Privacy policy

 

Privacy policy

 

 

We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. Therefore, we would like to inform you at this point about which of your personal data we collect when you visit our website and for what purposes it is used.

This privacy policy applies to the online offering of Breuning GmbH, which is accessible under the domain www.breuning.de as well as the various subdomains. ("our website").

Who is responsible and how can I contact you?

Controller:

for the processing of personal data in accordance with the EU General Data Protection Regulation (GDPR)

Breuning GmbH

Luisenstr. 60

75172 Pforzheim - Germany

 

Data protection officer:

www.mein-datenschutzbeauftragter.de

Mr. Philipp Herold
Hafenstraße 1a
23568 Lübeck
 

What is it about?

This privacy policy fulfills the legal requirements for transparency in the processing of personal data. This includes all information that relates to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address, or user behavior when visiting a website. Information that we cannot (or only with disproportionate effort) relate to your person, for example through anonymization, is not personal data. The processing of personal data (such as collection, querying, use, storage, or transmission) always requires a legal basis and a defined purpose.

Stored personal data will be deleted as soon as the purpose of the processing has been achieved and there are no lawful reasons for further retention of the data. In the individual processing operations, we will inform you about the specific storage periods or criteria for storage. Regardless, we store your personal data in individual cases for the assertion, exercise, or defense of legal claims and in the presence of legal retention obligations.

Who receives my data?

We only disclose your personal data that we process on our website to third parties if this is necessary for the fulfillment of the purposes and is covered by the legal basis (e.g., consent or protection of legitimate interests) in individual cases. Furthermore, we may disclose personal data to third parties in individual cases if this serves the assertion, exercise, or defense of legal claims. Possible recipients can then be, for example, law enforcement authorities, lawyers, auditors, courts, etc.

If we use service providers for the operation of our website who process personal data on our behalf in the context of order processing in accordance with Art. 28 GDPR, these recipients may be processors of your personal data. For more information on the use of processors and web services, please refer to the overview of the individual processing operations.

Do you use cookies?

Cookies are small text files that are sent to and stored on your device's browser during your visit to our website. Alternatively, information can also be stored in the local storage of your browser instead of using cookies. Some features of our website may not be available without the use of cookies or local storage (technically necessary cookies). However, other cookies allow us to perform various analyses, such as recognizing the browser you use when revisiting our website and transmitting different information to us (non-necessary cookies). By using cookies, we can make our website more user-friendly and effective for you, for example, by tracking your use of our website and determining your preferred settings (e.g., country and language settings). If third parties process information through cookies, they collect the information directly through your browser. Cookies do not cause any damage to your device. They cannot execute programs or contain viruses.

We provide information about the specific services for which we use cookies in each processing operation. For more information about the individual third-party providers, please refer to the Cookie Consent Tool and the privacy policies contained therein.

What rights do I have?

Under the conditions of the legal provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG), you have the following rights as a data subject:

  • Information according to Art. 15 GDPR, § 34 BDSG about the data stored about you, including meaningful details of the processing and a copy of your data;
  • Correction according to Art. 16 GDPR of incorrect or incomplete data stored by us;
  • Deletion according to Art. 17 GDPR of the data stored by us, provided that the processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims
  • Restriction of processing according to Art. 18 GDPR, if the accuracy of the data is contested, the processing is unlawful, we no longer need the data, but you require it for the establishment, exercise, or defense of legal claims, or you have objected to processing according to Art. 21 GDPR.
  • Data portability according to Art. 20 GDPR, if you have provided us with personal data based on your consent according to Art. 6(1)(a) GDPR or on a contract according to Art. 6(1)(b) GDPR, and the processing is carried out by automated means. You will receive your data in a structured, commonly used, and machine-readable format, or we will transmit the data directly to another controller, to the extent technically feasible.
  • Objection according to Art. 21 GDPR to the processing of your personal data, based on Art. 6(1)(e), (f) GDPR, for reasons arising from your particular situation or if the objection is directed against direct marketing. The right to object does not exist if compelling legitimate grounds for processing can be demonstrated or if the processing is necessary for the establishment, exercise, or defense of legal claims. If the right to object does not exist for individual processing operations, this is stated there.
  • Revocation according to Art. 7(3) GDPR of your given consent with effect for the future.
  • Complaint according to Art. 77 GDPR to a supervisory authority if you believe that the processing of your personal data violates the GDPR. In general, you can contact the supervisory authority of your habitual residence, your place of work, or our company's registered office.

For what purpose and on what legal basis do we process your personal data?

We always process your personal data for specific purposes. In summary, we process your personal data for the following purposes:

  1. To address and handle your inquiries when you contact us (e.g., email address, first name, last name).
  2. For the technical realization of our website and to provide you with information on this website (e.g., IP address, cookies, browser information).
  3. To accept and process your job application for one of our job vacancies.

Regarding the legal basis for processing your personal data:

Personal data that is necessary for the establishment, performance, or execution of our service offering (contractual processing) is processed based on the legal basis of Art. 6(1)(b) of the GDPR. If we obtain your consent for the processing of your personal data, the legal basis for data processing is provided by Art. 6(1)(a) of the GDPR. Data processing is also permissible when we process your data to safeguard our legitimate interests, provided that your interests or fundamental rights and freedoms regarding the processing of personal data do not outweigh our interests (Art. 6(1)(f) of the GDPR). In cases where we use external service providers as part of contract data processing, the processing is carried out based on the legal basis of Art. 28 of the GDPR.

Which data is collected when visiting our website?

During purely informative use of the website, meaning you do not register or transmit information to us in any other way, we only collect the personal data that your browser sends to our server. When you want to view our website, we collect the following data, which is technically necessary for us to display our website to you and ensure its stability and security (legal basis: Art. 6(1)(f) of the GDPR):

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

In addition to the aforementioned data, cookies are stored on your computer when you use our website. Further information regarding this can be found in the "Cookies" section of this privacy policy, as well as in the implemented consent management tool.

How is contact established with us?

You can contact us via email or through our contact form. In this case, we store the personal data you provide to us in order to process your request and to establish contact with you for the purpose of addressing your request. When we request information through our contact form, we mark the mandatory fields necessary for contact with an asterisk (*). The optional information helps us specify your inquiry and facilitate the handling of your request. The requested data is transmitted to us on a purely voluntary basis.

Depending on the nature of the inquiry, the legal basis for this processing is Article 6(1)(b) of the GDPR for inquiries that you make as part of a pre-contractual measure or Article 6(1)(f) of the GDPR if your inquiry is of a different nature. The legitimate interest arises from the purposes mentioned. If personal data is requested that we do not need for the fulfillment of a contract or to protect legitimate interests, the transmission to us is based on your consent given under Article 6(1)(a) of the GDPR.

 

Retailer Login

Nature and Scope of Processing

As part of the order processing, we collect your personal data to register a customer account. The information collected through the mandatory fields during the registration process is identical in both cases and is necessary for processing orders in the online shop as well as for the download center. When registering a permanent user account, we additionally collect a password that you set yourself. Furthermore, you have the option to voluntarily provide additional information that you consider necessary for the order processing.

Your personal data will only be disclosed to third parties (e.g., shipping service providers / freight companies) and data processors according to Article 28 of the GDPR to the extent necessary for the fulfillment of the order.

 

Purpose and Legal Basis

We process your personal data for the purpose of registering a customer account to fulfill a contract with you in accordance with Article 6(1)(b) of the GDPR. There is a contractual obligation to provide your data, as far as it relates to the mandatory fields, since this information is necessary for identifying you and for the fulfillment of the contract on our part. There is no legal obligation to provide the data. Without providing this information, ordering from our online shop and thus concluding a contract is not possible. There is no obligation to provide the additionally voluntarily provided information. Ordering from our online shop is also possible without disclosing the voluntary details.

The additional processing of your password for the purpose of registering a permanent user account is carried out for the provision of a customer account and to display your previous purchases as well as to store your purchase-related data (e.g., storing billing address, different delivery addresses) based on your consent according to Article 6(1)(a) of the GDPR. By deleting your customer account, you can revoke your consent at any time with effect for the future in accordance with Article 7(3) of the GDPR.

 

Data Retention

When registering a permanent customer account, we store the purchase-related data beyond the end of the contract until the revocation of your consent (deletion of the customer account). In both cases, further storage of your data only occurs if there are legal retention obligations (e.g., tax and commercial law).

 

How do we manage our social media channels?

In order to present our company in the best possible way and to communicate with you as users, customers, or prospects, and to provide information about our services, we maintain a presence on social networks. When using social networks, data processing occurs outside of the European Union (EU) and the European Economic Area (EEA). An equivalent level of data protection as present in the EU cannot be guaranteed in all countries outside the EU. In this context, there may be risks for you as a user when data is processed in so-called third countries with inadequate data protection standards.

This can make enforcing recognized user rights difficult. Additionally, your data might not be processed in your interest by the provider in the third country. In the United States, a data protection level comparable to the GDPR does not exist. It is possible that government agencies can access personal data without our or your knowledge. Enforcing your rights in the United States is likely not possible.

In addition to the respective provider of a social network, we also collect and process personal user data on so-called "fan pages." With this notice, we inform you about what data we collect from you on our social media profiles, how we use it, and how you can object to the data usage. Please refer to the respective offer below for specific data processing purposes and categories.

The activities we operate in social media, as detailed below, are carried out based on a balancing of interests under Article 6(1)(f) of the GDPR.

To achieve this, cookies are used to track user behavior and enable user profiling. A specific list of data processing purposes for user data can be found in the data privacy policies of the respective providers. By making appropriate settings in your user account, you can limit user profiling to some extent. For precise instructions, please read the respective data privacy policies of the relevant provider.

The relevant platforms are:

Platform

Responsible entity

Privacy policy of the platform operator

Facebook

Meta Platforms Ireland Ltd
4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland

privacycenter.instagram.com/policy/

Instagram

Meta Platforms Ireland Ltd
4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland

privacycenter.instagram.com/policy/

YouTube

Google Ireland Limited
Gordon House, Barrow Street, Dublin 4, Irland

policies.google.com/privacy

LinkedIN

LinkedIn Ireland Unlimited Company
Wilton Place, Dublin 2, Ireland

https://de.linkedin.com/legal/privacy-policy?

 

Breuning GmbH operates profiles on the mentioned platforms to raise awareness about products and service offerings, as well as to engage with customers, prospects, and other platform users.

The platform operators use specific data collected from platform users (such as whether a photo on a profile was "liked" or commented on) to create aggregated usage statistics and provide them to the respective profile operators (referred to as "Insights" or "Analytics"). As a profile operator, we also receive such usage statistics. The information we receive as a profile operator does not allow conclusions to be drawn about individual users. The profile operator does not have access to personal data processed by platform operators for the purpose of creating usage statistics. The platform operator alone determines which data is processed for these purposes and how it is processed. Breuning GmbH, as a profile operator, cannot legally or practically influence the processing carried out by platform operators.

For the processing related to the creation of usage statistics, Breuning GmbH and the respective platform operator are considered joint controllers within the meaning of Article 26 of the GDPR.

Where possible, agreements on joint responsibility exist with the respective platform operators.

Furthermore, data processing by Breuning GmbH as a profile operator is limited to a very narrow scope:

  • Processing of usernames and comments that are deleted due to violations of netiquette. These are retained for the necessary period within the statute of limitations for legal disputes.
  • Processing of usernames and individual messages when you contact us via messenger services.
  • Processing of usernames when participating in contests. The relevant terms and conditions apply.
  • Processing of usernames and postings in the context of inquiries and, if necessary, obtaining consent for reposting images.

For these purposes, we generally process only your name, message content, comment content, and the profile information you provide as "public."

What data is processed in the application process?

On our website, we publish job vacancies to which you can apply via email. If you decide to apply for an open position, we process the personal data provided by you in the application exclusively for the purpose of conducting the application process.

The legal basis for processing your personal data within the framework of the application process is § 26 para. 1 in conjunction with para. 2 BDSG (Federal Data Protection Act).

In the event of rejection, we will delete your data once the legally required retention period of 6 months has expired. The period begins with the dispatch of the rejection. If you have expressly consented to the further use of your data for future contact regarding potentially interesting positions, we will continue to retain your data according to the consent.

If a job offer results from the application process, the data will initially be retained to the extent necessary and permissible, and subsequently transferred to the personnel file.

Your personal data can be processed on our behalf based on data processing agreements according to Article 28 GDPR. In these cases, we ensure that the processing of personal data complies with the General Data Protection Regulation.

Data transfer to recipients outside the company only occurs as permitted or required by legal provisions, or if you have given consent. Transmission to a third country is not intended.

Providing personal data in the context of application processes is neither legally nor contractually required. You are not obligated to provide personal data. However, providing personal data is necessary for making a decision regarding an application or entering into an employment contract with us. When submitting your application, you should only provide personal data that is necessary for the application process. If you do not provide personal data in an application, we cannot make a decision about entering into an employment relationship.

Please note that applications sent to us via email are transmitted without encryption. Therefore, there is a risk that unauthorized parties may intercept and use this data.

Integration of services from other providers

Our website utilizes content, services, and offerings from other providers. These include services for statistical analysis of the usage and visits to our website. In order for this data to be accessed and displayed in the user's browser, the transmission of the user's IP address to the third-party providers is necessary.

Although we make an effort to exclusively utilize third-party providers that require the IP address solely for content delivery or even work with anonymized IP addresses, we have no influence over whether the IP address might potentially be stored. Information regarding the third-party providers used can be found in the following section of this privacy policy.

 

Cloudflare

CDNJS

Nature and Scope of Processing

To ensure the proper delivery of content on our website, we utilize CDNJS. CDNJS is a service provided by Cloudflare, Inc., which functions as a Content Delivery Network (CDN) on our website.

A CDN contributes to the faster delivery of content on our online offering, particularly files like graphics or scripts, by utilizing servers distributed regionally or internationally. When you access this content, you establish a connection to servers operated by Cloudflare, Inc., and your IP address along with potentially browser data such as your user-agent is transmitted. These data are processed solely for the purposes mentioned above and to maintain the security and functionality of CDNJS.

 

Purpose and Legal Basis

The utilization of the Content Delivery Network is based on our legitimate interests, i.e., the interest in secure and efficient content delivery as well as the optimization of our online offering, in accordance with Art. 6(1)(f) of the General Data Protection Regulation (GDPR).

 

Storage Duration

The specific storage duration of the processed data is not influenced by us but is determined by Cloudflare, Inc. Further information can be found in the privacy policy for CDNJS: https://www.cloudflare.com/privacypolicy/.

 

 

Google Analytics

Type and Scope of Processing

We use Google Analytics provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for statistical evaluation of our online offerings. This includes, for example, the number of views of our online content, visited subpages, and the duration of visitors' stay.

Google Analytics uses cookies and other browser technologies to analyze user behavior and recognize users.

This information is used, among other things, to compile reports on website activity.

 

 

Purpose and Legal Basis

The use of Google Analytics is based on your consent in accordance with Art. 6(1)(a) GDPR and § 25(1) TTDSG.

We intend to transfer personal data to third countries outside the European Economic Area, especially the USA. In cases where there is no adequacy decision by the European Commission (e.g. in the USA), we have agreed on other appropriate safeguards with the recipients of the data in accordance with Art. 44 et seq. GDPR. These are, unless otherwise stated, the standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be found at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

Furthermore, before such a transfer to a third country, we obtain your consent in accordance with Art. 49(1)(a) GDPR, which you provide through the consent manager (or other forms, registrations, etc.). We would like to inform you that there may be unknown risks in detail for third-country transfers (e.g. data processing by security authorities of the third country, the exact scope of which and its consequences for you we do not know, over which we have no influence, and of which you may not be aware).

 

 

Storage Duration

The specific storage duration of the processed data is not influenced by us but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Maps: https://policies.google.com/privacy.

 

Google DoubeClick

Type and Scope of Processing

We have integrated components of DoubleClick by Google on our website. DoubleClick is a brand by Google that primarily markets specialized online marketing solutions to advertising agencies and publishers. DoubleClick by Google transmits data to the DoubleClick server with every impression, click, or other activity.

Each of these data transmissions triggers a cookie request to the browser of the affected person. If the browser accepts this request, DoubleClick sets a cookie in your browser.

DoubleClick uses a cookie ID that is necessary for the technical process. The cookie ID, for example, is needed to display an advertisement in a browser. DoubleClick can also use the cookie ID to track which advertisements have already been displayed in a browser to avoid duplicate displays. Furthermore, through the cookie ID, DoubleClick can capture conversions. Conversions are recorded, for instance, when a user has previously been shown a DoubleClick advertisement and subsequently makes a purchase on the advertiser's website using the same internet browser.

A DoubleClick cookie does not contain personally identifiable information but may contain additional campaign identifiers. A campaign identifier serves to identify the campaigns with which you have already interacted on other websites. Within the scope of this service, Google gains knowledge of data that is also used to create commission settlements. Google can, among other things, track that you have clicked on specific links on our website. In this case, your data is transmitted to the operator of DoubleClick, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information and the applicable privacy policy for DoubleClick by Google can be accessed at https://policies.google.com/privacy.

 

Google Analytics

Type and Scope of Processing

We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offering. This includes, for example, the number of visits to our online offering, visited subpages, and the duration of visitors' stays.

Google Analytics uses cookies and other browser technologies to analyze user behavior and recognize users.

This information is used, among other things, to compile reports about the activity of the website.

 

Purpose and Legal Basis

We process your data using the DoubleClick cookie for the purpose of optimizing and displaying advertisements based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. You provide your consent by adjusting your cookie settings (cookie banner / consent manager), through which you can also revoke your consent at any time with effect for the future pursuant to Art. 7(3) GDPR. The cookie is used, among other things, to display and show user-relevant advertising, as well as to create or improve reports on advertising campaigns. Furthermore, the cookie serves to prevent repeated display of the same advertisement. With each visit to one of the individual pages of our website where a DoubleClick component has been integrated, your browser is automatically prompted by the respective DoubleClick component to transmit data for the purposes of online advertising and the settlement of commissions to Google. There is no legal or contractual obligation to provide your data. If you do not grant us your consent, it is still possible to visit our website without any restrictions. However, not all functions may be fully available.

We intend to transfer personal data to third countries outside the European Economic Area, particularly the USA. In cases where there is no adequacy decision by the European Commission (e.g., in the USA), we have established other appropriate safeguards in accordance with Articles 44 ff. GDPR. These safeguards are, unless otherwise specified, the standard contractual clauses of the EU Commission according to Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these standard contractual clauses can be found at: [https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE].

Furthermore, before such a transfer of personal data to third countries, especially the USA, we obtain your consent in accordance with Article 49(1) sentence 1 lit. a of the GDPR, which you provide through the consent manager or other forms of consent such as registrations. We want to emphasize that in the case of transfers to third countries, there are potential unknown risks in detail (such as data processing by security authorities of the third country, the exact extent of which and the consequences for you we are not aware of and have no control over, and you may not be informed about).

Storage Duration

The specific storage duration of the processed data is not influenced by us but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google DoubleClick: https://policies.google.com/privacy.

 

Google Tag Manager

Nature and Scope of Processing

We utilize Google Tag Manager provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags through an interface, allowing us to precisely control the integration of services on our website.

This enables us to seamlessly incorporate additional services to evaluate user access to our website.

Purpose and Legal Basis

The use of Google Tag Manager is based on your consent according to Article 6(1)(a) of the General Data Protection Regulation (GDPR) and § 25(1) of the Federal Data Protection Act (TTDSG).

We intend to transfer personal data to third countries outside the European Economic Area, particularly the USA. In cases where there is no adequacy decision by the European Commission (such as in the USA), we have established other appropriate safeguards with the recipients of the data, in accordance with Articles 44 and following of the GDPR. These safeguards typically include the use of standard contractual clauses approved by the European Commission, as outlined in Implementing Decision (EU) 2021/914 of June 4, 2021. You can access a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

In addition, we obtain your consent in accordance with Article 49(1) sentence 1 lit. a of the General Data Protection Regulation (GDPR) before such transfers of personal data to third countries. You provide this consent through the consent manager (or other forms, registrations, etc.). We would like to inform you that in the case of transfers to third countries, there are unknown risks in detail (such as data processing by authorities of the third country, the exact scope of which and its implications for you are unknown to us, and over which we have no control, and you may not be aware of).

Storage Duration

The specific storage duration of the processed data is not influenced by us and is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

 

Google Ads Conversion

Nature and Scope of Processing

This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Through the use of Google Conversion Tracking, both Google and we can determine whether the user has taken specific actions. For instance, we can evaluate how often certain buttons on our website are clicked and which products are viewed or purchased frequently. This information is used to create conversion statistics. We gain insights into the total number of users who clicked on our advertisements and the actions they performed. However, we do not receive any information that allows us to personally identify the user. Google employs cookies or similar recognition technologies for identification purposes.

 

Purpose and Legal Basis

The use of Google Ads Conversion is based on your consent in accordance with Article 6(1)(a) of the GDPR and § 25(1) of the TTDSG.

We intend to transfer personal data to third countries outside the European Economic Area, especially the USA. In cases where there is no adequacy decision by the European Commission (e.g., in the USA), we have established other suitable safeguards with the recipients of the data, as provided for in Articles 44 ff. of the GDPR. These safeguards are, unless otherwise indicated, standard contractual clauses of the EU Commission pursuant to Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be found at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

Furthermore, we obtain your consent in accordance with Article 49(1)(a) of the GDPR before such transfers to third countries are made. This consent is obtained through the Consent Manager (or other forms, registrations, etc.). We want to inform you that there may be unknown risks in detail associated with such transfers to third countries (e.g., data processing by security authorities of the third country), the exact scope of which and their consequences for you we do not know, and over which we have no control, and of which you may not be aware.


Storage Duration

The specific storage duration of the processed data is not within our control and is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Ads Conversion: https://policies.google.com/privacy.

 

Google Ads

Nature and Scope of Processing

We have integrated Google Ads on our website. Google Ads is a service provided by Google Ireland Limited to display targeted advertisements to users. Google Ads uses cookies and other browser technologies to analyze user behavior and recognize users.

Google Ads collects information about visitor behavior on various websites. This information is used to optimize the relevance of advertisements. Additionally, Google Ads delivers targeted advertisements based on behavioral profiles and geographical location. Your IP address and other identification features like your user-agent are transmitted to the provider.

If you are registered with a Google Ireland Limited service, Google Ads can associate your visit with your account. Even if you are not registered with Google Ireland Limited or not logged in, it is possible for the provider to identify and store your IP address and other identification features.

In this case, your data is shared with the operator of Google Ads, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.


Purpose and Legal Basis

The use of Google Ads is based on your consent according to Article 6(1)(a) of the General Data Protection Regulation (GDPR) and § 25(1) of the German Federal Data Protection Act (TTDSG).

We intend to transfer personal data to third countries outside the European Economic Area, particularly the USA. In cases where there is no adequacy decision by the European Commission (e.g., in the USA), we have established alternative appropriate safeguards with the recipients of the data in accordance with Articles 44 ff. of the GDPR. These safeguards are, unless otherwise stated, standard contractual clauses of the EU Commission as per Implementing Decision (EU) 2021/914 dated June 4, 2021. You can access a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

Furthermore, we obtain your consent in accordance with Article 49(1) sentence 1 lit. a of the GDPR before such a transfer to a third country. You provide this consent through the Consent Manager (or other forms, registrations, etc.). We would like to inform you that unknown risks may exist in detail for such cross-border transfers (e.g., data processing by security authorities of the third country, the exact scope of which and its consequences for you are unknown to us, over which we have no influence, and of which you might not gain knowledge).


Storage Duration

The specific storage duration of the processed data is not influenced by us and is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Ads: https://policies.google.com/privacy.

 

Google Maps

Nature and Scope of Processing

We use the Google Maps service to provide directions on our website. Google Maps is a service provided by Google Ireland Limited, which displays a map on our website.

When you access these contents on our website, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, where your IP address and possibly browser data like your user agent are transmitted. These data are processed solely for the purposes mentioned above and for maintaining the security and functionality of Google Maps.

Purpose and Legal Basis

The use of Google Maps is based on your consent according to Art. 6(1)(a) of the General Data Protection Regulation (GDPR) and § 25(1) of the German Telemedia Act (TTDSG).

We intend to transfer personal data to third countries outside the European Economic Area, especially the USA. In cases where there is no adequacy decision by the European Commission (e.g., in the USA), we have established suitable safeguards with the recipients of the data as per Art. 44 ff. of the GDPR. These safeguards are, unless otherwise stated, the standard contractual clauses of the EU Commission as laid out in Implementing Decision (EU) 2021/914 of June 4, 2021. You can access a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

Furthermore, we obtain your consent pursuant to Art. 49(1)(a) of the GDPR before such a transfer to a third country. This consent is obtained through the Consent Manager (or other forms, registrations, etc.). We would like to inform you that there might be unknown risks associated with such transfers to third countries (e.g., data processing by security authorities of the third country, the exact scope of which and its consequences for you we do not know, over which we have no control, and about which you might not gain knowledge under certain circumstances).

Storage Duration

The specific storage duration of the processed data is not within our control but is determined by Google Ireland Limited. Further information can be found in the Privacy Policy for Google Maps: https://policies.google.com/privacy.

 

Google Fonts

Nature and Scope of Processing

We use Google Fonts provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to deliver fonts for our online offering. To obtain these fonts, your device establishes a connection to servers operated by Google Ireland Limited, and during this process, your IP address is transmitted.


Purpose and Legal Basis

The use of Google Fonts is based on your consent in accordance with Art. 6(1)(a) of the GDPR and § 25(1) of the TTDSG.

We intend to transfer personal data to third countries outside the European Economic Area, especially the USA. In cases where there is no adequacy decision from the European Commission (e.g., in the USA), we have established other suitable safeguards with the recipients of the data as outlined in Art. 44 ff. of the GDPR. These safeguards include, unless otherwise specified, standard contractual clauses issued by the European Commission under Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be accessed at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

Furthermore, we obtain your consent prior to such transfers to third countries as outlined in Art. 49(1)(a) of the GDPR, which you provide through the consent manager (or other forms, registrations, etc.). We would like to inform you that unknown risks may exist in detail for cross-border transfers (e.g., data processing by security authorities of the third country, the exact scope of such processing, and its implications for you), over which we have no control and of which you might not be aware.

 


Storage Duration

The specific storage duration of the processed data is not within our control and is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Fonts: https://policies.google.com/privacy.

 

Data Security

We secure our website through technical and organizational measures to protect against loss, destruction, unauthorized access, alteration, or distribution of your data by unauthorized individuals.

In particular, your personal data is transmitted to us in encrypted form. We use the encryption protocol SSL/TLS (Secure Sockets Layer/Transport Layer Security) for this purpose. Our security measures are continuously improved in line with technological advancements.


Storage Duration for Personal Data

Regarding the storage duration, we delete personal data as soon as its storage is no longer necessary for the fulfillment of the original purpose and there are no longer any legal retention periods. Legal retention periods are the criteria for the final duration of the storage of personal data. After the retention period expires, the corresponding data is routinely deleted. In cases where retention periods exist, processing is restricted by blocking the data.


References and Links

When accessing websites that are linked within the context of our website, you may be asked again for information such as your name, address, email address, browser characteristics, etc. This privacy policy does not govern the collection, disclosure, or handling of personal data by third parties.

 

Third-party service providers may have different and separate provisions regarding the collection, processing, and use of personal data. Therefore, it is recommended to review the privacy practices of third-party websites before entering personal data.

 

As of February 2023.