Data protection

Data protection

Below you can find information on the processing of personal data when using our various websites.

In general, you can use the information we offer without registering and providing personal information (but see Section 3.4, Digital edition of the Deutsche Handwerksblatt). Under the circumstances, this may involve us processing personal data to provide the website, guarantee system security, create statistics on the use of the website or for personalised advertising. We only use cookies for statistics and marketing with your consent.

If you place an order, take part in a competition or cast a vote as part of a competition, subscribe to a newsletter or want to publish a comment on an article, we collect the data you provide us with.

1. General information

1.1. Controller
Verlagsanstalt Handwerk GmbH, Auf'm Tetelberg 7, D-40221 Dusseldorf, Telephone: 0211/390 98-0, Telefax: 0211/390 98-29, e-mail: info@verlagsanstalt-handwerk.de

1.2. Company data protection officer
exkulpa GmbH
Waldfeuchter Straße 266
D-52525 Heinsberg
Germany
Telephone: 02 452 / 993 311
E-mail: datenschutz@verlagsanstalt-handwerk.de

Photo: © exkulpa GmbHPhoto: © exkulpa GmbH

 

 

 

2. Processing of personal information when retrieving a website

2.1. Log files
We collect and save data for statistical purposes, to guarantee system security and to prevent abuse. For example, this includes your IP address, the Internet browser used, the website from which you reached our website, the offers visited on our website as well as the date and duration of your visit.

We use log files to safeguard our legitimate interests, analyse the use of our website, make the website user-friendly, guarantee system security and enable us to track abuse.

Together with the complete IP address, which permits identification of a particular Internet user, the data are saved in log files a maximum of once a week. The legal basis of the processing is Art. 6 (1) f of the General Data Protection Regulation (GDPR).

2.2. General information on cookies
Our websites use cookies. Cookies are small text files that are deposited on your computer and stored by your browser.

On the one hand, cookies differ according to their lifetime:

• Session cookies are only saved for the duration of the browser session and are then automatically deleted.
• Persistent cookies also continue to be saved after closing the browser until their validity expires or the cookie is deleted (e.g. by browser settings).

Cookies are used for different purposes:
• Necessary cookies are required to facilitate the presentation of the website.
• Statistics cookies enable us to evaluate the use of a website to make the information we offer user-friendly.
• Marketing cookies serve to detect the interests of the user and display personalised advertising.

Different cookies are used on our websites. You can discover in detail which cookies are used as necessary cookies and which ones for statistics and marketing - provided you give your consent to this - in the cookie banner.

Cookies for statistics and marketing are only placed if you gave your consent to these kinds of cookies. You can revoke your consent at any time. The cookie banner states when the lifetime of each cookie expires.

If the following statements refer to cookies, they apply in each case to the websites involved that use the tools described.

2.3. Necessary cookies
The legal foundation for the use of necessary cookies is Art. 6 (1) f GDPR. The use of necessary cookies serves to safeguard our legitimate interests, namely
• to save whether you have consented to the use of cookies for statistics and marketing to avoid having to ask you once again for this consent;
• to display the contents of our websites faster;
• to prevent improper uses and guarantee the security of our systems;

In general, you can prevent the placement of cookies by deactivating cookies in your browser settings. However, you may then be unable to use all of the functions of the website. Moreover, you can also have cookies deleted at any time from your browser.

2.4. Cloudflare
We use the CDN service of Cloudflare Inc., 101 Townsend St., San Francisco, California 94107, USA. CloudFlare offers a worldwide distributed content delivery network with DNS. Technically, the information transfer between your browser and our website is conducted via the CloudFlare network. Consequently, CloudFlare is able to analyse the data traffic between users and our websites, for example, to detect and ward off attacks on our services. Moreover, CloudFlare may save cookies on your computer for optimisation and analysis.

Cloudflare collects statistical data on website visits. The access data include: name of the website visited, file, date and time of visit, data quantity transferred, report on successful visit, browser type plus version, user operating system, referrer URL (previously visited site), IP address and requesting provider. Cloudflare uses the log data for statistical evaluation for the purpose of operation, security and optimisation of the offer.

This serves to safeguard our legitimate interests, namely, protecting the security of our systems. The legal foundation is Art. 6 (1)f GDPR.

2.5. Google reCAPTCHA
We use the “reCAPTCHA” function. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use this function, for example, in order to be able to detect whether entries in online forms were made by people and not automatically running machines (so-called “bots”). The data processed can include IP addresses, information about operating systems, devices or browsers used, language settings, location, mouse movements, keystrokes, stay duration on websites, previously visited websites, interactions with reCAPTCHA on other websites, under certain circumstances cookies and results of manual detection processes (e.g. answering questions posed or selection of objects in pictures).

You can find more detailed information at https://www.google.com/recaptcha/ and https://policies.google.com/privacy.

The legal basis is Art. 6 (1) f GDPR. The use of reCAPTCHA serves to safeguard our legitimate interests, namely, preventing improper use.

2.6. Bitly
We use the service bitly from Bitly Inc., New York City, 139 5th Avenue, 5th floor, New York, NY 10010, USA. bitly facilitates abbreviation of long URLs.

If you click on a link abbreviated by bitly, a connection is established to bitly servers. The bitly server is informed which bitly links you visited. bitly also collects and saves your IP address, the time, date, location, referring website, browser type, cookie information, device identification, device settings and operating system in the case of mobile access.

We see all information only after anonymization by bitly. We only receive information on when a link was clicked, in what country and from which URL origin. Statistics on the abbreviated URL, for example the number of views and times of the links, can also be retrieved.

The legal basis is Art. 6 (1) f GDPR. The use of bitly serves to safeguard our legitimate interests, namely, providing user-friendly links.

You can find more information on the handling of user data in the data protection declaration of bitly at https://bitly.com/pages/privacy?lang=de

2.7. Counting of page views: use of scalable central measurement procedure
Our website uses the measurement procedure (“SZMnG”) of INFOnline GmbH (https://www.INFOnline.de) to determine statistical key values about the use of our offers. The goal of the usage measurement is to determine the number of visits to our website, the number of website visitors and their surfing behaviour statistically - based on a uniform standard procedure - and in this way obtain market-wide comparable values.

For all offers which are members of the Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V. (IVW –http://www.ivw.eu) or take part in the studies of the Arbeitsgemeinschaft Online-Forschung e.V. (agof - http://www.agof.de), the usage statistics regularly undergo further processing by agof and the Arbeitsgemeinschaft Media-Analyse e.V. (agma - http://www.agma-mmc.de) as coverages and are published with the usage values “unique users” and by the IVW with the performance values “page impression” and “visits”. These coverage values and statistics can be viewed on the respective websites.

2.7.1. Legal basis for the processing
Measurement using the SZMnG measurement procedure by INFOnline GmbH occurs as part of a usage measurement and participation in the IVW e.V. with legitimate interest according to Art. 6 (1) f GDPR.

The purpose of processing personal data is to create statistics. The statistics enable us to track and document use of our offer. Usage measurement guaranteeing comparability with other market participants is indispensable for marketing of this website. Our legitimate interest arises from the ability to make commercial use of the findings resulting from the statistics and the fact that the market value of our website – also in direct comparison with third party websites – can be determined on the basis of the statistics.

Furthermore, we have a legitimate interest in providing the pseudonymised data to INFOnline and the IVW for statistical purposes (INFOnline, IVW). In addition, we have a legitimate interest in providing the pseudonymised data to INFOnline for further development and provision of interest-appropriate advertising media.

Measurement using the SZMnG measurement procedure by INFOnline GmbH occurs as part of a usage measurement and participation in the agof study with your consent according to Art. 6 (1) a GDPR.

The purpose of processing personal data is to create statistics and the formation of user categories. The statistics enable us to track and document use of our offer. The user categories form the basis for interest-appropriate orientation of advertising media or advertising measures. Usage measurement guaranteeing comparability with other market participants is indispensable for marketing of this website. The pseudonymised data are provided to INFOnline and agof e.V. for the purpose of market research (agof, agma).

2.7.2. Nature of the data
INFOnline GmbH collects the following data, which have a personal reference according to EU GDPR:
• IP address: to transmit data, every device on the Internet requires a clear address, the so-called IP address. The at least short-term saving of the IP address is necessary due to the way the Internet works. IP addresses are abbreviated by 1 byte before any processing and only undergo further processing in anonymised form. There is no storage or further processing of unabbreviated IP addresses.
• A randomly generated client identifier: the coverage processing uses alternatively third party cookies, first party cookies, a local storage object or a signature, which is created from various automatically transmitted pieces of information of your browser, to recognise computer systems. This identification is clear for a browser as long as the cookie or local storage object has not been deleted. Consequently, measurement of the data and subsequent assignment to the respective client identifiers is also possible if you retrieve other websites that likewise use the measurement procedure ("SZMnG”) of INFOnline GmbH. The lifetime of the cookies is restricted to a maximum of one year.

2.7.3. Use of the data
The measurement procedure of INFOnline GmbH, deployed on this website, determines usage data. This is done to collect the performance values page impressions, visits and clients.

As part of the agof study, this is used to produce additional key data (e.g. qualified clients). Furthermore, the data measured are used as follows:
• So-called geolocalisation, i.e. the assignment of website retrieval to the location of the retrieval, occurs exclusively on the basis of anonymised IP addresses and only to the geographical level of the federal state / regions. Under no circumstances can any conclusions be drawn regarding the specific residence location of a user from the geographical information obtained in this way.
• The usage data of a technical client (e.g. of a browser on a device are merged across websites and saved in a database. This information is used for the technical assessment of the social category information age and gender and passed on to the service provider agof e.V. for further coverage processing. Social category features undergo a technical assessment based on random samples as part of the agof study. These can be assigned to the following categories: Age, gender, nationality, occupation, marital status, general information about household, household income, place of residence, Internet usage, online interests, use location, user type.

2.7.4. Data storage duration
INFOnline GmbH does not save the complete IP address. The abbreviated IP address is saved for a maximum of 60 days. The usage data are saved for a maximum of six months together the clear identifier.

2.7.5. Forwarding of the data
The IP address as well as the abbreviated IP address is not forwarded. To create the agof study, data are passed on with client identifiers to the following service providers of agof e.V.:
• Kantar Deutschland GmbH (https://www.tns-infratest.com/)
• Ankordata GmbH & Co. KG (http://www.ankordata.de/homepage/)
• Interrogare GmbH (https://www.interrogare.de/)

2.7.6. Objection
If you do not want to take part in the measurement, you can object at the following link: https://optout.ioam.de

Placement of a cookie is necessary to guarantee exclusion from the measurement. If you delete cookies in your browser, the opt-out process has to be repeated at the above-mentioned link.

2.8. Use of Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called "cookies", text files that are stored on your computer and permit analysis of your use of the website. The information generated by the cookie on your use of this website (including your IP address) is transferred to a Google server in the USA and stored there. We point out that on this website Google Analytics has been expanded with the code “gat._anonymizelp();” in order to guarantee anonymised recording of IP addresses. As a result, your IP address is abbreviated by the last characters and can no longer be assigned to a particular computer.

Google will use this information to evaluate your use of the website, compile reports on website activities for the website operators and provide other services associated with the website use and Internet use. Google may also transfer this information to third parties under certain circumstances if this is legally required or if third parties process this data on behalf of Google. Under no circumstances will Google connect your IP address with other Google data.

The legal basis of the data processing is Section 15 (3) Telemedia Act (TMG), Art. 6 (1)a GDPR (consent). You can revoke your consent at any time.

In addition, you can object to the collection and use of your IP address by Google Analytics. You can find more information at https://tools.google.com/dlpage/gaoptout?hl=de.

2.9. Google Tag Manager
We use Google Tag Manager. Through this service, JavaScript tags can be administered across a website. The Google Tag Manager only implements tags. This means that no cookies are used for this and no personal data are recorded. The Google Tool Manager actuates other tags that in turn record data. However, the Google Tag Manager does not access such data.

2.10. Retargeting from The Trade Desk
Our website uses the retargeting technology of The Trade Desk, Inc. (Trade Desk”). This function serves to present interest-related advertising displays to visitors of the website as part of The Trade Desk advertising network. The browser of the website visitor saves cookies that permit recognising the visitor once again if it retrieves websites that belong to the advertising network of The Trade Desk. Advertising displays can then be presented to the visitor on these pages that relate to contents that the visitor retrieved previously on websites that use the retargeting technology of The Trade Desk. According to its own information, The Trade Desk collects pseudonymised data during this process.

The legal basis of the data processing is Section 15 (3) Telemedia Act (TMG), Art. 6 (1) a GDPR (consent). You can revoke your consent at any time.

If you do not wish to use this retargeting function, you can also deactivate it: https://www.adsrvr.org You can find additional information on the retargeting technology from The Trade Desk, the data protection declaration of The Trade Desk and on the opt-out options at: https://www.thetradedesk.com/general/privacy

2.11. Plugins and integrated third party contents

2.11.1. Facebook plug-ins
We use the plug-ins of the social media network Facebook, operated by Facebook Ireland Limited.., Grand Canal Square, Dublin, Ireland, a subsidiary Facebook Inc., Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If you retrieve a page that includes such a plug-in, your browser establishes a direct connection with the servers of Facebook. The content of the plug-in is transmitted directly by Facebook to your browser and integrated by it in the website. This provides Facebook with the information that a user retrieved the corresponding page of the product offer. If you are a Facebook user and logged into Facebook, Facebook can assign your page retrieval to your Facebook account. If you interact with a plug-in, for example to share or “like” content, this information is transmitted directly from your browser to Facebook and stored there. Even if you are not a Facebook user or not logged into Facebook, it is possible that Facebook will store your IP address. According to Facebook, only an abbreviated, i.e. anonymised IP address, is stored of users from Germany.

You can discover the purpose and scope of the data collection and other processing and use of data by Facebook, as well as the associated rights and setting options to protect the privacy of users, in the data protection information of Facebook: http://www.facebook.com/policy.php.

If you do not want Facebook to collect data about you by means of the plug-in and link this with your membership data stored at Facebook, you must log out from Facebook before visiting our website. You can also block the plug-ins, for example by installing the browser add-on “Facebook Blocker.”

2.11.2. Twitter plug-ins
We use the plug-ins of Twitter, which are operated by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, a subsidiary of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. You can share an article on Twitter as logged-in Twitter user with the plug-in or share pages from this product offer in Twitter or follow the provider at Twitter. Even if you are not a Twitter user or not logged in to Twitter, your browser establishes a direct connection to the Twitter servers. The content of the Twitter buttons is transmitted by Twitter directly to the browser of the user. We have no influence on the scope of the data Twitter processes with the help of this plug-in. As far as we know, your IP address together with the URL of the page retrieved is transmitted to Twitter, but only used for the display of the button.

You can find more information on this in the data protection declaration of Twitter at http://twitter.com/privacy.

2.11.3. YouTube
We have integrated videos in our website that are saved in the YouTube service operated by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and that can be retrieved and played within our website.

We have integrated the videos in a way that ensures the active YouTube player is not loaded when loading a page. This only happens once you activate the player. This setting is saved in a cookie. When you play a video, a connection is established to a Google server. As a result, Google learns your IP address and the fact that you visited our website.

If you are logged into Google, Google can assign this information to your account as well as the playing of the video. You can hinder this by logging out of Google beforehand. You can find more information about data processing and information about data protection at www.google.de/intl/de/policies/privacy/.

Integration of the video serves to safeguard legitimate interests, namely, to provide a user-friendly website. The legal basis of the processing if Art. 6 (1) f GDPR.

Cookies are only placed in connection with an integrated YouTube video if you provided your consent to this. The legal basis for this is then Art. 6 (1) a GDPR.

2.11.4. Vimeo
We use plug-ins on some of our pages from the provider Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA. If you retrieve pages of our online offering featuring such a plug-in, a connection is established to the Vimeo servers and the plug-in presented. As a result, the Vimeo server is informed which of our servers you visited. If you are logged in as a member at Vimeo, Vimeo assigns this information to your personal user account. When using the plug-in, e.g. by clicking the start button of a video, this information is likewise assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our Internet page and deleting the corresponding cookies of Vimeo.

Integration of the video serves to safeguard legitimate interests, namely, to provide a user-friendly website. The legal basis of the processing is Art. 6 (1) f GDPR. Cookies are only placed in connection with an integrated YouTube video if you provided your consent to this. The legal basis for this is then Art. 6 (1) a GDPR.

You can find the data protection declaration of Vimeo Inc. at https://vimeo.com/privacy

2.11.5. Spotify
On some of our pages, we use the player of the provider Spotify in order to play audio recordings. If you retrieve the pages of our online offering fitted with such a player, a connection is established to the server of Spotify. As a result, Spotify is informed which of our servers you visited. If you are logged in to Spotify as a registered Spotify user, Spotify assigns this information to your personal user account. When using the plug-in, e.g. by clicking the start button of a recording, this information is likewise assigned to your user account. You can prevent this assignment by logging out of your Spotify user account before using our Internet page and deleting the corresponding cookies of Spotify.

Integration of the audio recordings serves to safeguard legitimate interests, namely, to provide a user-friendly website. The legal basis of the processing is Art. 6 (1) f GDPR.

Cookies are only placed in connection with integrated Spotify recordings if you provided your consent to this. The legal basis for this is then Art. 6 (1) a GDPR.

3. Processing of the data you provide us with

3.1. Queries
If you contact us via e-mail or a contact form, we save your information for the purpose of processing the query and in the event of follow-up queries. The legal basis is Art. 6 (1) b GDPR (pre-contractual measures).

3.2. Orders

3.2.1. General
If you provide personal information as part of the order, we process this for handling the agreement. The legal basis is Art. 6 (1) b GDPR (contractual performance).

Forwarding of your personal data to third parties only occurs if this is necessary for the purpose of contractual processing (for example, to transport and payment service providers). The legal basis is Art. 6 (1) b GDPR (contractual performance).

A user account is not required; you can also order as guest.

If you place an order with us, we also offer online payments, among other things, as means of payment. We use several providers for processing online payments. If you make a payment via one of these providers, your payment data is transmitted to them.

The legal basis for the data processing in each case is Art. 6 (1) b GDPR, since processing of the data is required for payment and consequently conduct of the agreement.

3.2.2. PayPal
PayPal permits online payments to be made to third parties. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. If you select PayPal as means of payment, your data required for the payment process is automatically transmitted to PayPal. This normally involves the following data:

The data transmitted to PayPal may be transmitted by PayPal to credit bureaus. This purpose of this transmission is to check identity and creditworthiness. PayPal may also pass on your data to third parties if this is necessary for performance of the contractual obligations or order processing is to be carried out. You can view the data protection provisions of PayPal at https://www.paypal.com/de/webapps/mpp/ua/privacy-full/.

3.2.3. Mollie
We offer payment via Mollie. The provider of this payment service is Mollie B.V, Keizersgracht 313, 1016 EE Amsterdam, Netherlands. If you select payment via Mollie, the payment data you enter is transmitted to Mollie and the correspondingly selected payment providers.

You can find more detailed information about data protection at https://www.mollie.com/de/privacy.

3.2.4. Unzer
We offer payment via unzer. The provider of the payment service is unzer GmbH, Vangerowstraße 18, D–69115 Heidelberg, Germany. If you make the payment using unzer, unzer collects various pieces of different transaction data and passes it on to the bank at which you are registered at unzer. You can find details about the payment with unzer in the GTC and data protection provisions of unzer at: https://www.unzer.com/de/datenschutz/.

3.3. User account
You can create a free user account for your order and future orders where your master data remain saved and you can see your past orders. If you create a user account, we collect the data you provide to us, namely first and last name, your e-mail address and a self-chosen password.

We process this data in order to provide you with the functions of the user account. The legal basis is Art. 6 (1) b GDPR (pre-contractual measures and contractual performance). The data saved is only used for provision of digital editions.

3.4. Digital editions
To obtain the digital edition of the Deutsche Handwerksblatt, the eligible company must set up a free user account. We provide every new edition for retrieval in this user account and inform the company about this via e-mail. When setting up the user account, the name of the company, responsible chamber of handicrafts and an e-mail address are recorded, among other things. We send the access data for registration in the user account to this e-mail address.

The data mentioned remain saved for as long as the user account exists. The legal basis of the data processing is Art. 6 (1) b GDPR (performance of the user agreement).

3.5. Learning portal “Sackmann”
You can register with the learning portal with the access code included in the text book. You do not have to enter any personal data in doing so. If you only want to receive access to the contents of the learning portal, you remain completely anonymous to us. However, you cannot save any data in the learning portal without a user account.

The storage space for the user account is provided on our behalf by SilkCode GmbH, Luisenstraße 62, 47799 Krefeld. SilkCode processes the data on our behalf. The legal basis is the safeguarding of legitimate interests, namely, the provision of an efficient service offer, according to Art. 6 (1) f GDPR and order processing according to Art. 28 GDPR. Your data are processed exclusively in Germany.

3.6. Competitions

3.6.1. Processing of the personal data of the candidates
We process the data collected via the participation form, such as name, address, e-mail, telephone and fax number, the uploaded photos and videos and if applicable information about you with your consent exclusively for your participation in the competition. Participation in the competition is not possible without this consent. We use your e-mail address for communication as part of the participation in the competition for queries and notification if you are selected for the next round. Other information and photographs are published on the website upon introduction of the candidates.

The legal basis for the data processing is Art. 6 (1) a of the GDPR (consent of the data subject). You can revoke your consent at any time. However, further participation is not possible and you leave the competition automatically.

After termination of a competition, we delete the data if we are not legally obliged to preserve them or this is required for safeguarding of our legitimate interests (legal enforcement or warding off claims).

3.6.2. Voting
You can cast your vote anonymously for a candidate. However, we use a self-written tool in determining the vote, which by saving various data points is intended to hinder a user from being able to cast a vote for a candidate more than once. As a result, we can save the IP of the user, the user agent (which browser, operating system, etc.), the time of the last vote and a specific user session in a database.

The legal basis for the data processing is Art. 6 (1) f of the General Data Protection Regulation GDPR. The data processing serves to safeguard our legitimate interests, namely to prevent abusive vote casting and guaranteeing the proper course of the competition.

3.7. Newsletter
You must state your name and e-mail address in order to register for one of our e-mail newsletters. We process this data with your consent exclusively for the mailing of the newsletter(s) you requested. To confirm the registration, we send you an e-mail with a confirmation link. Only after activation of the confirmation link are you registered for the newsletter.

The legal basis for the data processing is Art. 6 (1) a of the GDPR (consent of the data subject). You can revoke your consent at any time; the easiest way to do so is by activating the cancellation link included at the end of every newsletter.

We use MailJet, a server of Mailgun Inc., 112 E Pecan St. #1135, San Antonio, TX 78205, USA. Mailgun processes personal data on our behalf (order processing according to Art. 28).

3.8. Commenting on articles
You have to state your name and e-mail address in order to be able to comment on an article. With your consent, your name and the time you despatched the comment are displayed publicly together with your comment. Your e-mail address is not published. We only use it if necessary in order to communicate with you. If you also provide us with your consent to do so, we notify you by e-mail if another user likewise writes a comment on the same article.

The legal basis for the data processing is Art. 6 (1) a of the GDPR (consent of the data subject). You can revoke your consent at any time. If you so wish, we can remove your name so that your comment is only published anonymously or we can delete your comment in full.

3.9. Contilla Content-Creator
We use “Contilla ContentCreator” for the creation of interactive content formats (e.g. quiz, test, guessing games), which we integrate in our website. The personal data collected during use that you yourself provide (e.g. name, contact data, Facebook ID) or that arise during use (e.g. evaluations of your answers to quiz questions, IP address and time and place of the access to the interactive content) are passed on to our service provider Contilla GmbH and are processed by it on our behalf (order processing according to Art. 28 GDPR). Contilla in turn deploys InterNetX GmbH and EMC HostCo GmbH as order processors (company and hosting of the server) as well as Inxmail GmbH (mailing of e-mails to users of the interactive content). All three service providers process the data in Germany.

4. Safeguarding of legitimate interests and performance of legal obligations
We process your data for mailing advertising (this only applies to postal advertising; we only contact you by e-mail, telefax or telephone if you have given your express consent to this). If necessary, we process your data also for the assertion, enforcement or defence of legal claims. The legal basis is Art. 6 (1) f GDPR (safeguarding of our legitimate interest, namely direct advertising and assertion, enforcement or defence of legal claims).

In addition, we process your data for performance of our preservation obligations for business documents according to commercial law and tax law and disclose your data to third parties if we are legally obliged to do so, e.g. the internal revenue office. The legal basis is Art. 6 (1) c GDPR (performance of legal obligations).

5. Storage duration
We save your data only for as long as this is required for one of the above-mentioned purposes. You can see the lifetime of cookies in the cookie banner.

6. Recipient of data
In the following cases, we transmit your data to third parties:
• If this is necessary for the performance of our contractual obligations, especially to the commissioned credit institute during invoicing. The legal foundation in this case is Art. 6 (1) b GDPR.
• If this is necessary for safeguarding of our legitimate interests. Our legitimate interests in particular cover the assertion of claims. The legal foundation in this case is Art. 6 (1) f GDPR:
• For the performance of a legal obligation, e.g. vis-à-vis tax authorities. The legal foundation in this case is Art. 6 (1) c GDPR.

Our websites are hosted by the following providers:
• domainfactory GmbH, Oskar-Messter-Str. 33, 85737 Ismaning
• Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen
• STRATO AG, Pascalstraße 10, 10587 Berlin
The respective hoster processes personal data on our behalf (order processing according to Art. 28 GDPR).

In addition, data is transmitted to the above-mentioned service provider. If they have their registered offices in the USA, the following applies: since no appropriate data protection level according to Art. 45 GDPR has been identified, we use the standard clauses passed by the EU Commission as suitable guarantee according to Art. 46 GDPR. The standard contractual clauses are agreed as part of the data protection agreements with the corresponding service provider. You can view the standard contractual clauses here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de

7. Your rights
If the particular legal conditions exist, you have the following rights:
• You are free to revoke the consent you issued to us at any time (Art. 7 (3) GDPR).
• You have the right to obtain information about the personal data saved about you (Art. 15 GDPR).
• You are entitled to request correction of inaccurate data (Art. 16 GDPR).
• You are entitled to demand erasure (Art. 17) or restriction of processing (Art. 18 GDPR) of data no longer needed. If statutory preservation obligations exist, e.g. for business correspondence under commercial law and tax law or another statutory exception exists, data are not deleted, but only the processing restricted.
• You are entitled to data portability (Art. 20 GDPR), i.e. the right to demand the data you provided to us in a structured, commonly-used and machine-readable format and to transmit these data to another controller without being hindered by us; if applicable, also the right to demand that we transmit the data directly to another controller if this technically feasible.
• You are entitled to lodge a complaint with a regulatory authority. The local regulatory body responsible for us is the State Officer for Data Protection and Freedom of Information, North Rhine Westphalia, Kavalleriestr. 2-4, 40213 Dusseldorf (https://www.ldi.nrw.de).

8. Right to object
You can object at any time to the processing of your data for the purpose of direct advertising and on special grounds also to the processing of your data otherwise to safeguard legitimate interests (Art. 20 GDPR).