Search
Indoors
Outdoors
We Design
Retailer search
Kadeco
Magazine
 
Top Links

Privacy policy

1. Data protection at a glance

General information

The following information provides a basic summary of what happens to your personal data when you visit this website. Personal data is any data relating to an identifiable individual. Please see our privacy policy set out below for more information on the subject of data protection.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. Please see the section entitled “Information about the data controller” in this privacy policy for their contact details.

How do we collect your data?

On the one hand, data is acquired by you giving it to us. This can be data that you enter in a contact form, for example.
Other data is collected by our IT systems automatically or after you give us your consent when you visit the website. This is mainly technical data (such as your internet browser, operating system or the time you viewed the site). This data is collected automatically as soon as you access the website.

What do we use your data for?

Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyse your user behaviour.

What rights do you have with respect to your data?

You have the right to be informed about the origin, recipient and purpose of your personal data that has been stored at any time and free of charge. You also have the right to request the rectification or erasure of such data. If you have given your consent to data processing, you may withdraw such consent at any time with effect in the future. You also have the right under certain circumstances to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
You can contact us at any time with regard to these and other questions on the subject of data protection.

Analysis tools and third party provider tools

When you visit this website, your browsing behaviour may be statistically analysed. This is done primarily using so-called analysis programs.

Please see the following privacy policy for more detailed information about such analysis programs.

2. Hosting and Content Delivery Networks (CDN)

External hosting

This website is hosted by an external service provider (host). The personal data which is collected on this website is stored on the host’s servers. This may be primarily IP addresses, contact requests, metadata and communication data, contract data, contact data, names, website visits and other data which is generated by a website.

The host is engaged for the purpose of performing a contract with respect to our potential and existing customers (Art. 6 (1) b of the GDPR) and in the interest of the safe, fast and efficient provision of our online services by a professional provider (Art. 6 (1) f of the GDPR).

Our host will only process your data to the extent necessary to fulfil its obligations to perform and will follow our instructions in relation to such data.

We use the following host:

Mittwald CM Service GmbH & Co. KG
Königsberger Strasse 4-6
32339 Espelkamp, Germany

Conclusion of a data processing agreement

In order to ensure data protection compliant processing, we have concluded a data processing agreement with our host.

3. General information and required information

Data protection

The operators of this site take the protection of your personal data very seriously. We treat your personal data as confidential and handle it in accordance with statutory data protection provisions and this privacy policy.

Various personal data is collected when you use this website. Personal data is data relating to an identifiable individual. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this happens.

We wish to point out that data transmission via the internet (for example, in email communications) may have security vulnerabilities. Complete protection of data from third party access is not possible.

Information about the data controller

The data controller for data processing on this website is:

KADECO Sonnenschutzsysteme GmbH
Hindenburgring 14-16
32339 Espelkamp
Germany
Telephone: +49 (0) 5772 / 91 04-0
Email: info(at)kadeco.de

Joint controller within the meaning of Art. 26 of the GDPR

KADECO Markisen GmbH
Hindenburgring 16
32339 Espelkamp
Germany
Telephone +49 (0) 5772 / 91 04-400
Fax +49 (0) 5772 / 91 04-401
Email: info(at)kadeco.de

The data controller is the natural or legal person which, alone or jointly with others, determines the purposes and means of processing of personal data (for example, names, email addresses, etc.).

Duration of storage

Unless stated otherwise in this privacy policy, we will keep your personal data until the purpose of data processing no longer applies. If you assert a legitimate request for erasure or withdraw your consent to data processing, your data will be erased unless we have other legally admissible reasons for storing your personal data (for example, retention periods under tax or commercial law); in the latter case such data will be erased when these reasons cease to apply.

Statutory data protection officer

We have appointed a data protection officer for our company.

ER Secure GmbH
In der Knackenau 4
82031 Grünwald
Germany
Telefon: +49 (0) 5772 / 91 04-0
E-Mail:  datenschutz@kadeco.de 

Information on data transfer to the USA

Among others, tools from companies whose registered offices are in the USA are integrated into our website. When these tools are active, your personal data may be transferred to the US-based servers of the relevant companies. We wish to point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal proceedings against it. It can therefore not be ruled out that US authorities (for example, intelligence services) might process, analyse and permanently store your data, which is stored on US servers, for surveillance purposes. We have no influence over these processing activities.

Withdrawal of your consent to data processing

Many data processing operations are only possible with your explicit consent. You may withdraw consent that you have already given at any time. The legitimacy of the data processing carried out before the withdrawal will remain unaffected by the withdrawal.

Right to object to data collection in certain circumstances and to object to direct marketing (Art. 21 of the GDPR)

IF THE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 (1) E OR F OF THE GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME ON GROUNDS RELATING TO YOUR PERSONAL SITUATION; THIS ALSO APPLIES TO PROFILING OF ANY DATA BASED ON THESE PROVISIONS.  PLEASE SEE THIS PRIVACY POLICY FOR THE RELEVANT LEGAL BASIS FOR DATA PROCESSING. IF YOU LODGE AN OBJECTION, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED UNLESS WE CAN PROVE WE HAVE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION IN ACCORDANCE WITH ART. 21 (1) OF THE GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF THE PERSONAL DATA CONCERNED WHICH RELATES TO YOU FOR THE PURPOSE OF SUCH MARKETING AT ANY TIME; THIS ALSO APPLIES TO PROFILING IF IT IS CONNECTED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION IN ACCORDANCE WITH ART. 21 (2) OF THE GDPR).

Right to lodge a complaint with the competent supervisory authority

In cases of breaches of the GDPR, the data subject has a right to lodge a complaint with a supervisory authority, in particular in the member state where they have their normal place of residence, place of work or the place of the suspected breach. The right to object remains unaffected by other legal or administrative remedies.

Right to data portability

You have the right to have the data, which we automatically process on the basis of your consent or while fulfilling a contract, sent to you or a third party in a commonly used and machine-readable format. If you request the direct transfer of the data to another controller, this will only be done if it is technically feasible.

SSL and TLS encryption

This site uses SSL and TLS encryption for security reasons and to protect the transfer of confidential information such as purchase orders or enquiries which you send to us as the website operator. You can recognise an encrypted connection when the address line of the browser changes from “http://” to “https://” and by the padlock symbol in your browser line.

When the SSL or TLS encryption is active, the data that you transmit to us cannot be read by third parties as well.

Information, erasure and rectification

You have the right within the scope of the applicable statutory provisions to be informed about your stored personal data, its origin and recipient and the purpose of the data processing at any time free of charge and, if applicable, a right to rectification or erasure of such data. You can contact us at any time with regard to these and other questions on the subject of personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time in this regard. The right to restriction of processing exists in the following circumstances:

  • If you dispute the accuracy of your personal data that we have stored, we normally need time to verify it. You have the right to request the restriction of the processing of your personal data while we verify it.
  • If the processing of your personal data happens/happened unlawfully, you may request the restriction of the data processing instead of its erasure.
  • If we no longer need your personal data but you still need it to exercise, defend or establish legal claims, you have the right to request the restriction of the processing of your personal data instead of its erasure.
  • If you have lodged an objection in accordance with Art. 21 (1) of the GDPR, your interests and ours must be weighed up. You have the right to restriction of the processing of your personal data until it has been established whose interests are overriding.

If you have restricted the processing of your personal data, such data may only be processed - apart from its storage - with your consent or to establish, exercise or defend legal claims or to protect rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

Objection to marketing emails

The use of the contact details, which have been published within the scope of the obligation to provide a legal notice, to send marketing that has not been explicitly requested and information material is hereby revoked. The website operators explicitly reserve the right to take legal steps in the event of unsolicited marketing information, for example in spam emails.

4. Data collection on this website

Cookies

Our web pages use so-called “Cookies”. Cookies are small text files and do not cause any damage to your terminal. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal. Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your terminal until you delete them yourself or your web browser automatically deletes them.

Some cookies from third party companies may also be stored on your terminal when you access our site (third party cookies). These allow us or you to use certain services from the third party (for example, cookies to process payment services).

Cookies have various functions. Many cookies are technically necessary since certain website functions do not work without them (for example, shopping basket functions or showing videos). The purpose of other cookies is to analyse your user behaviour or display marketing.

Cookies which are required to perform the electronic communication operation (necessary cookies) or for the provision of certain functions that you have requested (functional cookies, for example for the shopping basket function) or to optimise the website (for example, cookies for measuring the web audience) are stored on the basis of Art. 6 (1) f of the GDPR, unless another legal ground is stated. The website operator has a legitimate interest in storing cookies for the technical error-free and optimised provision of their services. If consent has been requested for the storage of cookies, the cookies concerned will be stored exclusively on the basis of such consent (Art. 6 (1) a of the GDPR); the consent may be withdrawn at any time.

You can adjust your browser settings so that you are informed whenever cookies are placed and only allow cookies on an individual basis, rule out the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when you close the browser. If you deactivate cookies, the functionality of this website may be restricted.

If cookies are placed by third companies or for analysis purposes, we inform you separately of such within the scope of this privacy policy and if applicable, request your consent.

Cookie consent with Cookiebot

Our website uses the cookie consent technology from Cookiebot to obtain your consent for the storage of certain cookies on your terminal and to document this in a data protection compliant manner. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter “Cookiebot”). 

When you access our website, a connection to Cookiebot’s servers is established in order to obtain your consent and other declarations on the use of cookies. Cookiebot then stores a cookie in your browser in order to be able to assign the consent you have given and its withdrawal to you. The data collected in this manner is stored until you request us to erase it, you delete the Cookiebot cookie yourself or the purpose of the data storage no longer applies. Mandatory statutory retention obligations remain unaffected. 

Cookiebot is used to obtain consent for the use of cookies that is required by law. The legal basis for this is Art. 6 (1) first sentence (c) of the GDPR. 

Data processing agreement

We have concluded a data processing agreement with Cookiebot. This is an agreement required by data protection law, which ensures that Cookiebot only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Server log files

The website provider automatically collects and stores information in so-called server log files, which your browser automatically sends to us. This is:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the computer accessing the site
  • Time of server request
  • IP address

This data is not merged with other data sources.

This data is collected on the basis of Art. 6 (1) f of the GDPR. The website operator has a legitimate interest in the technically error-free display and optimisation of its website – the server log files must be collected in order to do so.

Contact form

If you send us an enquiry using the contact form, your details from the form including the contact details you enter there are stored by us for the purpose of processing the enquiry and in case of subsequent questions. We will not pass this data on without your consent.

This data is processed on the basis of Art. 6 (1) b of the GDPR provided your enquiry is connected to the fulfilment of a contract or to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interests in the effective processing of enquiries addressed to us (Art. 6 (1) f of the GDPR) or on your consent (Art. 6 (1) a of the GDPR) provided this has been requested.

The data you enter on the contact form will remain with us until you request its erasure, withdraw your consent to its storage or the purpose of the data processing no longer applies (for example, after your enquiry has been processed fully). Mandatory statutory provisions - in particular retention periods - remain unaffected.

Enquiries by email, telephone or fax

If you contact us by email, telephone or fax, your enquiry, including all of the personal data that can be taken from it (name, enquiry), will be stored and processed by us for the purpose of processing your query. We will not pass this data on without your consent.

This data is processed on the basis of Art. 6 (1) b of the GDPR provided your enquiry is connected to the fulfilment of a contract or to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interests in the effective processing of enquiries addressed to us (Art. 6 (1) f of the GDPR) or on your consent (Art. 6 (1) a of the GDPR) provided this has been requested.

The data you send to us in contact enquiries will remain with us until you request its erasure, withdraw your consent to its storage or the purpose of the data processing no longer applies (for example, after your query has been processed fully). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

5. Social media

Facebook Plugins (Like & Share Button)

Plugins from the Facebook social network are integrated into this website. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transmitted to the USA and other third countries.

You can recognise the Facebook plugins by the Facebook logo or the “like” button on this website. You can find a summary of Facebook plugins at: developers.facebook.com/docs/plugins/.
When you visit this website, a direct connection is established between your browser and the Facebook server via the plug-in. As a result, Facebook receives the information that you have visited this website with your IP address. If you click on the Facebook “Like” button while you are logged into your Facebook account, you can link the content of this website to your Facebook profile. Facebook can consequently assign the visit to this website to your user account. We wish to point out that as the provider of the pages, we do not receive any information about the content of the data transmitted or its use by Facebook. You can find more information on this subject in Facebook’s privacy policy at: https://de-de.facebook.com/privacy/explanation. If you do not want Facebook to be able to assign your visit to this website to your Facebook account, please log out of your Facebook account.

The use of Facebook plugins is based on Art. 6 (1) f of the GDPR. The website operator has a legitimate interest in maximum visibility in social media. Provided consent has been requested accordingly, the processing is carried out exclusively on the basis of Art. 6 (1) a of the GDPR; the consent may be withdrawn at any time.

Insofar as personal data is collected on our website with the aid of the tool described here and transmitted to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are joint controllers with respect to such data processing (Art. 26 of the GDPR). This joint responsibility is restricted exclusively to the collection of the data and its transmission to Facebook. The processing by Facebook subsequent to such transmission is not part of the joint responsibility. Our joint obligations have been set out in a joint controller agreement. You can find the wording of this agreement at: www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information regarding the use of the Facebook tool and for the secure implementation of the tool on our website in terms of data protection. Facebook is responsible for the data security of Facebook products. You can assert data subjects’ rights (for example, the right to be informed) with regard to the data processed by Facebook directly with Facebook. If you assert data subjects’ rights with us, we are obliged to forward such to Facebook.

Data transmission to the USA is based on the standard contract clauses of the EU Commission. You can find the details here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.

Twitter Plugin

Twitter service functions are integrated into this website. These functions are provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. By using Twitter and the “Retweet” function, the websites you visit are linked to your Twitter account and notified to other users. Data is also transmitted to Twitter in the process. We wish to point out that as the provider of the pages, we do not receive any information about the content of the data transmitted or its use by Twitter. You can find more information on this subject in Twitter’s privacy policy at: https://twitter.com/de/privacy.

The use of the Twitter plugin is based on Art. 6 (1) f of the GDPR. The website operator has a legitimate interest in maximum visibility in social media. Provided consent has been requested accordingly, the processing is carried out exclusively on the basis of Art. 6 (1) a of the GDPR; the consent may be withdrawn at any time.

Data transmission to the USA is based on the standard contract clauses of the EU Commission. You can find the details here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.
You can change your privacy settings at Twitter in your account settings at twitter.com/account/settings.

Instagram Plugin

Instagram service functions are integrated into this website. These functions are provided by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

When you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. Instagram can consequently assign the visit to this website to your user account. We wish to point out that as the provider of the pages, we do not receive any information about the content of the data transmitted or its use by Instagram.

This data is stored and analysed on the basis of Art. 6 (1) f of the GDPR. The website operator has a legitimate interest in maximum visibility in social media. Provided consent has been requested accordingly, the processing is carried out exclusively on the basis of Art. 6 (1) a of the GDPR; the consent may be withdrawn at any time.

Insofar as personal data is collected on our website with the aid of the tool described here and transmitted to Facebook and Instagram, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are joint controllers with respect to such data processing (Art. 26 of the GDPR). This joint responsibility is restricted exclusively to the collection of the data and its transmission to Facebook and Instagram. The processing by Facebook and Instagram subsequent to such transmission is not part of the joint responsibility. Our joint obligations have been set out in a joint controller agreement. You can find the wording of this agreement at: www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information regarding the use of the Facebook and Instagram tool and for the secure implementation of the tool on our website in terms of data protection. Facebook is responsible for the data security of Facebook and Instagram products. You can assert data subjects’ rights (for example, the right to be informed) with regard to the data processed by Facebook and Instagram directly with Facebook. If you assert data subjects’ rights with us, we are obliged to forward such to Facebook.
Data transmission to the USA is based on the standard contract clauses of the EU Commission. You can find the details here: https://www.facebook.com/legal/EU_data_transfer_addendumhttps://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
You can find more information on this subject in Instagram’s privacy policy at: https://instagram.com/about/legal/privacy/.

Pinterest Plugin

On this website we use social plugins from the Pinterest social network which is operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

When you access a page containing such a plugin, your browser establishes a direct link to Pinterest’s servers. The plugin transmits protocol data to Pinterest’s servers in the USA in the process. This protocol data might contain your IP address, the address of the websites visited which also contain Pinterest functions, your browser type and settings, the date and time of the request, the way you use Pinterest and cookies.

This data is stored and analysed on the basis of Art. 6 (1) f of the GDPR. The website operator has a legitimate interest in maximum visibility in social media. Provided consent has been requested accordingly, the processing is carried out exclusively on the basis of Art. 6 (1) a of the GDPR; the consent may be withdrawn at any time.

You can find more information on the purpose, scope and further processing and use of the data by Pinterest and your rights in this respect and the options for protecting your privacy in Pinterest’s privacy policy: https://policy.pinterest.com/de/privacy-policy.

6. Analysis tools and marketing

Google Analytics

This website uses functions from the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows the website operator to analyse the behaviour of its website visitors. In the process, the website provider receives various user data such as pages accessed, how long was spent there, operating systems used and the origin of the user. This data is collated by Google in a profile which is assigned to the respective user or their terminal.

Google Analytics uses technology, which allows the recognition of the user for the purpose of analysing user behaviour (for example, cookies or device fingerprinting). The information collected by Google about the use of this website is normally transmitted to a Google server in the USA and stored there.

This analytics tool is used on the basis of Art. 6 (1) f of the GDPR. The website operator has a legitimate interest in the analysis of user behaviour in order to optimise its website and marketing. Provided consent has been requested accordingly (for example, consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 (1) a of the GDPR; the consent may be withdrawn at any time.

Data transmission to the USA is based on the standard contract clauses of the EU Commission. You can find the details here: https://privacy.google.com/businesses/controllerterms/mccs/.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available under this link: https://tools.google.com/dlpage/gaoptout?hl=de.

You can find more information on the handling of user data by Google Analytics in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Duration of storage

Data stored by Google at a user and event level that is linked to cookies, user recognition (for example, user ID) or marketing IDs (for example, DoubleClick cookies, Android marketing ID) is anonymised or erased after 14 months. You can find the details by following this link: https://support.google.com/analytics/answer/7667196?hl=de

7. Newsletter

Newsletter data

If you would like to subscribe to the newsletter offered on the website, we need to have your email address and information that allows us to verify that you are the owner of the email address given and agree to receiving the newsletter. Other data is not collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The data entered on the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 (1) a of the GDPR). You can withdraw your consent to storage of the data and email address and their use to send the newsletter at any time, for example by using the “unsubscribe” link on the newsletter. The legitimacy of the data processing carried out previously will remain unaffected by the withdrawal.

Your data that we have on file for the purpose of the newsletter subscription will only be stored by us until you unsubscribe from the newsletter with us or the newsletter service provider and erased from the newsletter distribution list after your cancellation of the newsletter or when the purpose no longer applies. We reserve the right to erase or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6 (1) f of the GDPR.

Following your removal from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist to prevent further mailings. The data in the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the statutory provisions relating to sending newsletters (legitimate interest within the meaning of Art. 6 (1) f of the GDPR). There is no time limit on storage in the blacklist. YOU MAY OBJECT TO THE STORAGE IF YOUR INTERESTS OVERRIDE OUR LEGITIMATE INTEREST.

Rapidmail

This website uses Rapidmail for sending newsletters. The provider is rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany.

Rapidmail is a service that can be used to organise and analyse the sending of newsletters among other things. The data you enter for the purpose of receiving the newsletter will be stored on Rapidmail’s servers in Germany.

Data analysis by Rapidmail

For the purpose of analysis, emails sent with Rapidmail contain a so-called “tracking pixel” which connects to the Rapidmail servers when the email is opened. This way, it can be determined whether a newsletter message has been opened.

Furthermore, with the help of Rapidmail we can determine whether and which links in the newsletter message are clicked on. All of the links in the email are co-called tracking links, with which your clicks can be counted. If you do not want any analysis by Rapidmail then you must unsubscribe from the newsletter. We provide a link in every newsletter message for this purpose.

You can find out more about the analysis functions of Rapidmail from the following link: https://de.rapidmail.wiki/kategorien/statistiken/.

Legal basis

The data processing is carried out on the basis of your consent (Art. 6 (1) a of the GDPR). You can withdraw this consent at any time. The legitimacy of the data processing carried out previously will remain unaffected by the withdrawal.

Duration of storage

Your data that we have on file for the purpose of the newsletter subscription will only be stored by us until you unsubscribe from the newsletter with us or the newsletter service provider and erased from the newsletter distribution list after your cancellation of the newsletter. Data, which we have stored for other purposes, will remain unaffected by this.

Following your removal from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist to prevent further mailings. The data in the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the statutory provisions relating to sending newsletters (legitimate interest within the meaning of Art. 6 (1) f of the GDPR). There is no time limit on storage in the blacklist. YOU MAY OBJECT TO THE STORAGE IF YOUR INTERESTS OVERRIDE OUR LEGITIMATE INTEREST.

You can find out more from Rapidmail’s privacy policy at: https://www.rapidmail.de/datensicherheit.

Conclusion of a data processing agreement

We have concluded an agreement with Rapidmail in which we place Rapidmail under obligation to protect the data of our customers and not to pass it on to third parties. You can read the agreement via the following link: https://de.rapidmail.wiki/files/adv/muster-auftragsdatenverarbeitung.pdf.

8. Plugins and Tools

Google Maps

This website uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

In order to use Google Maps functions it is necessary to store your IP address. This information is normally transmitted to a Google server in the USA and stored there. The provider of this site does not have any influence on this data transmission.

The use of Google Maps is in the interest of an appealing display of our online services and to make it easy to find the places mentioned on our website. This constitutes a legitimate interest within the meaning of Art. 6 (1) f of the GDPR. Provided consent has been requested accordingly, the processing is carried out exclusively on the basis of Art. 6 (1) a of the GDPR; the consent may be withdrawn at any time.

Data transmission to the USA is based on the standard contract clauses of the EU Commission. You can find the details here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/. You can find more information on the handling of user data in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

9. eCommerce and payment service providers

Processing of data (customer and contract data)

We only collect, process and use personal data if it is necessary to establish, organise the contents of or modify the legal relationship (contract data). This is carried out on the basis of Art. 6 (1) b of the GDPR, which permits the processing of data to fulfil a contract or pre-contractual measures. We only collect, process and use personal data relating to the use of this website (user data) if it is necessary to do so, in order to enable the user to make use of the service or to bill them.

The collected customer data is erased after the order has been fulfilled or the business relationship has ended. Statutory retention periods remain unaffected.

10. Audio and video conferences

Data processing

We use online conference tools among other means to communicate with our customers. The specific tools we use are listed below. If you communicate with us via video or audio conference over the internet, your personal data is collected and processed by us and the provider of the conference tool concerned.

In the process, the conference tools collect all the data that you provide/use in order to use the tool (email address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, the start and end (time) of participation in the conference, the number of participants and other “context information” associated with the communication operation (metadata).

Furthermore, the provider of the tool processes all of the technical data which is necessary to handle the online communication. This comprises in particular IP addresses, MAC addresses, terminal IDs, terminal type, operation system type and version, client version, camera type, microphone or loudspeaker and the type of connection.

If content is exchanged, uploaded or provided in any other way within the tool, this is likewise stored on the tool provider’s servers. Such content includes, in particular, cloud records, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information which is shared while the service is being used.

Please note that we do not have full influence on the data processing operations of the tools used. Our options essentially depend on the corporate policy of the provider concerned. Please see the privacy policies of the tools concerned for more information on data processing by the conference tools, which we have listed below. 

Purpose and legal bases

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 (1) first sentence (b) of the GDPR). Furthermore, the use of the tools helps to generally simplify and accelerate communication with us or our company (legitimate interest within the meaning of Art. 6 (1) f of the GDPR). Provided consent has been requested, the use of the tools concerned is based on such consent; the consent may be withdrawn at any time with effect for the future. 

Duration of storage

The data collected directly by us via the video and conference tools is erased from our systems as soon as you request us to erase it, withdraw your consent to its storage or the purpose of data storage no longer applies. Stored cookies will remain on your terminal until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence on the duration of storage of your data which is stored by the operators of the conference tool for their own purposes. Please seek information about the details directly from the operators of the conference tools.

Conference tools used

We use the following conference tools:

  • Microsoft Teams
    We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Please see the privacy policy of Microsoft Teams for details on data processing: https://privacy.microsoft.com/de-de/privacystatement

Conclusion of a data processing agreement

We have concluded a data processing agreement with the provider of Microsoft Teams and fully implement the strict requirements of the German data protection authorities when using Microsoft Teams.

11. Our own services

Handling of applicants’ data

We offer you the chance to apply for a job with us (for example, by email, by post or via online application forms). We inform you below about the scope, purpose and use of your personal data collected within the scope of the application process. We give you our assurance that the collection, processing and use of your data complies with the applicable data protection law and all other statutory provisions and that your data is handled in strict confidence.

Scope and purpose of data collection

If you send us an application, we process your associated personal data (for example, contact and communication data, application paperwork, notes taken within the scope of interviews, etc.) if this is necessary to make a decision on the establishment of an employment relationship. The legal basis for this is Section 26 of the new Federal Data Protection Act under German law (initiation of an employment relationship), Art. 6 (1) b of the GDPR (general contract initiation) and – provided you have given your consent – Art. 6 (1) a of the GDPR. The consent may be withdrawn at any time. Within our company, your personal data will only be passed on to persons who are involved in processing your application.

If your application is successful, the data you have submitted will be stored in our data processing systems on the basis of Section 26 of the new Federal Data Protection Act and Art. 6 (1) b of the GDPR for the purpose of performing the employment relationship.

Data retention period

If we cannot offer you a job, you reject a job offer or withdraw your application, we reserve the right to retain the data you have transmitted to us on the basis of our legitimate interest (Art. 6 (1) f of the GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of your application). The data will subsequently be erased and the physical application paperwork destroyed. The retention serves the purpose of providing evidence in the event of a legal dispute, in particular. If it is apparent that the data will be needed after the expiry of the 6-month period (for example, due to an impending or pending legal dispute), it will only be erased when the purpose of the ongoing retention no longer applies.

Apart from this, it may be retained for longer if you have given your consent accordingly (Art. 6 (1) a of the GDPR) or if statutory retention periods do not permit erasure.

Inclusion in the applicant pool

If we do not offer you a job, there may be a possibility of including you in our applicant pool. In the event that you are included, all of the documents and details from the application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.

You will only be included in the applicant pool on the basis of your explicit consent (Art. 6 (1) a of the GDPR). Submission of the consent is voluntary and in no way related to the current application process. The data subject may withdraw their consent at any time. In this case the data from the applicant pool will be erased irrevocably unless there are any statutory retention obligations.

The data from the applicant pool will be irrevocably erased two years after your consent is given, at the latest.