"), https://www.google.com/policies/technologies/ads ("Data use for advertising purposes"), https://www.google.de/settings/ads ("Manage information that Google uses to display advertising to you").

14. Facebook, custom audience and facebook marketing services


Description and scope of data processing


Based on our legitimate interests, we use a so-called "Facebook pixel" of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). When accessed by users who do not have their habitual residence in the European Economic Area, requests to Facebook could be made via servers of the company Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. We have no influence on a possible forwarding of requests by Facebook.

Facebook Inc. has recognized the standard contractual clauses of the EU Commission for the transfer of personal data to third countries and thereby offers a guarantee of compliance with European data protection law.

With the help of the Facebook pixel, it is possible for Facebook to determine the visitors to our online offer as a target group for the display of ads (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").

Furthermore, when using the Facebook Pixel, we use the additional function "extended matching" (data such as telephone numbers, e-mail addresses or Facebook IDs of users) to create target groups ("Custom Audiences" or "Look Alike Audiences") are transmitted to Facebook (encrypted). Further information on "advanced matching": https://www.facebook.com/business/help/611774685654668).

Also based on our legitimate interests, we use the "Custom Audiences from File" procedure from Facebook. In this case, the email addresses of the newsletter recipients are uploaded to Facebook. The upload process is encrypted. The upload is used solely to determine recipients of our Facebook ads. In this way, we want to ensure that the ads are only displayed to users who are interested in our information and services.

The processing of data by Facebook takes place within the framework of Facebook's data usage policy. Accordingly, general information on the display of Facebook ads, in Facebook's data usage policy: https://www.facebook.com/policy.php. Specific information and details about the Facebook Pixel and how it works can be found in Facebook's help section: https://www.facebook.com/business/help/651294705016616.

Legal basis for data processing


The legal basis for the processing of the users' personal data for the purpose of statistical range measurement is in each case Art. 6 para. 1 p. 1 lit. f DSGVO.

The legal basis for the processing of the users' personal data for the purpose of tracking is in each case Art. 6 para. 1 p. 1 lit. a DSGVO if the user has given his consent in this regard.

Duration of storage


At any time during the term of Customer's Subscription, Customer may access, extract, and delete Customer Data stored in any Online Service.

With the exception of free trials and LinkedIn services, Microsoft will retain Customer Data that remains stored in the Online Services in a restricted feature account for 90 days after Customer's subscription expires or is terminated to allow Customer to extract the data. At the end of the 90-day retention period, Microsoft will deactivate Customer's account and delete Customer Data and Personal Data within an additional 90 days; unless Microsoft is entitled, required, or authorized to retain such data under applicable law.

Opt-Out and Redress


Microsoft will enable Customer to comply with requests from Data Subjects to exercise their rights under the GDPR in a manner consistent with the function of the Online Service and Microsoft's role as a Processor of Data Subjects' Personal Data. If Microsoft receives a request from a Customer Data Subject to exercise one or more of his or her rights under the GDPR in connection with an Online Service for which Microsoft is a processor or sub-processor, Microsoft will refer the Data Subject to direct his or her request to Customer. Customer is responsible for responding to such request, including, if necessary, by using the functionality of the Online Service. Microsoft will honor reasonable requests by Customer for assistance in responding to Data Subject inquiries.

16. Ms Teams


Scope of processing of personal data


We use the Microsoft Teams service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft") based on our legitimate interests.

The Microsoft Teams service is a central hub for collaboration and communication. The service is a so-called core online service of Microsoft.

Any Personal Data processed by Microsoft in connection with the Online Services will be received as Customer Data, Diagnostic Data or Service Generated Data. Personal Data provided to Microsoft by or on behalf of Customer through use of the Online Service is also Customer Data.

Pseudonymized identifiers can be contained in diagnostic data or service-generated data and are also personal data. Personal data that has been pseudonymized or is no longer directly identifiable but has not been anonymized, as well as personal data derived from personal data, is also personal data.

The types of personal data that Microsoft processes in providing the Online Service include: Personal Data that Customer chooses to include in Customer Data and Personal Data specifically identified in Article 4 of the GDPR that may be included in Diagnostic Data or Service Generated Data.

The types of personal data Customer wishes to include in Customer Data may be any category of personal data identified in records maintained by Customer acting as a Controller under Article 30 of the GDPR.

Microsoft has accepted the EU Commission's standard contractual clauses for the transfer of personal data to third countries, thereby providing a guarantee of compliance with European data protection law.

Legal basis for the processing of personal data


The legal basis for the processing of users' personal data is Art. 6 para. 1 p. 1 lit. f DSGVO.

Purpose of data processing


Microsoft will use and otherwise process Customer Data and Personal Data only to provide the Online Services to Customer in accordance with Customer's documented instructions and to pursue legitimate Microsoft business activities related to providing the Online Services to Customer. For more information, see https://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=2&Keyword=DPA and https://go.microsoft.com/fwlink/p/?linkid=873404.

Duration of storage


At any time during the term of Customer's Subscription, Customer may access, extract, and delete Customer Data stored in any Online Service.

With the exception of free trials and LinkedIn services, Microsoft will retain Customer Data that remains stored in the Online Services in a restricted feature account for 90 days after Customer's subscription expires or is terminated to allow Customer to extract the data. At the end of the 90-day retention period, Microsoft will deactivate Customer's account and delete Customer Data and Personal Data within an additional 90 days; unless Microsoft is entitled, required, or authorized to retain such data under applicable law.

Opt-Out and redress


Microsoft will enable Customer to comply with requests from Data Subjects to exercise their rights under the GDPR in a manner consistent with the function of the Online Service and Microsoft's role as a Processor of Data Subjects' Personal Data. If Microsoft receives a request from a Customer Data Subject to exercise one or more of his or her rights under the GDPR in connection with an Online Service for which Microsoft is a processor or sub-processor, Microsoft will refer the Data Subject to direct his or her request to Customer. Customer is responsible for responding to such request, including, if necessary, by using the functionality of the Online Service. Microsoft will honor reasonable requests by Customer for assistance in responding to Data Subject inquiries.

17. Ms Bookings


Scope of the processing of personal data


We use the MS Bookings service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft") based on our legitimate interests.

The MS Bookings service is an online service that provides booking services to customers on an appointment basis and is used to arrange and manage appointments with customers.

Any personal data processed by Microsoft in connection with the Online Services will be received as Customer Data, Diagnostic Data or Service Generated Data. Personal Data provided to Microsoft by or on behalf of Customer through use of the Online Service is also Customer Data. Pseudonymous identifiers may be included in Diagnostic Data or Service Generated Data and are also Personal Data.

Personal data that has been pseudonymized or is no longer directly identifiable but has not been anonymized, as well as personal data derived from personal data, is also personal data.

The types of personal data that Microsoft processes in providing the Online Service include: Personal Data that Customer chooses to include in Customer Data and Personal Data specifically identified in Article 4 of the GDPR that may be included in Diagnostic Data or Service Generated Data.

The types of Personal Data Customer wishes to include in Customer Data may be any category of Personal Data identified in records maintained by Customer acting as a Controller under Article 30 of the GDPR.

Microsoft has accepted the EU Commission's standard contractual clauses for the transfer of personal data to third countries, thereby providing a guarantee of compliance with European data protection law.

Legal basis for the processing of personal data


The legal basis for the processing of users' personal data is Art. 6 para. 1 p. 1 lit. f DSGVO.

Purpose of data processing


Microsoft will use and otherwise process Customer Data and Personal Data only to provide the Online Services to Customer in accordance with Customer's documented instructions and to pursue legitimate Microsoft business activities related to providing the Online Services to Customer. For more information, please see https://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=2&Keyword=DPA and https://go.microsoft.com/fwlink/p/?linkid=873404.

Duration of retention


At any time during the term of Customer's subscription, Customer may access, extract, and delete Customer Data stored in any Online Service.

Except for free trials and LinkedIn services, Microsoft will retain Customer Data that remains stored in the Online Services for 90 days after Customer's subscription expires or is terminated in a restricted feature account to allow Customer to extract the data. At the end of the 90-day retention period, Microsoft will deactivate Customer's account and delete Customer Data and Personal Data within an additional 90 days; unless Microsoft is entitled, required, or authorized to retain such data under applicable law.

Opt-Out and removal options


Microsoft will enable Customer to comply with requests from Data Subjects to exercise their rights under the GDPR in a manner consistent with the function of the Online Service and Microsoft's role as a Processor of Data Subjects' Personal Data. If Microsoft receives a request from a Customer Data Subject to exercise one or more of his or her rights under the GDPR in connection with an Online Service for which Microsoft is a processor or sub-processor, Microsoft will refer the Data Subject to direct his or her request to Customer. Customer is responsible for responding to such request, including, if necessary, by using the functionality of the Online Service. Microsoft will honor reasonable requests by Customer for assistance in responding to Data Subject inquiries.

18. Rights of the data subject


If personal data of yours is processed, you are a data subject within the meaning of the GDPR and you have the following rights against the controller:

Right of access


You may request confirmation from the controller as to whether personal data concerning you are being processed by us

If there is such processing, you may request information from the controller about the following:

The purposes for which the personal data are processed;
the categories of personal data which are processed;
the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage period;
the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
the existence of a right of appeal to a supervisory authority;
any available information about the origin of the data, if the personal data are not collected from the data subject;
The existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information about whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 DSGVO in connection with the transfer.

Right oft rectification


You have a right to rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

Right to restriction of processing


You may request the restriction of the processing of personal data concerning you under the following conditions:

if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
the controller no longer needs the personal data for the purposes of processing, but you need them for the establishment, exercise or defense of legal claims; or
if you have objected to the processing pursuant to Article 21 (1) DSGVO and it is not yet clear whether the legitimate grounds of the controller outweigh your grounds.

Where the processing of personal data concerning you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

Right to erasure


You may request the controller to erase the personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay, if one of the following reasons applies:

The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
You revoke your consent on which the processing was based pursuant to Art. 6 (1) sentence 1 lit. a or Art. 9 (2) lit. a DSGVO and there is no other legal basis for the processing.
You object to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) DSGVO.
The personal data concerning you have been processed unlawfully.
The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
The personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.

Information to third parties


If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to or copies or replications of such personal data.

Exceptions


The right to erasure does not exist to the extent that the processing is necessary

For the exercise of the right to freedom of expression and information;
for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) DSGVO;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) DSGVO, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
for the assertion, exercise or defense of legal claims.

Right to information


If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right against the controller to be informed about these recipients.

Right to data portability


You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that

  • the processing is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b DSGVO and
  • the processing is carried out with the help of automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right of objection


You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) sentence 1 lit. e or f DSGVO; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to processing of the personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR.

Your right to object may be limited to the extent that it is likely to make impossible or seriously impair the achievement of the research or statistical purposes and the limitation is necessary for the fulfillment of the research or statistical purposes.

Right to revoke data protection consent


You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Automated decision-making in individual cases including profiling.


You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  • is necessary for the conclusion or performance of a contract between you and the controller(1),
  • is permitted by legislation of the Union or the Member States to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
  • is done with your explicit consent(3).

However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the cases mentioned in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, which include, at a minimum, the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.

Right to complain to a supervisory authority


Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

envelopephone-handsetbubble