Privacy
1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about how we handle your personal data when you use our website. Personal data means all data by which you can be personally identified.
1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Jan Krause, JKM1 Studio, Auf der Heide 18, 53567 Asbach, Germany, Tel.: 02683 9665464, e-mail: [email protected]. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.
1.3 The controller has appointed a data protection officer who can be reached as follows: “Jan Krause, Auf der Heide 18, 53567 Asbach, Tel.: 02683 9665464, [email protected]”
2.1 When you use our website purely for information purposes—that is, if you do not register or transmit information to us in any other way—we collect only the data that your browser transmits to the server (so-called “server log files”). When you access our website, we collect the following data, which are technically necessary for us to display the website:
Processing is carried out pursuant to Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data are neither disclosed to third parties nor used in any other way. However, we reserve the right to check the server log files retrospectively should concrete indications of unlawful use become known.
2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock icon in your browser’s address bar.
3.1 For hosting our website and displaying its content we use a provider that performs its services itself—or via selected subcontractors—exclusively on servers located within the European Union.
All data collected on our website are processed on these servers.
We have concluded a data-processing agreement with the provider that ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.
3.2 Cloudflare
We use a content delivery network from the following provider: Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA
This service enables us to deliver large media files such as graphics, page content or scripts more quickly via a network of regionally distributed servers. Processing is based on our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR. We have concluded a data-processing agreement with the provider that ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision by the European Commission, ensures compliance with the European level of data protection.
To make visiting our website attractive and to enable the use of certain functions, we use cookies—small text files that are stored on your end device. Some cookies are deleted automatically after you close your browser (“session cookies”), while others remain on your device longer and allow site settings to be stored (“persistent cookies”). In the latter case, you can find the storage period in your browser’s cookie settings.
Where cookies process personal data, processing takes place either under Art. 6 para. 1 lit. b GDPR for contract performance, under Art. 6 para. 1 lit. a GDPR if consent has been given, or under Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly, effective site experience.
You can configure your browser to inform you about cookie placement and decide individually whether to accept them, to refuse cookies in certain cases or in general.
Please note that if you do not accept cookies, the functionality of our website may be limited.
5.1 Own Review Reminder
Based solely on your express consent pursuant to Art. 6 para. 1 lit. a GDPR, we use your e-mail address once to remind you to submit a review of your order. You can withdraw your consent at any time by sending a message to the controller.
5.2 Calendly
To provide an online appointment-booking function we use the services of: Calendly, LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA.
For the purpose of scheduling appointments, first and last name as well as e-mail address (and, if a phone call is desired, the phone number) are collected under Art. 6 para. 1 lit. b GDPR and, based on our legitimate interest in effective customer management and efficient appointment administration per Art. 6 para. 1 lit. f GDPR, transmitted to the provider and stored there for scheduling.
After the appointment has taken place or after the agreed appointment period, your data are deleted by the provider.
We have concluded a data-processing agreement with the provider that ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection.
5.3 WhatsApp Business
We offer you the option to contact us via the WhatsApp messaging service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, using the “Business” version of WhatsApp.
If you contact us via WhatsApp regarding a specific business transaction (for example, an order), we store and use the mobile number you use on WhatsApp and—if provided—your first and last name under Art. 6 para. 1 lit. b GDPR to process and respond to your concern. On the same legal basis, we may ask you via WhatsApp to provide further data (order number, customer number, address or e-mail) to assign your request to a specific case.
If you use our WhatsApp contact for general inquiries (e.g., about our services or availability), we store and use the mobile number you use on WhatsApp and—if provided—your first and last name under Art. 6 para. 1 lit. f GDPR based on our legitimate interest in providing requested information efficiently and promptly.
Your data are used solely to respond to your inquiry via WhatsApp. They are not passed on to third parties.
Please note that WhatsApp Business gains access to the address book of the mobile device we use and automatically transfers stored phone numbers to a server of parent company Meta Platforms Inc. in the USA. For our WhatsApp-Business account we use a mobile device whose address book stores only WhatsApp contact data of users who have contacted us via WhatsApp.
This ensures that each person whose WhatsApp contact data are stored in our address book has already consented, when first using the app on their device, to the transmission of their WhatsApp phone number from their chat contacts’ address books pursuant to Art. 6 para. 1 lit. a GDPR. No data of users who do not use WhatsApp and/or have not contacted us via WhatsApp are transmitted.
For purpose and scope of data collection and further processing by WhatsApp as well as your rights and privacy settings, please see WhatsApp’s privacy policy: https://www.whatsapp.com/wbr />legal/wbr />?eea=1#privacy-policy
In the context of the above processing, data may be transferred to servers of Meta Platforms Inc. in the USA.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection.
5.4 When you contact us (e.g., via contact form or e-mail), personal data are processed solely to handle and respond to your inquiry and only to the extent required.
The legal basis for processing these data is our legitimate interest in answering your inquiry pursuant to Art. 6 para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis is Art. 6 para. 1 lit. b GDPR. Your data are deleted when circumstances indicate that the matter concerned has been conclusively resolved and provided statutory retention obligations do not prevent deletion.
Pursuant to Art. 6 para. 1 lit. b GDPR, personal data are collected and processed as necessary when you provide them to us upon opening a customer account. Required data for account creation are indicated in the input form on our website.
You can delete your customer account at any time by sending a message to the controller’s address given above. After deletion, your data are erased provided all contracts concluded via the account have been fully processed, no statutory retention periods oppose deletion and we have no legitimate interest in continued storage.
7.1 To fulfill the contract we cooperate with the service provider(s) below who support us in whole or in part in executing concluded contracts. Certain personal data are transmitted to these service providers as described below.
7.2 Use of Payment Service Providers
- Stripe
One or more online payment methods from the following provider are available on this website: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.
If you choose a payment method offered by Stripe where you pay in advance (e.g., credit card), the payment data you provide during checkout (including name, address, bank and card information, currency and transaction number) as well as order-related information are transmitted to Stripe pursuant to Art. 6 para. 1 lit. b GDPR. Transmission occurs solely for payment processing and only as far as necessary.
If you choose a payment method where Stripe pays in advance (e.g., invoice, installment or direct debit), you will be asked during checkout to enter certain personal data (first and last name, street, house number, postal code, city, date of birth, e-mail, phone number, possibly alternative payment data).
To protect our legitimate interest in assessing our customers’ solvency, we transmit these data to Stripe for a credit check pursuant to Art. 6 para. 1 lit. f GDPR. Stripe evaluates, based on your personal data and other data (such as shopping cart, invoice amount, order history, payment experience), whether the selected payment method can be granted with regard to payment and/or default risks.
The credit report may include probability values (score values). Score values are based on scientifically recognized mathematical-statistical methods; address data, among others, are included in their calculation.
You can object to this processing of your data at any time by sending a message to us or to Stripe. However, Stripe may still be entitled to process your personal data if this is necessary for contractual payment processing.
7.3 Electronic Cancellation Option for Ongoing Obligations with Consumers
Consumers who have entered into paid continuing obligations (e.g., subscriptions) on this website can cancel them via an electronic button in compliance with applicable notice periods.
Clicking the button leads to a confirmation page where the consumer can provide details, clearly identify themselves, and electronically submit the cancellation.
Collecting personal data and transmitting them to us are carried out under Art. 6 para. 1 lit. b GDPR only to the extent necessary for proper processing of the cancellation. On the same legal basis the data are used to confirm electronically the receipt and timing of the cancellation. Additional legal basis is Art. 6 para. 1 lit. c GDPR, as we are legally obliged to provide an electronic cancellation option for consumer contracts concluded online for paid continuing obligations.
8.1 Google Analytics 4
This website uses Google Analytics 4, a web analytics service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which enables analysis of your website use.
By default, Google Analytics 4 sets cookies when you visit the website; these small text files are stored on your device and collect certain information. This includes your IP address, which Google truncates by the last digits to exclude direct personal reference.
The information is transmitted to Google servers for further processing; transmissions to Google LLC in the USA are possible.
Google uses the information on our behalf to evaluate your website use, compile reports on website activity for us, and provide other services related to website and internet use. The IP address transmitted by your browser within Google Analytics is not merged with other Google data. Data collected via Google Analytics 4 are stored for two months and then deleted.
All processing described above, especially cookies on your device, occur only if you have given us your express consent under Art. 6 para. 1 lit. a GDPR. Without consent Google Analytics 4 will not be used during your visit. You can withdraw your consent at any time with effect for the future by disabling this service in the “cookie-consent tool” on the website.
We have concluded a data-processing agreement with Google to protect our site visitors’ data and prohibit unauthorized disclosure to third parties.
Further legal information on Google Analytics 4 can be found at
https://policies.google.com/privacy?hl=de&gl=de
and at
https://policies.google.com/technologies/partner-sites
Demographic Features
Google Analytics 4 uses the “demographic features” function and can create statistics about age, gender and
interests of site visitors by analyzing advertising and information from third parties. This helps identify target
groups for marketing activities. The data cannot be assigned to a specific person and are deleted after two months.
Google Signals
As an extension to Google Analytics 4, this website may use Google Signals to create cross-device reports. If you
have activated personalized ads and linked your devices to your Google account, Google can analyze your usage
behavior across devices and create database models, including cross-device conversions, subject to your consent
under Art. 6 para. 1 lit. a GDPR. We do not receive personal data from Google, only statistics.
If you wish to stop cross-device analysis, disable “personalized advertising” in your Google account settings. See
https://support.google.com/ads/answer/2662922?hl=de. More details on Google Signals:
https://support.google.com/analytics/answer/7532985?hl=de
UserIDs
As an extension to Google Analytics 4, the “UserIDs” function may be used on this website. If you have consented to
Google Analytics 4 under Art. 6 para. 1 lit. a GDPR, have created an account and log on across
devices, your activities, including conversions, can be analyzed across devices.
For data transfers to the USA, Google has joined the EU-US Data Privacy Framework, ensuring compliance with the European level of data protection.
8.2 Cloudflare Web Analytics
This website uses the web-analytics service of: Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA
Using cookies and/or similar technologies (tracking pixels, web beacons, algorithms reading device and browser info), the service collects and stores pseudonymized visitor data—including IP address and browser info—to evaluate usage behavior on our website for statistical purposes and create pseudonymized user profiles. Among other things, movement patterns (“heatmaps”) showing visit duration and interactions (text input, scrolling, clicks, mouse-overs) can be evaluated. Pseudonymization generally excludes direct personal reference. Data are not merged with other clear data collected elsewhere.
All processing described above, especially reading or storing information on your device, occurs only with your express consent under Art. 6 para. 1 lit. a GDPR. You can withdraw consent at any time by disabling the service in the website’s “cookie-consent tool”.
We have concluded a data-processing agreement with the provider to protect our site visitors’ data and prohibit unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, ensuring compliance with the European level of data protection.
8.3 Google Tag Manager
This website uses “Google Tag Manager,” a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Google Tag Manager provides a technical basis to bundle diverse web applications, including tracking and analytics services, and calibrate, control and condition them via a unified interface. Google Tag Manager itself stores no information on user devices nor reads information. Nor does it perform its own data analyses. However, upon page load your IP address is transmitted to Google and may be stored there; transmissions to Google LLC servers in the USA are possible.
This processing occurs only with your express consent under Art. 6 para. 1 lit. a GDPR. Without consent Google Tag Manager is not used during your visit. You can withdraw consent at any time by disabling the service in the website’s “cookie-consent tool”.
We have concluded a data-processing agreement with Google to protect our site visitors’ data and prohibit unauthorized disclosure to third parties.
For data transfers to the USA, Google has joined the EU-US Data Privacy Framework, ensuring compliance with the European level of data protection.
Further legal information on Google Tag Manager can be found at https://policies.google.com/privacy?hl=de&gl=de.
8.4 Mouseflow
This website uses the web-analytics service of: Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark
Using cookies and/or similar technologies (tracking pixels, web beacons, algorithms reading device and browser info), the service collects and stores pseudonymized visitor data—including IP address and browser info—to evaluate usage behavior on our website for statistical purposes and create pseudonymized user profiles. Movement patterns (“heatmaps”) showing visit duration and interactions (text input, scrolling, clicks, mouse-overs) can be evaluated. Pseudonymization generally excludes direct personal reference. Data are not merged with other clear data collected elsewhere.
All processing described above, especially reading or storing information on your device, occurs only with your express consent under Art. 6 para. 1 lit. a GDPR. You can withdraw consent at any time by disabling the service in the website’s “cookie-consent tool”.
We have concluded a data-processing agreement with the provider to protect our site visitors’ data and prohibit unauthorized disclosure to third parties.
9.1 Google Ads Remarketing
This website uses retargeting technology from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
For this purpose Google sets a cookie in your browser that, by means of a pseudonymous cookie ID and based on the pages you visit, automatically enables interest-based advertising. Further data processing occurs only if you have consented to Google linking your web and app browsing history with your Google account and using information from your Google account to personalize ads you view on the web. If you are logged in to Google while visiting our site, Google combines your data with Google Analytics data in order to create and define cross-device remarketing audiences. Your personal data are temporarily linked with Google Analytics data to build audiences. In connection with Google Ads Remarketing, personal data may also be transmitted to Google LLC servers in the USA.
All processing described above—especially cookie placement to read information on the device you use—occurs only if you have given us your explicit consent pursuant to Art. 6 para. 1 lit. a GDPR. Without your consent, retargeting technology will not be used during your visit.
You can withdraw consent at any time with effect for the future. To do so, disable this service in the “cookie-consent tool” provided on the website.
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which—based on an adequacy decision of the European Commission—ensures an appropriate level of data protection.
Details about Google’s processing and data handling on websites can be found here: https://policies.google.com/technologies/partner-sites
Further information on Google’s privacy policy is available at: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/
9.2 LinkedIn Insight
This website uses retargeting technology from the following provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
This allows us to target visitors to our website who have already shown interest in our shop and products with personalized, interest-based advertising. Ads are displayed on the basis of a cookie-based analysis of past and current usage behavior, with no personal data being stored. A cookie on your computer or mobile device stores pseudonymized data about your interests in order to tailor advertising to the stored information. These cookies are small text files stored on your device, so you see ads that are highly likely to match your product and information interests.
All processing described above—especially cookie placement to read information on the device you use—occurs only if you have given us your explicit consent pursuant to Art. 6 para. 1 lit. a GDPR. Without your consent, the retargeting technology will not be used during your visit.
You can withdraw consent at any time with effect for the future. To do so, disable this service in the “cookie-consent tool” provided on the website.
9.3 LinkedIn Marketing Solutions
This website uses retargeting technology from: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
It enables us to target website visitors with personalized, interest-based advertising who have already shown interest in our shop and products. Ads are displayed using a cookie-based analysis of past and present usage behavior with no personal data stored. A cookie on your computer or mobile device records pseudonymized data on your interests so that ads can be tailored to the stored information. These cookies are small text files stored on your device, allowing you to see advertising that likely matches your product and information interests.
All processing described above—especially cookie placement to read information on the device you use—occurs only if you have given us your explicit consent pursuant to Art. 6 para. 1 lit. a GDPR. Without your consent, the retargeting technology will not be used during your visit.
You can withdraw consent at any time with effect for the future. To do so, disable this service in the “cookie-consent tool” provided on the website.
9.4 Google Ads Conversion Tracking
This website uses the online advertising program “Google Ads” and, within Google Ads, conversion tracking by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
We use Google Ads to draw attention to our attractive offers on external websites via advertising media (called Google AdWords). On the basis of the data from advertising campaigns we can determine how successful individual advertising measures are. We aim to show you advertising that interests you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.
The conversion-tracking cookie is set when you click on a Google-placed ad. Cookies are small text files stored on your device. These cookies usually expire after 30 days and are not used to personally identify you. If you visit certain pages of this website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to that page. Every Google Ads customer receives a different cookie, so cookies cannot be tracked across the websites of Ads customers. The information obtained with the conversion cookie is used to create conversion statistics for Ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion-tracking tag, but do not receive information that personally identifies users.
In connection with the use of Google Ads, personal data may also be transmitted to Google LLC servers in the USA.
Details on processing triggered by Google Ads Conversion Tracking and Google’s handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites
All processing described above—especially cookie placement to read information on the device you use—occurs only if you have given us your explicit consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw consent at any time with effect for the future by disabling this service in the website’s “cookie-consent tool.”
You can also permanently oppose cookie placement by Google Ads Conversion Tracking by downloading and installing the browser plug-in available at: https://www.google.com/settings/ads/plugin?hl=de
To address users whose data we have received in the context of business relations even more interest-based, we use a customer-match feature within Google Ads. For this we electronically transmit one or more files with aggregated customer data (primarily e-mail addresses and phone numbers) to Google. Google cannot access clear data; the information is automatically encrypted during transmission by a special algorithm. Google then uses the encrypted info only to match it with existing Google accounts. This allows personalized advertising across all Google services linked to the respective Google account.
Customer data are transmitted to Google only if you have given us express consent pursuant to Art. 6 para. 1 lit. a GDPR. You may withdraw that consent at any time with effect for the future. More on Google’s customer-match privacy measures: https://support.google.com/google-ads/answer/6334160?hl=de&ref_topic=10550182. Google’s privacy policy is available at: https://www.google.de/policies/privacy/
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures an appropriate level of data protection.
10.1 Facebook Plugins
Our website uses plugins of the social network provided by: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
These plugins enable direct interaction with content on the social network.
To increase data protection when you visit our site, plugins are initially deactivated and embedded via a “two-click” or “Shariff” solution.
This ensures that no connection to the provider’s servers is established when a page of our site that contains such plugins is called.
Only when you activate the plugins and thereby give consent pursuant to Art. 6 para. 1 lit. a GDPR does your browser establish a direct connection to the provider’s servers. Regardless of login status, certain info about your device (including IP address), browser and page history is transmitted to the provider and may be processed further.
If you are logged into an existing profile on the social network, information on plugin interactions is also published there and shown to your contacts. You may revoke consent at any time by deactivating the plugin again, but this does not affect data already transmitted.
Data may also be transferred to: Meta Platforms Inc., USA.
We have concluded a data-processing agreement with the provider to protect our site visitors’ data and prohibit unauthorized disclosure.
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, ensuring compliance with the European data-protection level.
10.2 Instagram Plugins
Our website uses plugins of the social network provided by: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
These plugins enable direct interaction with content on the social network.
To increase data protection, plugins are initially deactivated via a “two-click” or “Shariff” solution.
This means no connection to the provider is made when a page containing the plugins is loaded.
Only when you activate the plugins and thus consent under Art. 6 para. 1 lit. a GDPR will your browser connect directly to the provider’s servers. Certain information—including your IP address—may be transmitted. If you are logged into an existing profile, interactions are also published there. You can revoke consent at any time by deactivating the plugin; this does not affect previous transfers.
Data may also be transferred to: Meta Platforms Inc., USA.
We have concluded a data-processing agreement with the provider to protect our site visitors’ data and prohibit unauthorized disclosure.
The provider participates in the EU-US Data Privacy Framework, ensuring an appropriate level of protection.
10.3 LinkedIn Plugins
Our website uses plugins of the social network provided by: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
These plugins enable direct interaction with content on the social network.
To protect your data, plugins are initially disabled via a “two-click” or “Shariff” approach.
Thus, visiting a page with such plugins does not initially connect to the provider’s servers.
Only after activation and consent under Art. 6 para. 1 lit. a GDPR does your browser connect, potentially transmitting device information—including IP address—to the provider. Logged-in users may see their interactions published. Consent can be revoked by deactivating the plugin; prior transfers remain unaffected.
Data may also be transferred to: LinkedIn Inc., USA.
We have concluded a data-processing agreement with the provider to protect our site visitors’ data and prohibit unauthorized disclosure.
For US transfers the provider relies on the European Commission’s standard contractual clauses to ensure adequate protection.
10.4 Pinterest Plugins
Our website uses plugins of the social network provided by: Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
These plugins let you interact directly with content on the network.
Plugins are initially deactivated (“two-click”/“Shariff”) for data protection.
Thus, no connection to the provider occurs until you activate the plugins and give consent under Art. 6 para. 1 lit. a GDPR. Device information—including IP address—may then be transmitted.
If logged into a profile, plugin interactions are published there. Consent can be withdrawn at any time by deactivating the plugin. Previous transfers remain unaffected.
Data may also be transferred to: Pinterest Inc., USA.
We have concluded a data-processing agreement with the provider to protect site-visitor data and prohibit unauthorized disclosure.
For US transfers the provider relies on the European Commission’s standard contractual clauses to ensure adequate protection.
10.5 YouTube
This website uses plugins for displaying and playing videos from: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data may also be transmitted to: Google LLC, USA
When you open a page of our site containing such a plugin, your browser connects directly to the provider to load the plugin, transmitting certain information—including your IP address.
If video playback is started, the provider also uses cookies to gather user-behavior info, compile playback statistics and prevent misuse.
If you are logged into a user account with the provider during your visit, clicking a video links the data directly to your account. If you do not want this, log out before pressing play.
All processing described—especially cookie placement—occurs only if you have given express consent under Art. 6 para. 1 lit. a GDPR. You can revoke consent at any time by disabling the service in the website’s “cookie-consent tool.”
For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, ensuring an appropriate protection level.
10.6 OpenStreetMap
This website uses an online map service from: OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, UK
The map service is a tool for displaying interactive maps to visualize geographic information. It shows our location, facilitating geolocation.
When you access sub-pages with the embedded map, info about your use of our site (e.g., IP address) is transmitted to the provider’s servers and stored there.
Processing of your personal data is based on our legitimate interest in tailoring our website to needs pursuant to Art. 6 para. 1 lit. f GDPR. If you do not agree, you can disable JavaScript in your browser to disable the map service, though the map will then be unavailable.
Where legally required, we have obtained your consent pursuant to Art. 6 para. 1 lit. a GDPR for this processing. You can revoke consent at any time with effect for the future by using the objection option described above.
For data transfer to the provider location, an adequate level of protection is ensured by an adequacy decision of the European Commission.
Cloudflare
For security purposes this website uses a service from: Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA.
The provider protects the website and associated IT infrastructure against unauthorized access, cyberattacks, viruses and malware. We collect users’ IP addresses and, where applicable, further behavior data (particularly requested URLs and header info) to detect and avert illegitimate site access and threats. The captured IP is compared with a list of known attackers. If it is recognized as a security risk, the provider may automatically block it from accessing the site. Information collected is transmitted to and stored on the provider’s server.
Processing occurs under Art. 6 para. 1 lit. f GDPR based on our legitimate interest in protecting the site from harmful cyberattacks and in ensuring integrity and security of structure and data.
We have concluded a data-processing agreement with the provider to protect visitor data and prohibit unauthorized disclosure.
The provider participates in the EU-US Data Privacy Framework, ensuring compliance with the European level of data protection.
12.1 Applicable data-protection law grants you the following rights with respect to your personal data processed by us; for exercise requirements please see the stated legal basis:
12.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST UNDER A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO SUCH PROCESSING WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA ARE PROCESSED BY US FOR DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING FOR SUCH ADVERTISING. YOU MAY EXERCISE THE RIGHT AS DESCRIBED ABOVE.
IF YOU EXERCISE THE RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA FOR DIRECT-MARKETING PURPOSES.
The storage period of personal data depends on the legal basis, the purpose of processing and—where relevant—statutory retention periods (e.g., commercial and tax retention periods).
Where processing is based on express consent under Art. 6 para. 1 lit. a GDPR, data are stored until you withdraw consent.
Where statutory retention periods apply to data processed under Art. 6 para. 1 lit. b GDPR for contractual obligations, such data are routinely deleted after expiry of those periods unless needed for contract fulfillment or initiation and/or we have a legitimate interest in continued storage.
For data processed under Art. 6 para. 1 lit. f GDPR, storage continues until you exercise your right to object under Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or processing serves legal claims.
For data processed for direct marketing under Art. 6 para. 1 lit. f GDPR, storage continues until you exercise your right to object under Art. 21 para. 2 GDPR.
Unless otherwise specified in this statement, stored personal data are otherwise deleted when they are no longer necessary for the purposes for which they were collected or processed.