Privacy Policy


1) Information about the collection of personal data and contact details of the controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website and the learndataengineering school operated by us on the teachable.com platform (hereinafter jointly referred to as the "website"). Personal data is all data with which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation of the EU (GDPR) is Andreas Kretz, Am Kirchberg 32, 97834 Birkenfeld, Germany, tel: +49 151 64860660, E-Mail: [email protected]. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller). You can recognise an encrypted connection by the string "https://" and the lock symbol in your browser line.

 

2) Hosting

Hosting by the teachable.com platform

We use the website building system of Teachable, Inc, 470 Park Avenue South, 6th Floor, New York, New York 10016, USA ("Teachable") for the purpose of hosting and displaying the website on the basis of processing on our behalf. All data collected on our website is processed on Teachable's servers. 

We have concluded a data processing agreement with Teachable (Data Processing Addendum, available at https://teachable.com/dpa), which obliges Teachable to protect the data of our site visitors and not to pass it on to third parties. For the transfer of data from the EU to the USA, Teachable refers to so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA. 

Further information on Teachable's data protection can be found on the following website: https://teachable.com/privacy-policy.

The scope of the processing of personal data is outlined below.

 

3) Data recording when visiting our website

During the mere informative use of our website, i.e. if you do not register or otherwise transmit information to us, Teachable collects data that your browser transmits to Teachable's server (so-called "server log files"). For more information on the collection and processing of data when you visit our website, please refer to Teachable's Privacy Policy.

 

4) Cookies

In order to make your visit to our website more attractive and to enable the use of certain functions, we or Teachable use cookies, i.e. small text files that are stored on your end device. Partly, cookies are deleted after you close your browser (so-called session cookies), partly cookies remain on your end device and enable the saving of page settings (so-called persistent cookies). In the latter case, the duration of the storage can be found in the overview of the cookie settings of your web browser.

If personal data is also processed by individual cookies used by us, the processing is carried out either in accordance with Art. 6 para. 1 lit. b GDPR for the performance of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of consent given or in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.

For more information on cookies at Teachable, please visit: https://teachable.com/cookies-policy

You can configure your browser in such a way that you are informed about the setting of cookies and can decide individually about their acceptance or can exclude the acceptance of cookies for certain cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be limited.

 

5) Contact

5.1 Calendly

We use the software "Calendly" of the provider Calendly, LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA to provide an online appointment booking function.

For the purpose of making an appointment, first name, surname and email address (and telephone number if a telephone appointment is requested) are collected in accordance with Art. 6 para. 1 lit. b GDPR and transmitted to Calendly in accordance with Art. 6 para. 1 lit. f GPDR on the basis of our legitimate interest in effective customer management and efficient appointment management and stored there for the purpose of organising the appointment. After the appointment has been held or after the agreed appointment period has expired, your data will be deleted by Calendly. We have concluded a data processing agreement with Calendly ("Data Processing Addendum", available at https://calendly.com/dpa), in which Calendly undertakes to protect the data of our customers in accordance with the legal requirements. Calendly generally transfers collected information outside the European Economic Area and relies on so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

Details of Calendly's data protection provisions can be found here: https://calendly.com/privacy

5.2 When contacting us (e.g. by e-mail), personal data is used exclusively for the purpose of processing and answering your request and only to the extent necessary for this. The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If the aim of making contact is a contract, the additional legal basis for processing will be Art. 6 para. 1 lit. b GDPR. Your data will be deleted when the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

 

6) Data processing when opening a user account

Pursuant to Art. 6 para. 1 lit. b GDPR, further personal data will be collected and processed to the necessary extent if you provide it to us when opening a user account. Which data is necessary for account opening can be seen from the respective input forms. Deletion of your user account is possible at any time and can be done by sending a message to the above address of the controller. After deletion of your user account, your data will be deleted, provided that all relevant contracts have been settled in full and there are no statutory retention obligations to the contrary and unless we have a legitimate interest in continued storage.

 

7) Comment functions

Within the scope of the comment functions on this website, in addition to your comment, information on the time of the creation of the comment and the commentator name selected by you will be stored and published on this website. Furthermore, Teachable may log and store additional data. For further information, please refer to Teachable's Privacy Policy. The legal bases for the storage of your data are Art. 6 para. 1 lit. b and f GDPR. We reserve the right to delete comments if they are declared as unlawful by third parties.

 

8) Use of customer data for direct advertising

Newsletter dispatch via ConvertKit

Our e-mail newsletters are sent via the technical service provider ConvertKit LLC, PO Box 761, Boise, ID 83701, USA (https://www.convertkit.com), to whom we pass on the data you provided when registering for the newsletter. This transfer takes place in accordance with Art. 6 para. 1 lit. f GDPR and serves our legitimate interest in using a newsletter system that is effective in advertising, secure and user-friendly. Please note that your data is generally transmitted to a ConvertKit server in the USA and stored there.

ConvertKit uses this information to send and statistically evaluate the newsletters on our behalf. For the evaluation, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our website. For example, it can be determined whether a newsletter message was opened and which links, if any, were clicked. With the help of the web beacons, ConvertKit automatically creates general, non-personal statistics about the response behaviour to newsletter campaigns. On the basis of our legitimate interest in the statistical evaluation of the newsletter campaigns for the optimisation of the advertising communication and the better targeting of recipient interests, however, data of the respective newsletter recipient (mail address, time of retrieval, IP address, browser type and operating system) are also collected and utilised by the web beacons in accordance with Art. 6 para. 1 lit. f GDPR. This data allows an individual conclusion to be drawn about the newsletter recipient and is processed by ConvertKit for the automated creation of statistics that show whether a specific recipient has opened a newsletter message.

If you wish to deactivate the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

ConvertKit may also use this data itself in accordance with Art. 6 para. 1 lit. f GDPR on the basis of its own legitimate interest in the needs-based design and optimisation of the service as well as for market research purposes, for example to determine which countries the recipients come from. However, ConvertKit does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.

To protect your data in the USA, we have concluded a data processing agreement ("Data Processing Agreement") with ConvertKit based on the standard contractual clauses of the European Commission to enable the transfer of your personal data to ConvertKit. 

You can view ConvertKit's privacy policy here:

https://convertkit.com/privacy

 

9) Data processing for order processing

9.1 In order to process your order, we work together with the service provider(s) listed below, who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

The personal data collected by us or your payment data will be passed on to Teachable and/or other companies within the framework of the contract and payment processing, insofar as this is necessary for the provision of the services and for the payment processing. If payment service providers are used by us, we will explicitly inform you about this below. Information on data protection in the event of payment processing by Teachable is available at https://teachable.com/privacy-policy

The legal basis for the forwarding of the data is Art. 6 para. 1 lit. b) GDPR.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we will process the contact data provided by you when placing the order (name, address, email address) in order to inform you personally by suitable means of communication (e.g. by post or email) about upcoming updates within the period stipulated by law, in accordance with our statutory duties to inform pursuant to Art. 6 para. 1 lit. c GDPR. Your contact details will be used strictly for the purpose of informing you about updates owed by us and will only be processed by us for this purpose to the extent necessary for the respective information.


9.2 Use of payment service providers

- Paypal

When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – "purchase on account" or "payment by instalments" via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The transfer takes place in accordance with Art. 6 para. 1 lit. b GDPR and only insofar as this is necessary for the payment processing.

For the payment methods credit card via PayPal, direct debit via PayPal or – if offered – "purchase on account" or "payment by instalments" via PayPal, PayPal reserves the right to carry out a credit check. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 para. 1 lit. f GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in terms of the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The creditworthiness information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. For further information on data protection law, including information on the credit agencies used, please refer to PayPal's privacy statement: https://www.paypal.com/ad/webapps/mpp/ua/legalhub-full?locale.x=en_AD.

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

- Stripe

If you choose a payment method from the payment service provider Stripe, the payment will be processed by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information you provided during the ordering process, together with information about your order (name, address, account number, bank identifier code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. You can find more information on Stripe's data protection at the URL https://stripe.com/de/privacy.

Stripe reserves the right to carry out a credit check on the basis of mathematical-statistical procedures in order to safeguard the legitimate interest in determining the user's ability to pay. The personal data necessary for a credit check and obtained in the course of payment processing may be transmitted by Stripe to selected credit agencies, which Stripe discloses to users upon request. The creditworthiness information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, these are based on a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Stripe uses the result of the credit check in relation to the statistical probability of non-payment for the purpose of deciding on the authorisation to use the selected payment method.

You can object to this processing of your data at any time by sending a message to Stripe or the appointed credit agencies.

However, Stripe may still be entitled to process your personal data if this is necessary to process payments in accordance with the contract.

 

10) Online marketing

Use of Affiliate programs

- Own affiliate programme

In connection with the product presentations on our website, we maintain our own affiliate programme, within the context of which we provide interested third-party operators with partner links for placement on their websites that lead to our offers. Cookies are used for the affiliate programme, which are generally set on the partner page after clicking a corresponding partner link and for which we are not responsible in this respect under data protection law. Cookies are small text files that are stored on your end device in order to be able to trace the origin of transactions (e.g. "sales leads") generated via such links. In doing so, we can recognise, among other things, that you have clicked the partner link and have been redirected to our website. This information is required for payment processing between us and the affiliate partners. Insofar as the information also contains personal data, the described processing is carried out on the basis of our legitimate financial interest in the processing of commission payments in accordance with Art. 6 para. 1 lit. f GDPR.

If you wish to block the evaluation of user behaviour via cookies, you can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general.

- Amazon affiliate programme (AmazonPartnerNet)

We participate in the affiliate programme "AmazonPartnerNet" of Amazon EU S.a.r.l., 38 avenue John F. Kennedy, L-1855 Luxembourg (hereinafter "Amazon"). Within this context, we have placed advertisements on our website as links that lead to offers on various Amazon websites. Amazon uses cookies. These are small text files that are stored on your end device in order to track the origin of orders generated via such links. Among other things, Amazon can recognise that you have clicked on the partner link on our website. This information is required for payment processing between us and Amazon. Insofar as the information also contains personal data, the described processing is carried out on the basis of our legitimate financial interest in the processing of commission payments with Amazon pursuant to Art. 6 para. 1 lit. f GDPR.

You can find further information on data use by Amazon in the Amazon.de privacy policy at https://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&language=en_GB&nodeId=3312401.

If you wish to block the evaluation of user behaviour via cookies, you can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. You can also deactivate Amazon's interest-based ads via the link https://www.amazon.de/gp/dra/info.

 

11) Web analytics services

Google (Universal) Analytics with Google Signals

This website uses Google (Universal) Analytics, which is a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland ("Google"). Google (Universal) Analytics uses "cookies" – text files that are stored on your end device and enable analysis of your use of the website. The information generated by the cookie about your use of the website (including your shortened IP address) will be transmitted to a Google server and saved there; it may also be transmitted to the servers of Google LLC. in the United States.

This website uses Google (Universal) Analytics exclusively with the extension "_anonymizeIp()", which ensures anonymisation of the IP address by shortening it and excludes direct personal reference. Due to the extension, your IP address will be previously abbreviated by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. The full IP address will only in exceptional cases be transmitted to a server of Google LLC. in the USA and abbreviated there.

Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for us, and providing other services relating to website and internet usage. Here, the IP address transmitted by your browser within the scope of Google (Universal) Analytics will not be aggregated with other data of Google.

Google Analytics also enables the creation of statistics with statements about the age, gender and interests of site visitors on the basis of an evaluation of interest-based advertising and with the inclusion of third-party information via a special function, the so-called "demographic characteristics". This allows the definition and differentiation of user groups of the website for the purpose of the target group-optimised orientation of marketing measures. However, data records collected via the "demographic characteristics" cannot be assigned to a specific person.

Details on the processing triggered by Google Analytics and on Google's handling of website data can be found here: https://policies.google.com/technologies/partner-sites?hl=en.

All of the processing described above, in particular the setting of Google Analytics cookies for reading out information on the end device used, will only be carried out if you have given us your explicit consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. Without this consent, Google Analytics will not be used during your visit to the website.

You can revoke your issued consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the cookie consent tool provided on the website. We have concluded a data processing agreement with Google for the use of Google Analytics, which obliges Google to protect the data of our site visitors and not to pass it on to third parties. For the transfer of data from the EU to the USA, Google refers to so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.

Further information on Google (Universal) Analytics can be found here: https://policies.google.com/privacy?hl=en&gl=de

This website also uses the Google Signals service as an extension of Google Analytics. With Google Signals, we can have Google create cross-device reports (so-called "cross-device tracking"). If you have activated "personalised ads" in your Google account settings and you have linked your internet-enabled devices to your Google account, Google can analyse user behaviour across devices and create database models based on this, provided you have given your consent to the use of Google Analytics in accordance with Art. 6 para. 1 lit. a GDPR (see above). The logins and device types of all page visitors who were logged into a Google account and performed a conversion are taken into account. The data shows, among other things, on which device you first clicked on an ad and on which device the associated conversion took place. We do not receive any personal data from Google in this regard, but only statistics compiled on the basis of Google Signals. You have the option of deactivating the "personalised ads" function in the settings of your Google account and thus switching off the cross-device analysis. To do this, follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=en

Further information on Google Signals can be found here: https://support.google.com/analytics/answer/7532985?hl=en.

 

12) Site functionalities

12.1 Use of Youtube videos

This website uses the Youtube embedding function to display and play videos from the provider "Youtube", which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

The extended data protection mode is used here, which, according to the provider, only triggers the storage of user information when the video(s) is/are played. If the playback of embedded Youtube videos is started, the provider Youtube uses cookies to collect information about user behaviour. According to information from Youtube, this is used, among other things, to collect video statistics, improve user-friendliness and prevent abusive behaviour. If you are logged in to Google, your data will be assigned directly to your account if you click a video. If you do not want your profile to be associated with Youtube, you must log out before activating the button. You have the right to object to the creation of these user profiles. Contact Youtube in order to exercise this right. The use of Youtube may also result in the transmission of personal data to the servers of Google LLC. in the USA.

Independently of a playback of the embedded videos, a connection to the Google network is established each time this website is accessed, which may trigger further data processing operations without our influence.

All processing described above, in particular the reading of information on the end device used via cookies, will only be carried out if you have given us your explicit consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. Without this consent, Youtube videos will not be used during your visit to the site.

You can revoke your issued consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the cookie consent tool provided on the website via alternative options communicated to you on the website.

Further information on data protection at Youtube can be found in the Youtube terms of use at https://www.youtube.com/static?gl=US&template=terms and in Google's privacy policy at https://www.google.de/intl/en/policies/privacy

12.2 – Zoom

We use the service "Zoom" of Zoom Video Communications Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA (hereinafter "Zoom") to conduct online meetings, video conferences and/or webinars.

In the case of the use of Zoom, different data is processed. The scope of the data processed depends on the data you provide before or during participation in an online meeting, video conference or webinar. In the course of using Zoom, data of the communication participants is processed and stored on Zoom servers. This data may include, in particular, your login data (name, email address, telephone (optional) and password) and meeting data (topic, participant IP address, device information, description (optional)). In addition, visual and auditory contributions of the participants as well as voice inputs in chats may be processed.

We have concluded a data processing agreement with Zoom ("Data Processing Addendum", available at https://explore.zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf), which obliges Zoom to protect the data of our site visitors and not to pass it on to third parties. For the transfer of data from the EU to the USA, Zoom refers to so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA. 

When processing personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 para. 1 lit. b GDPR serves as the legal basis. If you have given us your consent for the processing of your data, the processing is based on Art. 6 para. 1 lit. a GDPR. Any consent given can be revoked at any time with effect for the future.

Otherwise, the legal basis for data processing when conducting online meetings, video conferences or webinars is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the effective conduct of the online meeting, webinar or video conference. For more information on Zoom's use of data, please see Zoom's privacy policy at https://explore.zoom.us/docs/en-us/privacy.html.

12.3 Online applications via a form

On our website, we offer prospective job applicants the opportunity to apply online via a corresponding form. In order to be included in the application process, applicants must provide us via the form with all personal data required for an informed assessment and selection.

The information required includes general personal information (name, address, telephone or electronic contact details) and performance-related evidence of the qualifications required for a position. Health-related information may also be required, which must be given special consideration under labour and social law in the interest of social protection in the applicant's person.

In the course of submitting the form, the applicant data is transmitted to us in encrypted form in accordance with the state of the art, stored by us and evaluated exclusively for the purpose of processing the application.

The legal basis for this processing is generally Art. 6 para. 1 lit. b GDPR (for processing in Germany in conjunction with Section 26 para. 1 BDSG (German Federal Data Protection Act)), in the sense of which the application process is considered to be the initiation of an employment contract.

Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g. health data such as information on severely disabled status) are requested from applicants as part of the application process, the processing is carried out in accordance with Art. 9 para. 2 lit. b. GDPR, so that we can exercise the rights arising from labour law and social security and social protection law and fulfil our obligations in this regard.

Cumulatively or alternatively, the processing of the special categories of data may also be based on Art. 9 para. 1 lit. h GDPR if it is carried out for the purposes of preventive health care or occupational medicine, for the assessment of the applicant's fitness for work, for medical diagnosis, health or social care or treatment, or for the management of health or social care systems and services.

If the applicant is not selected in the course of the evaluation described above, or if an applicant withdraws its application prematurely, its data submitted on the form will be deleted at the latest after 6 months following notification. This period is calculated on the basis of our legitimate interest in answering any follow-up questions about the application and, if necessary, to be able to comply with our obligations to provide evidence under the regulations on equal treatment of applicants.

In the event of a successful application, the data provided will be further processed on the basis of Art. 6 para. 1 lit. b GDPR (for processing in Germany in conjunction with Section 26 para. 1 BDSG) for the purposes of implementing the employment relationship.

12.4 Applications to job advertisements via e-mail

We advertise current vacancies on our website in a separate section, for which interested parties can apply via e-mail to the contact address provided.

In order to be included in the application process, applicants must provide us with all personal data required for a well-founded and informed assessment and selection together with their application via e-mail.

The required information includes general personal information (name, address, telephone or electronic contact details) as well as performance-specific evidence of the qualifications required for a position. Health-related information may also be required, which must be given special consideration under labour and social law in the interest of social protection in the applicant's person.

The components that an application must contain in order to be considered in each individual case and the form in which these components must be submitted via e-mail can be found in the respective job advertisement.

After receipt of the application sent using the specified e-mail contact address, the applicant data will be stored by us and evaluated exclusively for the purpose of processing the application. For queries arising in the course of processing, we use, at our discretion, either the e-mail address provided by the applicant with its application or a telephone number provided.

The legal basis for this processing, including contacting the applicant for queries, is generally Art. 6 para. 1 lit. b GDPR (for processing in Germany in conjunction with Section 26 para. 1 BDSG), in the sense of which the application process is considered to be the initiation of an employment contract.

Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g. health data such as information on severely disabled status) are requested from applicants as part of the application process, the processing is carried out in accordance with Art. 9 para. 2 lit. b. GDPR, so that we can exercise the rights arising from labour law and social security and social protection law and fulfil our obligations in this regard.

Cumulatively or alternatively, the processing of the special categories of data may also be based on Art. 9 para. 1 lit. h GDPR if it is carried out for the purposes of preventive health care or occupational medicine, for the assessment of the applicant's fitness for work, for medical diagnosis, health or social care or treatment, or for the management of health or social care systems and services.

If the applicant is not selected in the course of the evaluation described above, or if an applicant withdraws its application prematurely, its data transmitted via e-mail and all electronic correspondence, including the original application e-mail, will be deleted at the latest after 6 months following notification. This period is calculated on the basis of our legitimate interest in answering any follow-up questions about the application and, if necessary, to be able to comply with our obligations to provide evidence under the regulations on equal treatment of applicants.

In the event of a successful application, the data provided will be further processed on the basis of Art. 6 para. 1 lit. b GDPR (for processing in Germany in conjunction with Section 26 para. 1 BDSG) for the purposes of implementing the employment relationship.

12.5 – Google Forms

We use the service "Google Forms" of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") as part of our business Google Workspace to conduct surveys or online forms. Google Forms enables us to design and evaluate surveys and online forms. In addition to the respective personal data that you enter into the forms, information on your operating system, browser, date and time of your visit, referrer URL and your IP address is also collected, transmitted to Google and stored on Google servers. The information you enter in the forms is stored in a password-protected manner to ensure that third party access is excluded and that only we can evaluate the information for the purpose specified in the form.

When processing personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 para. 1 lit. b GDPR serves as the legal basis. If you have given us your consent for the processing of your data, the processing is based on Art. 6 para. 1 lit. a GDPR. Any consent given can be revoked at any time with effect for the future.

We have concluded a data processing agreement ("Data Processing Amendment") with Google for the use of Google Forms, which obliges Google to protect the data of our site visitors and not to pass it on to third parties. Processing regularly takes place within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. However, data transfers to the USA cannot be ruled out.

For the transfer of data from the EU to the USA, Google refers to so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.

Further information on Google Forms and Google's privacy policy can be found at: https://policies.google.com/privacy?hl=en.

12.6 – Zapier

Our website uses the integration service "Zapier" of Zapier Inc., 548 Market St #62411, San Francisco, California 94104, USA (hereinafter "Zapier"). We use Zapier for the integration of different databases and webtools. Zapier is a web service that automatically connects actions of different webtools and synchronises their applications so that they execute the desired processes. Zapier automates our processing operations and ensures different workflows in order to efficiently design operating procedures in our processing system. The processing described above is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interests in the efficient design of our operating procedures.

We have concluded a data processing agreement ("Data Processing Addendum") with Zapier, which obliges Zapier to protect the data of our site visitors and not to pass it on to third parties. For the transfer of data from the EU to the USA, Zapier refers to so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.

Further information on Zapier's use of data can be found in Zapier's privacy policy at https://zapier.com/privacy.

 

13) Tools and other

13.1 DATEV

We use the cloud-based accounting software of DATEV eG, Paumgartnerstr. 6-14, 90429 Nürnberg, Germany ("DATEV").

DATEV processes incoming and outgoing invoices and, if applicable, also the bank transactions of our company in order to automatically record invoices, match them to the transactions and create the financial accounting from this in a semi-automated process.

If also personal data is processed in this process, the processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the efficient organisation and documentation of our business transactions.

For more information on DATEV, the automated processing of data and data protection regulations, please visit https://www.datev.de/web/de/m/ueber-datev/datenschutz/.

13.2 Cookie-Consent-Tool

This website uses a so-called "cookie consent tool" to obtain effective user consent for cookies and cookie-based applications that require consent. The cookie consent tool is displayed to users in the form of an interactive user interface when they access the page, on which consent for certain cookies and/or cookie-based applications can be given by ticking the appropriate box. Through the use of the tool, all cookies/services requiring consent are only loaded if the respective user gives the corresponding consent by ticking the corresponding box. This ensures that such cookies are only set on the respective end device of the user if consent has been granted.

The tool sets technically necessary cookies to save your cookie preferences. In principle, personal user data is not processed in this process.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.

Further legal basis for the processing is Art. 6 para. 1 lit. c GDPR. As the responsible controller, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.

Further information on the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.


14) Rights of the data subject

14.1 The applicable data protection law grants you the following data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the stated legal basis for the respective exercise prerequisites:

- Right of access in accordance with Art. 15 GDPR;

- Right to rectification according to Art. 16 GDPR;

- Right to erasure according to Art. 17 GDPR;

- Right to restriction of processing pursuant to Art. 18 GDPR;

- Right to notification in accordance with Art. 19 GDPR.

- Right to data portability in accordance with Art. 20 GDPR;

- Right to withdraw consents granted pursuant to Art. 7 para. 3 GDPR;

- Right of complaint according to Art. 77 GDPR.


14.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA WITHIN THE CONTEXT OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ESTABLISHING, EXERCISING OR DEFENDING LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

 

15) Duration of the storage of personal data

The duration of the storage of personal data is determined on the basis of the respective legal basis, the purpose of the processing and – if relevant – also on the basis of the respective statutory retention period (e.g. retention periods under commercial and tax law).

When processing personal data on the basis of explicit consent pursuant to Art. 6 para. 1 lit. a GDPR, this data is stored until the data subject revokes its consent.

If there are statutory retention periods for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after expiry of the retention periods, provided that it is no longer required for the fulfilment of the contract or the initiation of the contract and/or there is no justified interest on our part in continuing to store it.

When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, such data shall be stored until the data subject exercises its right to object pursuant to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to establish, exercise or defend legal claims.

When processing personal data for the purpose of direct marketing on the basis of Art. 6 para.1 lit. f GDPR, such data shall be stored until the data subject exercises its right to object pursuant to Art. 21 para. 2 GDPR.

Unless otherwise stated in the other information in this policy on specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.