We have written this privacy statement (version 04/19/2022-312004723) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as the controller - and the processors (e.g. providers) commissioned by us - process, will process in the future and what lawful options you have. The terms used are to be understood as gender-neutral.
In short, we provide you with comprehensive information about data we process about you.
Privacy statements usually sound very technical and use legal terminology. This privacy statement, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. To the extent that it is conducive to transparency, technical terms are explained in a reader-friendly manner, links to further information are provided and graphics are used. In this way, we inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible by providing the most concise, unclear and legalistic explanations possible, as is often standard practice on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative and perhaps there is one or the other piece of information that you did not know yet.
If you still have questions, we would like to ask you to contact the responsible office mentioned below or in the imprint, to follow the existing links and to look at further information on third party sites. Our contact details can of course also be found in the imprint.
This data protection declaration applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (order processors). By personal data, we mean information within the meaning of Art. 4 No. 1 DSGVO, such as a person's name, e-mail address and postal address. The processing of personal data ensures that we can offer and invoice our services and products, whether online or offline. The scope of this privacy policy includes:
In short, the privacy policy applies to all areas in which personal data is processed in a structured manner within the company via the aforementioned channels. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.
In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e. the legal basis of the General Data Protection Regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679.
We only process your data if at least one of the following conditions applies:
Further conditions such as the performance of recordings in the public interest and the exercise of official authority as well as the protection of vital interests do not generally occur with us. If such a legal basis should be relevant, it will be indicated at the appropriate place.
In addition to the EU regulation, national laws also apply:
If other regional or national laws apply, we will inform you about them in the following sections.
If you have any questions about data protection or the processing of personal data, you will find the contact details of the responsible person or office below:
Mats Bauer
Wilhelm-Reinecke-Str. 20
21335 Lüneburg
E-mail: mats.bauer@airlibi.com
Phone: +4915226708101
Imprint: https://airlibi.com/impressum
The fact that we only store personal data for as long as is absolutely necessary for the provision of our services and products applies as a general criterion at our company. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are required by law to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.
Should you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as soon as possible and insofar as there is no obligation to store it.
We will inform you about the specific duration of the respective data processing below, provided that we have further information on this.
According to Article 13 of the GDPR, you have the following rights to ensure fair and transparent processing of data:
In short, you have rights - do not hesitate to contact the responsible party listed above with us!
If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the data protection authority, whose website can be found at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:
State Commissioner for Data Protection: Barbara Thiel
Address: Prinzenstraße 5, 30159 Hanover
Phone no.: 05 11/120-45 00
E-mail address: poststelle@lfd.niedersachsen.de
Website: https://lfd.niedersachsen.de/startseite/
We only transfer or process data to countries outside the EU (third countries) if you consent to this processing, if this is required by law or contractually necessary and in any case only to the extent that this is generally permitted. Your consent is in most cases the most important reason that we have data processed in third countries. Processing personal data in third countries such as the U.S., where many software vendors provide services and have their server locations, may mean that personal data is processed and stored in unexpected ways.
We expressly point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. Data processing by US services (such as Google Analytics) may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. In addition, it may happen that collected data is linked with data from other services of the same provider, if you have a corresponding user account. Where possible, we try to use server locations within the EU, if this is offered.
We will inform you in more detail about data transfer to third countries, if applicable, at the appropriate places in this privacy policy.
To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. In this way, we make it as difficult as possible for third parties to infer personal information from our data.
Article 25 of the GDPR refers to "data protection through technical design and data protection-friendly default settings" and thus means that both software (e.g., forms) and hardware (e.g., access to the server room) should always be designed with security in mind and that appropriate measures should be taken. If necessary, we will go into more detail on specific measures below.
TLS, encryption and https sound very technical and they are. We use HTTPS (the Hypertext Transfer Protocol Secure stands for "secure hypertext transfer protocol") to transfer data over the Internet in a tap-proof way.
This means that the complete transmission of all data from your browser to our web server is secured - no one can "listen in".
We have thus introduced an additional layer of security and comply with Data Protection by Design Article 25(1) DSGVO). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data.
You can recognize the use of this data transmission protection by the small lock symbol in the upper left corner of the browser, to the left of the Internet address (e.g., beispielseite.de) and the use of the https scheme (instead of http) as part of our Internet address.
If you want to know more about encryption, we recommend doing a Google search for "Hypertext Transfer Protocol Secure wiki" to get good links to more information.
Communication summary 👥 Affected parties: All those who communicate with us by telephone, e-mail or online form Data processed: e.g. phone number, name, e-mail address, form data entered. You can find more details on this in the respective contact type used 🤝 Purpose: Handling communication with customers, business partners, etc. 📅 Storage period: duration of the business case and legal requirements ⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. b DSGVO (Contract), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests) |
When you contact us and communicate by phone, e-mail or online form, personal data may be processed.
The data will be processed for the handling and processing of your question and the related business transaction. The data is stored for as long as it is required by law.
All those who seek contact with us via the communication channels provided by us are affected by the aforementioned processes.
When you call us, the call data is stored pseudonymously on the respective terminal device and with the telecommunications provider used. In addition, data such as name and telephone number may subsequently be sent by e-mail and stored for the purpose of responding to inquiries. The data is deleted as soon as the business case has been terminated and legal requirements permit.
If you communicate with us by e-mail, data may be stored on the respective end device (computer, laptop, smartphone,...) and data is stored on the e-mail server. The data is deleted as soon as the business case has been terminated and legal requirements allow it.
If you communicate with us using an online form, data is stored on our web server and, if necessary, forwarded to an e-mail address of ours. The data is deleted as soon as the business case has been terminated and legal requirements permit.
The processing of the data is based on the following legal bases:
In this section, we would like to explain to you what a processing order is and why it is needed. Because the word "order processing agreement" is quite a mouthful, we will also use just the acronym AVV more often here in the text. Like most companies, we do not work alone, but also use the services of other companies or individuals ourselves. Through the involvement of various companies or service providers, it may be that we pass on personal data for processing. These partners then act as processors with whom we conclude a contract, the so-called order processing agreement (AVV). The most important thing for you to know is that the processing of your personal data takes place exclusively according to our instructions and must be regulated by the GCU.
As a company and website owner, we are responsible for all data that we process from you. In addition to the responsible parties, there may also be so-called processors. This includes any company or person who processes personal data on our behalf. More precisely and according to the GDPR definition: any natural or legal person, authority, institution or other body that processes personal data on our behalf is considered a processor. Consequently, processors can be service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft, for example.
For a better understanding of the terminology, here is an overview of the three roles in the GDPR:
Data subject (you as customer or interested party) → Responsible party (we as company and client) → Processor (service provider such as web hoster or cloud provider)
As already mentioned above, we have concluded an AVV with our partners who act as processors. This states first and foremost that the processor will process the data to be processed exclusively in accordance with the GDPR. The contract must be concluded in writing, although in this context the electronic conclusion of the contract is also considered "in writing". Only on the basis of the contract will the processing of personal data take place. The contract must contain the following:
Furthermore, the contract contains all the obligations of the processor. The most important obligations are:
You can see what such an AVV looks like in concrete terms at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html, for example. A sample contract is presented here.
Web Analytics Privacy Policy Summary 👥 Data subjects: Visitors to the website 🤝 Purpose: Evaluation of visitor information to optimize the web offer. 📓 Processed data: Access statistics, which include data such as locations of accesses, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found in the respective web analytics tool used. 📅 Storage duration: depending on the web analytics tool used. Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests) |
We use software on our website to evaluate the behavior of website visitors, known as web analytics for short. This involves collecting data that is stored, managed and processed by the respective analytic tool provider (also known as a tracking tool). The data is used to create analyses of user behavior on our website and made available to us as the website operator. In addition, most tools offer various testing options. For example, we can test which offers or content are best received by our visitors. To do this, we show you two different offers for a limited period of time. After the test (so-called A/B test), we know which product or content our website visitors find more interesting. For such test procedures, as for other analytics procedures, user profiles can also be created and the data stored in cookies.
With our website we have a clear goal in mind: we want to deliver the best web offer on the market for our industry. To achieve this goal, we want to offer the best and most interesting offer on the one hand, and on the other hand, make sure that you feel completely comfortable on our website. With the help of web analysis tools, we can take a closer look at the behavior of our website visitors and then improve our web offer for you and us accordingly. For example, we can see how old our visitors are on average, where they come from, when our website is most visited or which content or products are particularly popular. All this information helps us to optimize the website and thus best adapt it to your needs, interests and wishes.
Exactly what data is stored depends, of course, on the analysis tools used. But as a rule, for example, which content you view on our website, which buttons or links you click on, when you access a page, which browser you use, which device (PC, tablet, smartphone, etc.) you use to visit the website or application, or which computer system you use is stored. If you agreed that location data may also be collected, these may also be processed by the web analytics tool provider.
In addition, your IP address is also stored. According to the General Data Protection Regulation (DSGVO), IP addresses are personal data. However, your IP address is usually stored pseudonymously (i.e. in an unrecognizable and shortened form). For the purpose of testing, web analysis and web optimization, no direct data, such as your name, age, address or email address are stored as a matter of principle. All this data, if collected, is stored pseudonymously. Thus, you cannot be identified as a person.
How long the respective data is stored always depends on the provider. Some cookies store data only for a few minutes or until you leave the website again, other cookies can store data for several years.
We will inform you about the duration of data processing below, provided we have further information on this. In general, we only process personal data for as long as is strictly necessary for the provision of our services and products. If it is required by law, as for example in the case of accounting, this storage period may also be exceeded.
You also have the right and the possibility to revoke your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, disabling or deleting cookies in your browser.
The use of web analytics requires your consent, which we have obtained with our cookie popup. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data as it may occur during the collection by web analytics tools.
In addition to consent, there is a legitimate interest on our part to analyze the behavior of website visitors and thus improve our offer technically and economically. With the help of web analytics, we detect errors of the website, can identify attacks and improve the economic efficiency. The legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we use the tools only insofar as they have given consent.
Since web analytics tools use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy statements of the respective tools.
Information on specific web analytics tools, if any, is provided in the following sections.
We use Firebase, an analysis and monitoring tool, on our website. The service provider is the American company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
Google also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.
Google uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Ads Data Processing Terms, which correspond to the standard contractual clauses and are also applicable to Firebase, can be found at https://business.safety.google/adsprocessorterms/.
To learn more about the data processed through the use of Firebase, please see the Privacy Policy at https://policies.google.com/privacy?hl=en-US .
We also use the web analytics service Mixpanel, in order to obtain data on the use of our Website for internal purposes, operated by Mixpanel, Inc., 405 Howard St, Floor 2, San Francisco, CA 94105, USA ("Mixpanel"). Mixpanel is obliged to maintain appropriate data protection levels. In the event of your consent (Art. 6 para. 1 lit. a GDPR), Mixpanel will insert a cookie on your device which also logs your user behavior on the Website (retrieval of pages and activities on pages). This data is then analyzed by Mixpanel and forwarded to us.
Further information on the use of data by Mixpanel can be found in the privacy policy of Mixpanel. https://mixpanel.com/legal/mixpanel-gdpr/
Push messages summary 👥 Affected: Push Messages subscribers 🤝 Purpose: notification of system-relevant and interesting events 📓 Processed data: Data entered during registration, usually also location data. You can find more details about this in the respective push message tool used. 📅 Storage duration: Data mostly stored as long as necessary for the provision of the services. ⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. b DSGVO (contract) |
We also use so-called push notification services on our website, which allow us to keep our users always up to date. This means that if you have agreed to the use of such push messages, we can send you short news with the help of a software tool. Push messages are a text message form that appear directly to you on your smartphone or other devices, such as tablets or PCs, if you have signed up for them. You will receive these messages even if you are not on our website or not actively using our service. Data about your location and your usage behavior may also be collected and stored.
On the one hand, we use push messages to be able to fully provide the services we have contractually agreed with you. On the other hand, the messages also serve our online marketing. We can bring you closer to our service or our products with the help of these messages. Especially when there is news in our company, we can inform you about it immediately. We want to get to know the preferences and habits of all our users as well as possible in order to continuously improve our offer.
In order for you to receive push messages, you must also confirm that you want to receive them. The data accumulated during the consent process is also stored, managed and processed. This is necessary so that it can be proven and recognized that a user has agreed to receive the push messages. For this purpose, a so-called device token or push token is stored in your browser. Usually, the data of your location or the location of the terminal device you are using is also stored.
To ensure that we also always send interesting and important push messages, the handling of the messages is also statistically evaluated. For example, we can then see whether and when you open the message. With the help of these insights, we can adapt our communication strategy to your wishes and interests. Although this stored data can be assigned to you, we do not want to check you as an individual. Rather, we are interested in the collected data of all our users so that we can make optimizations. You can find out exactly what data is stored in the privacy statements of the respective service providers.
How long the data is processed and stored depends primarily on the tool we use. You can learn more about the data processing of the individual tools below. The privacy statements of the providers usually state exactly which data is stored and processed and for how long. In principle, personal data is only processed for as long as is necessary to provide our services. If data is stored in cookies, the storage period varies greatly. The data can be deleted immediately after leaving a website, but it can also remain stored for several years. Therefore, you should look at each individual cookie in detail if you want to know more about the data storage. In most cases, you will also find informative information about the individual cookies in the privacy statements of the individual providers.
It may also be that the push messages are necessary so that certain obligations that are in a contract can be fulfilled. For example, so that we can provide you with technical or organizational news. Then the legal basis is Art. 6 para. 1 lit. b DSGVO.
If this is not the case, the push messages will only be sent based on your consent. Our push messages may in particular have an advertising content. The push messages may also be sent depending on your location, which your end device displays. The above-mentioned analytical evaluations are also based on your consent to receive such messages. The legal basis in this respect is Art. 6 (1) lit. a DSGVO. Of course, you can revoke your consent or change various settings at any time in the settings.
We use OneSignal, a mobile marketing platform, for our website. The service provider is the American company OneSignal, 2850 S Delaware St #201, San Mateo, CA 94403, USA.
OneSignal also processes data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.
As a basis for data processing at recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, OneSignal uses standard contractual clauses approved by the EU Commission (= Art. 46. para. 2 and 3 DSGVO). These clauses oblige OneSignal to comply with the EU level of data protection when processing relevant data also outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among others, here: https://germany.representation.ec.europa.eu/index_de.
To learn more about the data processed through the use of OneSignal, please see the Privacy Policy at https://onesignal.com/privacy.
Online Marketing Privacy Policy Summary 👥 Data subjects: Visitors to the website 🤝 Purpose: Evaluation of visitor information to optimize the web offer. 📓 Processed data: Access statistics, which include data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. Personal data such as name or email address may also be processed. More details on this can be found with the respective online marketing tool used. 📅 Storage duration: depending on the online marketing tools used. Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit.f DSGVO (Legitimate Interests) |
Online marketing refers to all measures that are carried out online to achieve marketing goals such as increasing brand awareness or closing a deal. Furthermore, our online marketing measures aim to draw people's attention to our website. In order to be able to show our offering to many interested people, we therefore engage in online marketing. This usually involves online advertising, content marketing or search engine optimization. To enable us to use online marketing efficiently and in a targeted manner, personal data is also stored and processed. On the one hand, the data helps us to show our content only to those people who are really interested in it, and on the other hand, we can measure the advertising success of our online marketing measures.
We want to show our website to every person who is interested in our offer. We are aware that this is not possible without consciously set measures. That's why we do online marketing. There are various tools that make it easier for us to work on our online marketing measures and, in addition, always provide suggestions for improvement via data. In this way, we can target our campaigns more precisely to our target group. So the purpose of these online marketing tools we use is ultimately to optimize our offering.
In order for our online marketing to work and the success of the measures can be measured, user profiles are created and data is stored, for example, in cookies (these are small text files). With the help of this data, we can not only place advertisements in the classic sense, but also directly on our website, display our content in the way you prefer. For this purpose, there are various third-party tools that offer these functions and accordingly also collect and store data from you. In the named cookies are stored, for example, which web pages you have visited on our website, how long you have looked at these pages, which links or buttons you click or from which website you have come to us. In addition, technical information may also be stored. For example, your IP address, which browser you use, from which device you visit our website or the time when you accessed our website and when you left it again. If you have consented that we may also determine your location, we may also store and process this.
Your IP address is stored in pseudonymized form (i.e., shortened). Unique data that directly identifies you as a person, such as name, address or e-mail address, is also only stored in pseudonymized form as part of the advertising and online marketing processes. We can therefore not identify you as a person, but we have only the pseudonymized stored information in the user profiles.
The cookies may also be deployed, analyzed and used for advertising purposes on other websites that use the same advertising tools. The data may then also be stored on the servers of the advertising tools providers.
In exceptional cases, unique data (name, e-mail address, etc.) may also be stored in the user profiles. This data is stored, for example, if you are a member of a social media channel that we use for our online marketing measures and the network links previously received data with the user profile.
With all the advertising tools we use, which stores data from you on their servers, we only ever receive aggregate information and never data that makes you recognizable as an individual. The data only shows how well set advertising measures worked. For example, we see which measures have persuaded you or other users to come to our website and purchase a service or product there. Based on the analyses, we can improve our advertising offer in the future and adapt it even more precisely to the needs and wishes of interested persons.
We will inform you about the duration of data processing below, provided we have further information on this. In general, we process personal data only as long as it is absolutely necessary for the provision of our services and products. Data that is stored in cookies is stored for different lengths of time. Some cookies are deleted as soon as you leave the website, others may be stored in your browser for several years. In the respective privacy statements of the individual providers, you will usually receive detailed information about the individual cookies used by the provider.
You also have the right and the possibility to revoke your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, disabling or deleting cookies in your browser. The lawfulness of the processing until the revocation remains unaffected.
Since online marketing tools can usually use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy statements of the respective tools.
If you have consented that third-party providers may be used, the legal basis of the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data as it may occur when collected by online marketing tools.
We also have a legitimate interest in measuring online marketing measures in anonymized form in order to optimize our offer and our measures with the help of the data obtained. The corresponding legal basis for this is Art. 6 Para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use the tools if you have given your consent.
Information on specific online marketing tools - if available - can be found in the following sections.
We use Google AdMob, a tool for mobile advertising, on our website. The service provider is the American company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
Google also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.
Google uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The data processing terms for Google advertising products (Google Ads Controller Data Protection Terms), which correspond to the standard contractual clauses and are also applicable to Google AdMob, can be found at https://business.safety.google/adscontrollerterms/.
You can learn more about the data processed through the use of Google AdMob in the Privacy Policy at https://policies.google.com/privacy?hl=de.
Cloud Services Privacy Policy Summary 👥 Parties concerned: We as website operator and you as website visitor 🤝 Purpose: security and data storage 📓 Processed data: Data such as your IP address, name or technical data such as browser version. More details can be found below and in the individual data protection texts or in the data protection declarations of the providers. 📅 Storage period: most of the time, the data is stored until it is no longer required for the fulfillment of the service Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests) |
Cloud services provide us as website operators with storage space. Data can be transferred to an external system and stored via the Internet. The corresponding cloud provider takes over the management of this data. Depending on the requirements, an individual person or even a company can choose the storage space size. Cloud storage is accessed via an API or via storage protocols. API stands for Application Programming Interface and means a programming interface that connects software with hardware components.
We use cloud services for several reasons. A cloud service offers us the possibility to store our data securely. In addition, we have access to the data from different locations and devices, giving us more flexibility and facilitating our work processes. A cloud storage also saves us money because we don't have to build and manage our own infrastructure for data storage and data security. By storing our data centrally in the cloud, we can also expand our fields of application and manage our information much better.
So, as a website operator or as a company, we use cloud services primarily for our own purposes. For example, we use the services to manage our calendar, to store documents or other important information in the cloud. However, personal data about you may also be stored in the process. This is the case, for example, if you provide us with your contact details (such as name and email address) and we store our customer data with a cloud provider. Consequently, data that we process from you may also be stored and processed on external servers. If we offer certain forms or content from cloud services on our website, cookies may also be set for web analytics and advertising purposes. Furthermore, such cookies remember your settings (such as the language used) so that the next time you visit our website you will find your familiar web environment.
Much of the data we store in the cloud has no personal reference, but some data is considered personal data according to the definition of the GDPR. This is often customer data such as name, address, IP address or telephone number, or technical device information. Furthermore, videos, images and audio files can also be stored in the cloud. Exactly how the data is collected and stored depends on the service in question. We try to use only services that are very trustworthy and professional with the data. Basically, the services, such as Amazon Drive, have access to the stored files in order to offer their own service accordingly. For this, however, the services need permissions, such as the right to copy files due to security aspects. This data is processed and managed within the scope of the services and in compliance with the applicable laws. This also includes the DSGVO for US providers (via the standard contractual clauses). These cloud services also work in some cases with third-party providers who may process data under instruction and in accordance with the privacy policy and further security measures. We would like to emphasize again here that all known cloud services (such as Amazon Drive, Google Drive or Microsoft Onedrive) obtain the right to have access to stored content in order to be able to offer and optimize their own service accordingly.
We will inform you about the duration of data processing below, if we have further information on this. In general, cloud services store data until you or we revoke the data storage or delete the data again. In general, personal data is only stored as long as it is absolutely necessary for the provision of the services. However, a final data deletion from the cloud may take several months. This is the case because the data is usually not only stored on one server, but is divided among various servers.
You also have the right and the possibility to revoke your consent to data storage in a cloud at any time. If cookies are used, you also have a right of revocation here. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating or deleting cookies in your browser. We also recommend that you read our general privacy policy on cookies. To find out exactly what data of yours is stored and processed, you should read the privacy statements of the respective cloud providers.
We use cloud services mainly based on our legitimate interests (Art. 6 (1) lit. f DSGVO) in a good security and storage system.
Certain processing, in particular the use of cookies and the use of storage functions require your consent. If you have consented that data from you can be processed and stored with cloud services, this consent is considered the legal basis of the data processing (Art. 6 (1) lit. a DSGVO). Most of the services we use set cookies in your browser to store data. That is why we recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie policy of the respective service provider.
Information on special tools - if available - can be found in the following sections.
We use Google Cloud, an online storage service for files, photos and videos, for our website. The service provider is the American company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
Google also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.
Google uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Ads Data Processing Terms, which correspond to the standard contractual clauses and are also applicable to Google Cloud, can be found at https://business.safety.google/adsprocessorterms/.
You can learn more about the data processed through the use of Google Cloud in the Privacy Policy at https://policies.google.com/privacy?hl=de.
Single sign-on logins Privacy policy summary 👥 Data subjects: Visitors to the website 🤝 Purpose: simplification of the authentication process 📓 Data processed: Depends strongly on the respective provider, mostly e-mail address and username can be stored. You can find more details about this in the respective tool used. 📅 Storage duration: depending on the tools used ⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. b DSGVO (Contract performance), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests) |
On our website, you have the option of quickly and easily registering for our online service via a user account from another provider (e.g. via Facebook). This authentication procedure is called "single sign-on login", among other things. Of course, this login procedure only works if you are registered with the other provider or have a user account and enter the corresponding access data in the online form. In many cases, you are already registered, the access data is automatically entered into the form and you only have to confirm the single sign-on registration via a button. In the course of this registration, your personal data may also be processed and stored. In this data protection text, we generally address data processing through single sign-on logins. You can find more detailed information in the privacy statements of the respective providers.
We want to make your life on our website as easy and pleasant as possible. That's why we also offer single sign-on logins. This saves you valuable time because you only need one authentication. Since you only need to remember one password and it is only transmitted once, security is also increased. In many cases, you have also already saved your password automatically with the help of cookies and the login process on our website therefore only takes a few seconds.
Although you log in to our website using this special login procedure, the actual authentication takes place at the corresponding single sign-on provider. As the website operator, we receive a user ID in the course of authentication. This records that you are logged in to the corresponding provider under this ID. This ID cannot be used for any other purpose. Other data may also be transmitted to us, but this depends on the single sign-on providers used. Likewise, it depends on what data you voluntarily provide during the authentication process and what data you generally enable in your settings with the provider. In most cases, this is data such as your e-mail address and your user name. We do not know your password, which is necessary for logging in, and it is not stored by us. It is also important for you to know that data stored with us can be automatically compared with the data of the respective user account through the registration process.
We will inform you about the duration of data processing below, provided we have further information on this. For example, the social media platform Facebook stores data until it is no longer needed for its own purpose. However, customer data that is matched with our own user data is already deleted within two days. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products.
You also have the right and the possibility to revoke your consent to the use of single sign-on logins at any time. This usually works via opt-out functions of the provider. If available, you will also find links to the corresponding opt-out functions in our data protection texts for the individual tools.
If it has been agreed with you and this is done in the context of contract performance (Article 6(1)(b) DSGVO) and consent (Article 6(1)(a) DSGVO), we may use the single sign-on procedure on their legal bases.
In addition to consent, there is a legitimate interest on our part in providing you with a quick and easy registration process. The legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use the single sign-on login if you have given your consent.
If you no longer wish to have this link to the provider with the single sign-on login, please cancel it in your user account with the respective provider. If you also want to delete data with us, a cancellation of your registration is necessary.
We also use the authentication service Google Single-Sign-On for logging in to our website. The service provider is the American company Facebook Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
Google also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.
Google uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
You can learn more about standard contractual clauses at Google in the Google Ads Data Processing Terms at https://business.safety.google/adsprocessorterms/.
At Google, you can revoke your consent to the use of single sign-on via opt-out function at https://adssettings.google.com/authenticated. You can find out more about the data processed through the use of Google Single-Sign-On in the Privacy Policy at https://policies.google.com/privacy?hl=de.
Miscellaneous Privacy Policy Summary 👥 Data subjects: Visitors to the website 🤝 Purpose: Improve user experience 📓 Data processed: Which data is processed depends heavily on the services used. Mostly it is IP address and/or technical data. You can find more details about this in the respective tools used. 📅 Storage duration: depending on the tools used Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests) |
The category "Other" includes those services that do not fit into one of the above categories. These are usually various plugins and embedded elements that enhance our website. As a rule, these functions are obtained from third-party providers and integrated into our website. For example, these are web search services such as Algolia Place, Giphy, Programmable Search Engine or online services for weather data such as OpenWeather.
We want to offer you the best web offer in our industry with our website. For a long time now, a website has not been just a business card for companies. Rather, it is a place that should help you find what you are looking for. To always make our website more interesting and helpful for you, we use various third-party services.
Whenever elements are integrated into our website, your IP address is transmitted to the respective provider, stored and processed there. This is necessary because otherwise the content will not be sent to your browser and consequently will not be displayed accordingly. It may also happen that service providers also use pixel tags or web beacons. These are small graphics on websites that can record a log file and also create analyses of this file. With the information obtained, providers can improve their own marketing efforts. In addition to pixel tags, such information (such as which button you click or when you visit which page) can also be stored in cookies. In addition to analysis data about your web behavior, technical information such as your browser type or operating system can also be stored in them. Some providers may also link the data obtained with other internal services or with third-party providers. Each provider handles your data differently. Therefore, we recommend that you carefully read the privacy statements of the respective services. As a matter of principle, we endeavor to use only services that handle the issue of data protection very carefully.
We will inform you about the duration of data processing below, provided we have further information on this. In general, we process personal data only as long as it is absolutely necessary for the provision of our services and products.
If we ask you for your consent and you also consent that we may use the service, this is considered the legal basis for the processing of your data (Art. 6 para. 1 lit. a DSGVO). In addition to the consent, there is a legitimate interest on our part to analyze the behavior of website visitors and thus to improve our offer technically and economically. The legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use the tools if you have given your consent.
Information on the specific tools, if available, is provided in the following sections.
All texts are protected by copyright.
Source: Created with the privacy generator from AdSimple
Last edited: 23.04.2022
