In this Privacy Policy, we, PRofiFLITZER GmbH, inform you of the personal data processing when you use our website (https://www.pos-live.de/). You are able to print or save this Privacy Policy by using the standard functionality of your browser. Should you wish to access the Privacy Policy of our profiflitzer.de site, please click here: http://www.profiflitzer.de/datenschutzerklaerung/

Contact

The contact person in charge of the processing of your personal data when visiting this website according to EU General Data Protection Regulation (GDPR) is

PRofiFLITZER GmbH

Streustraße 67-68

13086 Berlin

Phone: +49 (0) 30 509307 528

Fax: +49 (0) 30 509 307 599

E-mail: [email protected]

You may contact our Data Protection Officer at any time regarding queries about privacy in connection with our products or the use of our website. The data protection officer can be reached at the above postal address and at the e-mail address given above. (Subject: “For the attention of the data protection officer”). We would like to point out that when using this e-mail address, the contents shall not be seen exclusively by our Data Protection Officer. Should you wish to share confidential information, we therefore request that you first contact us directly via this e-mail address.

Data Processing on our Website

Accessing our Website / Access Data

We process connection data that your browser automatically sends each time you use our website, so that you can access it. This connection data includes the relevant http header information, which includes user agents, and in particular:

  • The requesting device’s IP address
  • Date and time of the request
  • Addresses of the website that was accessed and the requesting website
  • Information on the browser being used and the operating system
  • Online identifiers (e.g. device identifiers, session ID’s)

Data processing of this access data is necessary to enable access to the website and to ensure the long-term functionality and security of our systems, as well as for the general administrative maintenance of our website. To create statistical data about the use of our website, to further develop our website with regards to the usage habits of our visitors (for example, if the proportion of mobile devices used to access the pages increases), and for general administrative maintenance of our website, the connection data is stored in internal log files for the purposes described above, temporarily and limited to the most necessary content. The legal basis is Art. 6 para. 1 sentence 1 lit. b of the GDPR, if the page is accessed in the course of initiating or executing a contract, and otherwise Art. 6 para. 1 lit. f of the GDPR due to our legitimate interest in enabling website access and the long-term functionality and security of our systems.

The information stored in the login files does not provide any direct inference about your identity – in particular, we only store the IP addresses in abbreviated, anonymous form. The log files are kept for 30 days before being anonymized and then archived.

Contact us to schedule a demo appointment

You can contact us via the Demo Appointment Agreement form that is available to you. In this context, we process data exclusively to communicate with you and for making an appointment. Insofar as your information is necessary for us to respond to your inquiry or to begin or execute a contract, the legal basis is Article 6 (1) Lit. b GDPR; in all other cases, the legal basis is Article 6 (1) Lit. f GDPR, because it is in our legitimate interest that you contact us, so that we can respond to your inquiry or schedule an appointment. Unless we still require your request to comply with contractual or legal obligations, the information we collect when you use the form will be deleted after we have fully processed it (see section “Storage Period”).

Use of tools on the website

Technologies used

This website uses many services and applications (collectively “tools”) that are either provided by us or by third parties. These, in particular, consist of tools that make use of technologies to access or store data on the end device:

Cookies:

pieces of data that are stored on an end device and include a name, a value, the storing domain, and expiration date. In contrast to persistent cookies, which are deleted after the specified expiration date, so-called session cookies (such as PHPSESSID) are deleted after the session. Cookies may also be removed manually.

Web Storage (Local Storage / Session Storage): information with a name and value that is kept on the end device. Information in Local Storage has no time limit and is kept there indefinitely unless a mechanism for deletion has been set up, in contrast to Session Storage, where information is deleted after the session (e.g. storage of a Local Storage with time entry). Information in the Local and Session Storage may also be removed manually.

JavaScript:

programming codes (scripts) embedded in or accessed from the website that, for example, set cookies and web storage or actively collect information from the end device or the visitor’s usage behaviour. JavaScript can be used for “active fingerprinting” and the creation of user profiles. JavaScript can be disabled in the browser via a setting, but most services will completely stop functioning as a result.

Pixel:

tiny graphics that are loaded automatically by a service can be used to identify visitors by automatically transmitting the usual connection data (in particular, IP address, information about the browser, operating system, language, and address accessed) and to establish things like whether an email has been opened or a website visited. “Passive fingerprinting” and the creation of user profiles may be done with the help of pixels. Pixels can be avoided by, for example, blocking images in e-mails, though the display is severely limited as a result.

These technologies, as well as the mere establishment of a connection on a page, can be used to create so-called “fingerprints,” or user profiles that do not require the use of cookies or web storage, but can still recognise visitors. Fingerprints due to connection establishment may not be completely prevented manually.

Most browsers are set by default to accept cookies, execute scripts and display graphics. However, you are usually able to adjust your browser settings to reject all or certain cookies or to block scripts and graphics. In case you completely block the storage of cookies, the display of graphics and the execution of scripts, our services will probably not work or not work properly.

The tools we use are listed below by category, along with information about the tools’ creators, how long cookies or other data are stored locally or temporarily, and whether data is shared with third parties. It also explains in which cases we obtain your voluntary consent to use the tools and how you can revoke this consent

Legal basis and revocation

Legal basis

Based on our legitimate interest under Art. 6 (1) lit. f GDPR, we use the tools required for website operation to provide the essential features of our website. These measures may occasionally be required for carrying out contractual obligations or carrying out pre-contractual actions, in which case processing is done by Art. 6 (1) lit. b GDPR. In these cases, access to and storage of information in the end device is required and is done by on the basis of the ePrivacy Directive transposition laws of the EU member states, in Germany, this is done by § 25 para. 2 TTDSG.

Any additional, optional, and non-essential tools that perform additional functions are used based on your consent under Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place based on the EU member states transposition laws of the ePrivacy Directive, in Germany under § 25 para. 1 TTDSG. Data processing using these tools only takes place when we have received your consent in advance.

In the case of transfer of personal data to third countries (such as the USA), we refer to this also for the possible risks involved (“Data transfer to third countries”). We will let you know you whether there is an adequacy decision for the relevant third country, or whether standard contractual clauses or other guarantees have been reached for the use of specific tools. If you have consented to the use of certain tools and the associated transfer of your data to third countries, we transfer the data processed when using the tools to third countries (also) based on your consent under Art. 49 (1) lit. a GDPR.

Obtaining your consent

We use the GDPR Cookie Consent tool from webtoffee – Mozilor Limited, 10 Paxton Crescent, Shenley Lodge, Milton Keynes, MK5 7PY, United Kingdom (“GDPR Cookie Consent”) to obtain and manage your consent. This generates a banner informing you about the data processing on our website and giving you the option to consent to all, some or no data processing through optional tools. When you visit our website for the first time and if you revisit your settings selection to change them or withdraw consents, this banner will appear. If you have disabled cookie storage or if cookies or information in the local storage of GDPR Cookie Consent have expired or been deleted, the banner will still show up on subsequent visits to our website.

Your consent or repeal, your IP address, information about your browser, your end device and the time of your visit are transmitted to GDPR Cookie Consent. Furthermore, GDPR Cookie Consent stores necessary information on your end device in order to document the consents you have given, and revocations issued.

GDPR data processing Cookie Consent is required to provide you with legally required consent management and to meet our documentation requirements. The legal basis for the use of GDPR Cookie Consent is Art. 6 (1) lit. f GDPR, justified by our interest in fulfilling legal requirements for consent management. The access to and storage of information in the end device is absolutely necessary in these cases and takes place on the basis of the ePrivacy Directive transposition laws of the EU member states, in Germany pursuant to § 25 para. 2 TTDSG.

Revoking your consent or changing your selection

You have the right to revoke your consent at any time with future effect for several tools, including the storage and access of data on the end device, the processing of your data, and the transfer of your data to third countries. To do so, click on the following link/button: HERE. There, you can also alter the list of tools whose use you wish to give your consent and get more details about the tools that were used. As an alternative, you can directly notify the provider of your revocation for specific tools.

Essential tools

We use certain tools to enable the basic functionalities of our website (“essential tools”). Examples of these include tools used to manage and integrate tools, create and display website content, identify and stop fraud, and maintain the safety of our website. Without these tools, we would not be able to provide our service. As a result, essential tools are used without consent.

The need to fulfil our legitimate interests under Art. 6 (1) lit. f GDPR in the provision of the relevant fundamental functions and the operation of our website serves as the legal foundation for the necessity of the tools. The legal basis for data processing is Art. 6 (1) lit. b GDPR when the provision of the relevant website functions is required for the performance of pre-contractual actions or for the completion of a contract. In these circumstances, access to and storage of information in the end device are absolutely necessary and are carried out in accordance with the ePrivacy Directive’s transposition laws of the EU member states, specifically Section 25 (2) TTDSG in Germany.

In the event that personal data is transferred to third countries (such as the USA), we also refer to the below details of Section 5 (“Data transfer to third countries”).

Google Tag Manager

Google Tag Manager is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for users from the European Economic Area and Switzerland and by Google, Inc., 1600 Amphitheatre Parkway Mountain View, California 94043, USA (collectively “Google”) for users from all other countries.

By integrating so-called website tags, Google Tag Manager is only used to manage website tools. A tag is an element that is stored in the source code of our website in order to execute a tool, for instance through scripts. If these are optional tools, Google Tag Manager will only include them in your website with your permission. Google Tag Manager uses JavaScript and does not generally use cookies.

The legal basis is Art. 6 (1) lit. f GDPR, which is based on our legitimate interest in including and managing multiple tags on our website in a straightforward manner.

Google collects information about which tags are integrated by our website to ensure stability and functionality in the context of using Google Tag Manager. However, beyond the mere establishment of the connection, Google Tag Manager does not store any personal data, and in particular no information on user behaviour or pages visited.

We have established an order processing agreement with Google Ireland Limited. Google Ireland Limited and Google LLC have agreed to standard contractual clauses by Art. 46 (2) lit. c GDPR if Google Ireland Limited transfers personal data to the United States or other third countries.

For more information, see Google’s information on Tag Manager: https://support.google.com/tagmanager/answer/6102821.

Analysis tools

We use optional tools for visitor recognition and the statistical collection and analysis of general usage patterns based on access data to improve our website (“analysis tools”). Our use of our various marketing channels is also assessed using analytics services. We can track the usage patterns of our visitors thanks to the usage data that is gathered and processed in aggregate form. This is used to improve the user experience, as well as adapting and optimising our website’s design.

The legal basis for the analysis tools is your consent pursuant to Art. 6 para. 1 lit. a GDPR. In such cases, access to and storage of information in the end device is governed by the e-Privacy Directive transposition laws of the EU member states, in Germany according to Section 25 (1) TTDSG. For revocation of your consent, see 3.2.3: “Revoking your consent or changing your selection”.

Your express consent extends to the transfer of personal data to third countries, such as the USA (Article 49 (1)a GDPR), if such a transfer occurs. Please refer to section 6 (“Data transfer to third countries”) for the associated risks.

Google Universal Analytics

Our website makes use of the Google Universal Analytics (“Google Analytics”) service, which is provided under license to visitors from Europe, the Middle East, and Africa (EMEA) by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and to visitors from all other countries by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (hereinafter referred to as “Google”).

Cookies are used by Google Analytics to store data on your end device while JavaScript and pixels are used to read data from your end device. The goal is to analyse your usage behaviour and to improve our website. The information we collect will be used to evaluate your use of the website and to generate website activity reports for the website’s operators. Google may transfer and store the data generated in this context to a server in the United States for evaluation.

We have adopted the following Google Analytics privacy settings:

  • IP anonymisation (before evaluation, the IP address is shortened)
  • Automatic deletion of previous visit logs by limiting the storage period to 14 months;
  • No reset of the retention period based on new activity;
  • Disabled advertising functionality (including target group remarketing through GA Audience);
  • Disabled Remarketing;
  • Disabled cross-device and cross-page tracking;
  • Disabled data sharing to other Google products and services, benchmarking, technical support, account manager.

The following data is processed by Google Analytics:

  • IP-Address;
  • Referrer URL (previously visited page);
  • Pages viewed (date, time, URL, title, visit duration);
  • Downloaded files;
  • Clicked links to other websites;
  • Achievement of specific goals (Conversions);
  • Technical information: operating system; browser type, version and language; device type, brand, model and resolution;
  • Approximate location (country and city, where applicable, based on anonymised IP address).

Google Analytics sets the following cookies for the specified purpose with the respective storage period:

  • “_ga” (2 years), “_gid” (24 hours): Recognition and differentiation of visitors by a user ID;
  • “_gat” e.g. “_dc_gtm_UA-[GA-ID]” or “_gat-UA-[GA-ID]” (1 min): Reduction of requests to the Google servers;

“IDE” (13 months): Recognition and differentiation of visitors through a user ID, recording of interaction with advertising, playing out customised advertising;

  • “__utma” (2 years): Distinction between visitors and sessions;
  • “__utmb” (30 minutes): Determination of new sessions, visit duration;
  • “__utmc” (session): Determination of new sessions, visit duration;
  • “__utmt” (ten minutes): Reduction of demands;
  • “__utmz” (six months): Storage of the campaign or the source from which the visitor came;
  • “__utmv” (two years): Storage of a user-defined variable.

According to Art. 6 Para. 1 lit. a GDPR, your consent is the legal basis for this data processing. Access to and storage of information on the end device is carried out under the ePrivacy Directive transposition laws of the EU member states, in Germany according to Section 25 (1) TTDSG.

We have established an order processing agreement with Google Ireland Limited for the use of Google Analytics. Google Ireland Limited and Google LLC have agreed to standard contractual clauses by Art. 46 (2) lit. c GDPR if Google Ireland Limited transfers personal data to the United States (Implementing Decision (EU) 2021/914, Module 3). Furthermore, under Art. 49 (1) a GDPR, we obtain your express consent for the transfer of your data to third countries.

For more information, please see the Privacy Policy of Google: https://support.google.com/analytics/answer/6004245.

Marketing Tools

We also use optional tools for advertising purposes (“Marketing Tools”). The usage profiles that are made using some of the access data generated while using our website keep track of your browsing habits, the ads you’ve seen or clicked on, and, based on that, how you are classified into ad categories, interests and preferences. We are able to provide you with customised advertising on our website as well as the websites and services of other providers by analysing and evaluating the access data that we collect from you. As we do this, we also track your online activity, so that we can recognise you on other websites and send you personalised messages based on how you use our website (so-called retargeting). Additionally, we assess the success and effectiveness of our advertising campaigns (especially so-called conversions and leads).

Other optional social network tools for sharing content and posts through these networks are also included in marketing tools (“social media plugins”).

The use of the marketing tools is only permitted with your consent, which you give via the consent banner or with each individual tool by individually approving its use via a banner (overlay) placed over it, in accordance with Art. 6 (1) lit. a GDPR. Access to and storage of information on the end device is governed by the ePrivacy Directive transposition laws of the EU member states, in Germany under § 25 para. 1 TTDSG. To revoke your consent, see 3.3: “Revoking your consent or changing your selection”.

Your express consent extends to the transfer of personal data to third countries (Article 49 (1)a GDPR), such as the USA, if such a transfer occurs. For the associated risks, please refer to section 5 (“Data transfer to third countries”).

In the following Section, we would like to explain the tools and the providers used for this in more detail. The data collected may include in particular:

  • the IP address of the device;
  • the information of a cookie and in local or session storage;
  • the device identifier of mobile devices (e.g. device ID, advertising ID);
  • referrer URL (previously visited page);
  • pages viewed (date, time, URL, title, visit duration);
  • downloaded files;
  • clicked links to other websites;
  • achievement of specific goals (Conversions);
  • technical information: operating system; browser type, version and language; device type, brand, model and resolution;
  • approximate location (country and city, where applicable).
  • However, the collected data is only stored anonymously, so no direct conclusions about the individuals can be drawn.

Meta Pixel (formerly Facebook Pixel)

For marketing purposes, our websites make use of the “Meta Pixel” service, which is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland for visitors from outside the United States and Canada, and by Meta Platforms Inc, 1601 Willow Road, Menlo Park, California 94025, USA for everyone else (collectively “Meta Platforms”).

We track the effectiveness of advertising (“conversion tracking”) and use meta pixels to analyse how our websites are used generally (particularly “events”). Additionally, based on your interest in our products (“retargeting”), we use meta pixels to provide customized advertising messages on the social networks of Meta Platforms (like Facebook and Instagram). This also includes target group remarketing through Custom Audience. Meta Platforms has the option of sending the data generated in this context to a server in the USA for analysis and storage.

Meta Platforms uses cookies, JavaScript, and other technologies on our websites to collect data that is processed for this purpose. In particular these include:

HTTP header information such as Information on the browser used (e.g. user agent, language);

Information on events such as “page viewed”, other object properties and buttons clicked by visitors to the website;

Online identifiers such as IP addresses and, where provided, Facebook business-related identifiers or device ID’s (such as mobile operating system ad ID’s) and ad tracking disable/restriction status information.

The following cookies are set and read by Meta Pixel for the specified purpose with the respective storage period:

  • “_FBP” (3 months): Usage analysis and retargeting;
  • “FR” (3 months): Display of advertisements, usage analysis, conversion tracking.

The legal basis for this data processing is your consent in pursuance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device takes place by the ePrivacy Directive transposition laws of the EU member states, in Germany by Section 25 (1) TTDSG. Your express consent is required by Art. 49 Para. 1 lit. a GDPR for the transfer of your data to the USA and other third countries.

Facebook or Instagram may also connect the data gathered about your visit to our site to your member account and use it to target advertising if you are a member of those services and have granted Meta Platforms permission to do so via your account privacy settings. You may view and change the privacy settings of your Facebook profile at any time: https://www.facebook.com/settings/?tab=ads. You may prevent the linking of data collected outside of Instagram to serve personalised ads on Instagram through the following link: https://de-de.facebook.com/help/instagram/2885653514995517?locale=de_DE.

Meta Platforms will only show you generic advertisements if you have not given permission for the use of meta pixels and they are not chosen based on the data that has been gathered about you on this website.

For more information, including contact information and details about shared responsibility, please refer to Meta Platforms’ privacy notices particularly on the social networks Facebook and Instagram: https://www.facebook.com/about/privacy/.

LinkedIn Insight Tag

Our website uses the LinkedIn Insight Tag service of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). This allows us to collect and analyse statistical data about your visit to and use of our website. This allows us to show you interest-based and relevant LinkedIn offer recommendations, and advertising (retargeting). Additionally, in this context, a conversion tracking analysis of the effectiveness of advertisements is done. LinkedIn uses cookies, pixels and JavaScript for this purpose.

The following cookies are set and read by LinkedIn:

  • “lang” (session): Storage of the language setting;
  • “lidc” (24 hours): Optimisation of the selection of the data centre;
  • “lissc” (1 year): Cookie by means of which all cookies in the same browser use the same SameSite attribute.
  • “bcookie” (2 years): Prevention of misuse;
  • “UserMathHistory” (30 days): Usage analysis, synchronisation of IDs with LinkedIn Ads;
  • “li_gc” (2 years): Storage of user consent;
  • “AnalyticsSyncHistory” (30 days): Storage for synchronisation of information on LinkedIn members.

For more information on cookies, please visit: https://www.linkedin.com/legal/l/cookie-table.

The legal basis for this data processing is your consent in pursuance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device takes place on the basis of the ePrivacy Directive transposition laws of the EU member states, in Germany pursuant to § 25 para. 1 TTDSG.

When you visit our website while logged into LinkedIn, LinkedIn may link the information it collects to your member account and use it to target advertising for you. You may view your privacy settings on LinkedIn at the following link: https://www.linkedin.com/psettings/enhanced-advertising.

We have established an order processing agreement with LinkedIn. The data generated in this context may be transmitted by LinkedIn to a server in the USA and stored there. In case personal data is transferred to the USA or other third countries, we have established standard contractual clauses with LinkedIn (Implementing Decision (EU) 2021/914, Module 2) pursuant to Art. 46 (2) lit. c GDPR. Moreover, we also obtain your express consent for the transfer of your data to third countries in pursuance with Art. 49 (1) lit. a GDPR.

For further information, please refer to the Privacy Policy of LinkedIn: https://www.linkedin.com/legal/privacy-policy.

Data Sharing

We will only share data we collect if there is a legal basis for doing so under data protection law in the specific case, particularly when:

  • you have given your express consent in pursuance with Art. 6 para. 1 p. 1 lit. a GDPR,
  • disclosure is necessary in accordance with Art. 6 (1) p. 1 lit. f GDPR for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in not having your data disclosed,
  • according to Art. 6 (1) P. 1 Lit. C GDPR, we are required by law to disclose data, especially if it’s required for legal enforcement or prosecution in response to official requests, court orders, or legal proceedings, or
  • this is legally permissible and necessary pursuant to Art. 6 para. 1 p. 1 lit. b GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures that take place at your request.

Part of the data processing may be undertaken by our service providers. This may include, but is not limited to, data centres storing our website and databases, IT service providers who maintain our system, and consulting firms, in addition to the service providers mentioned in this Privacy Policy. If we share data with our service providers, they are only permitted to use it to complete their tasks. The service providers were carefully selected and commissioned by us. They are contractually bound by our instructions and have implemented appropriate technical and organisational measures to protect the rights of the persons concerned and they are regularly monitored by us.

Furthermore, if necessary for prosecution or enforcement, data may be disclosed in connection with government investigations, court orders, and legal proceedings.

Data Transfer to Third Countries

We use services whose providers are located in “third countries” (countries outside the European Union or the European Economic Area), or process personal data there, as stated in this privacy statement, i.e. countries whose level of data protection does not compare to that of the European Union. We have taken the necessary precautions to guarantee an adequate level of data protection for any data transfers as far as this is the case and the European Commission has not issued an adequacy decision (Article 45 GDPR) for these countries. Among them are the necessary internal data protection rules or the European Union’s standard contract provisions.

If this is not possible, we base the data transfer on the exceptions listed in Art. 49 of the GDPR, specifically your explicit consent or the requirement of the transfer for pre-contractual or contractual measures.

It is possible and a risk that authorities in the relevant third country (such as intelligence services) may access the transferred data to collect and analyse it, and that the enforceability of your data subject rights cannot be guaranteed if a third-country transfer is allowed but no adequacy decision or appropriate safeguards are in place. When obtaining your consent via the cookie banner, you will also be notified of this.

Storage duration

In general, we keep personal data only for as long as is required to fulfil the contractual or legal obligations for which the data was collected. The data is then immediately deleted, unless we still require it for civil law evidence purposes, due to statutory retention requirements, or unless there is another legal basis under data protection law for the continued processing of your data in the specific individual case.

Contractual data must be kept for three years after the year in which our business relationship with you comes to an end for purposes of proof. The standard statutory limitation period shall run from this point forward, and any claims shall at the earliest become statute-barred.

Even after that, we still have to store some of your data for accounting reasons. Due to statutory documentation requirements imposed by the German Securities Trading Act, German Banking Act, German Fiscal Code, and German Money Laundering Act, we are obliged to do this. The time limits specified thereof for the retention of documents are two to ten years.

Your rights, particularly the ability to revoke and object

You are entitled to the data subject rights formulated in Art. 7 (3), Art. 15 – 21, Art. 77 GDPR at any time if the respective legal requirements are met:

  • Right to withdraw your consent (Art. 7 para. 3 GDPR);
  • Right to object to the processing of your personal data (Art. 21 GDPR);
  • Right to be notified of your personal data processed by us (Art. 15 GDPR);
  • Right to rectify your personal data stored by us that is incorrect (Art. 16 GDPR);
  • Right to have your personal data deleted (Art. 17 GDPR);
  • Right to restrict the processing of your personal data (Art. 18 GDPR);
  • Right to the portability of your personal data (Art. 20 GDPR);
  • Right to file a complaint with a supervisory authority (Art. 77 GDPR).

You can get in touch with us at any time using the contact details above to exercise the rights described. This also applies if you wish to have copies of guarantees demonstrating an adequate level of data security. Provided that the respective legal requirements are met, we shall comply with your data protection request.

Your requests for the exercise of your data protection rights and our responses to them will be kept on file for up to 3 years for document needs, and possibly even longer in some cases to establish, exercise, or defend legal claims. The legal basis is Art. 6 (1) lit. f GDPR, based on our interest in defending against any civil claims under Art. 82 GDPR, avoiding fines under Art. 83 GDPR and fulfilling our accountability obligations under Art. 5 (2) GDPR.

You have the right to revoke your consent at any time. This has the effect of preventing us from processing data in the future based on this consent. The lawfulness of the processing done on the basis of the consent up until the revocation is unaffected by the consent’s revocation.

You have the right to object to the processing of your data at any time for reasons specific to your situation if we process your data based on legitimate interests. You have a general right of objection, which we will also abide by if it refers to an objection to data processing for direct marketing purposes.

It is sufficient to send an informal message to the above contact information if you wish to exercise your right of revocation or objection.

Finally, you have the right to file a complaint with a supervisory authority for data protection. You could exercise this right, for instance, at a supervisory authority in the member state where you live, work, or where the alleged violation occurred. The responsible supervisory authority in Berlin, where our corporate headquarters are located, is: Berliner Beauftragte für Datenschutz und Informationsfreiheit (Berlin Commissioner for Data Protection and Freedom of Information), Friedrichstr. 219, 10969 Berlin.

Amendments to the Privacy Policy

This privacy statement may occasionally be updated, for instance, if we make changes to our website or if legal or regulatory requirements change.

Version: 2.0 / As of: August 2022