Data protection valid for all pages under the domain *.ibindo.at

Status 12/21/2021

1. data protection at a glance

General information
The following notices provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.

For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.
Data collection on this website
Data processing on this website is carried out by the website operator. You can find their contact details in the section “Information on the responsible office” in this data protection declaration.

How do we collect your data?
On the one hand, your data is collected by you providing it to us. This can be, for example, data that you enter in a contact form, or during registration as well as when using one of our services.
Other data is collected automatically or after your consent when you visit the website by our IT systems. This is mainly technical data (e.g. Internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.

What do we use your data for?
Part of the data is collected to ensure error-free provision of the website and our services. Other data may be used to analyze your user behavior if you have consented.
As well as for the passing on on the basis of a legal obligation to authorities, registration authorities, district administrative authorities, national police directorates, municipalities

What rights do you have regarding your data?
You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have a right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
You can contact us at any time with regard to this and other questions on the subject of data protection.

a. Nature and purpose of the processing

When registering to use our personalized services, some personal data is collected, such as name, address, contact and communication data (e.g. telephone number and e-mail address). If you are registered with us, you can access content and services that we offer only to registered users. Registered users also have the option, if necessary, to change or delete the data provided during registration at any time. In addition, we will of course provide you with information about the personal data we have stored about you at any time.

b. Legal basis of the processing

The processing of the data entered during registration is based on the user’s consent (Art. 6 para. 1 lit. a GDPR), to fulfill a contract (Art. 6 para. 1 lit. b GDPR), to fulfill a legal obligation (Art. 6 para. 1 lit. c GDPR), as well as to protect vital interests of the data subject or another natural person (Art. 6 para. 1 lit. d GDPR).

c. Data categories

Contact data for COVID-19 guest registration (phone number, e-mail address, last name, table number, time, date) | Contact data for digital guest registration form (name, address, gender, origin, length of stay, marital status, ID number, passport number, fellow travelers)

d. Receiver

Recipients of the data are internal employees of the management, sales, accounting. and, if applicable, contract processors Accommodation providers, interface providers, municipalities, registration authorities, district administrative authorities, provincial police directorates, municipalities. who act for either the operation and maintenance of our website, or in the context of service provision.

e. Storage periods

Data will only be processed in this context as long as there is a legal basis according to Art 6 Abs 1 ff GDPR. Afterwards, they will be deleted, provided that there are no legal storage obligations to the contrary. To contact us in this regard, please use the contact information provided at the beginning of this privacy policy.

f. Legal / contractual requirement

The provision of your personal data is in accordance with Art. 6 para 1 ff GDPR. Without the provision of your personal data, we cannot grant you access to our offered content and services.

g. Third country transfer

Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).

h. Revocation of consent

You can revoke your consent to the storage of your personal data at any time with effect for the future. You can notify us of your revocation at any time using the contact option provided at the beginning of this privacy notice.

i. Automated decision making and profiling

As a responsible company, we do not use automatic decision-making or profiling for this data processing.

a. Art und Zweck der Verarbeitung
Like many other websites, we also use so-called “cookies”.
Cookies are simple files that store information about our website and your usage. These small files are optionally created by your browser automatically through the use of our website and stored locally on your respective end device. This does not mean that we have thereby gained direct knowledge of your identity. The use of cookies serves to make the use of our offer more pleasant for you.

Therefore, we generally distinguish between technically necessary and non-necessary cookies:
You can find the storage period in the Cookie Consent Tool, which is displayed when you visit our website for the first time.

Technically necessary cookies (“first party cookies”)
are required for the operation of a website and are essential for navigating on it and using its functions. These cookies are not permanently stored on your computer or device and are deleted when you close the browser. These are so-called session cookies).

We use the following technically necessary cookies:
Cookiebot CookieConsent, Youtube Consent

Non-essential cookies, on the other hand, are mostly functional cookies, performance cookies, and marketing & third party cookies, which enable, for example, the use of the website. record and count the number of visitors and traffic sources, thus measuring and improving the performance of the website. They are also used to find out if certain pages are experiencing problems or errors, which pages are the most popular, and how visitors navigate the site.

b. Legal basis of the processing

The use of technically necessary cookies (“first party cookies”) is possible without the consent of the website visitor and is subject to a legitimate interest in the economic operation and optimization of our website and services) within the meaning of Art. 6 para. 1 S. 1 lit. f GDPR.

The use of non-essential cookies, such as functional cookies, performance cookies and marketing & third party cookies is subject to the consent of the website visitor pursuant to Art. 6 para. 1 S. 1 lit. a GDPR.

c. Data categories
• IP address
• Browser used
• Operating system used
• Internet connection
• Session ID of the cookie

d. Receiver
• YOUTUBE

e. Storage periods
The user can set his web browser in such a way that the storage of cookies on his end device is generally prevented or he is asked each time whether he agrees to the setting of cookies. Once cookies have been set, the user can delete them at any time. How the whole thing works is described in the help function of the respective web browser.
A general deactivation of cookies may lead to functional restrictions of this website.

f. Legal / contractual requirement
The provision of your personal data in cookies is voluntary in the case of cookies that are not necessary, solely on the basis of your consent (so-called opt-in cookies). You can also prevent the use of preset, technically necessary cookies (so-called opt-out cookies) via your browser settings. However, without the consent, the service and functionality of our website is not guaranteed. In addition, individual services may be unavailable or limited.

g. Third country transfer
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).

h. Revocation of consent
You can revoke the consent of all cookies at any time with effect for the future in your browser settings.

i. Automated decision making and profiling
As a responsible company, we do not use automatic decision-making or profiling when collecting cookies.
When visiting this website, your surfing behavior can be statistically analyzed. This is done mainly with so-called analysis programs.
Detailed information about these analysis programs can be found in the following privacy policy.

Hosting
We host our website with GDPR-compliant providers within the EU.
For details, please refer to the contract on commissioned processing (AVV) according to Art. 28 EU-GDPR.
The use is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is presented as reliably as possible. If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
• Browser type and version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

This data is not merged with other data sources.
The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be recorded.

Job processing

We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Data protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how this is done and for what purpose.
We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of the data against access by third parties is not possible.

Note on the responsible body
The responsible party for data processing on this website is:
ibindo gmbH
Hauptstr. 101
A-2123 Hautzendorf
Legal form: limited liability company
Company register number: FN 560840 s
Phone: +43 0677/63696352
E-Mail: datenschutz@ibindo.at

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Storage duration
Unless a more specific storage period has been specified within this data protection declaration, your personal data will remain with us until the purpose for the data processing no longer applies.

Storage duration Digital guest registration form
The storage period of personal data for the “Digital guest registration form” is based on Section 19 (5) of the Registration Act Implementing Ordinance and is 7 years, with the period beginning: from the last entry.

Storage duration COVID19 Guest registration
The storage period of personal data for the “COVID 19 guest registration” is subject to § 5c Abs 3 Epidemic Act 1950, BGBl Nr.
186/1950 idgF iVm § 17 COVID-19-Öffnungsverordnung, BGBl II Nr. 214/2021 and is based on 28 days.

Probbill storage duration

The storage period of personal data for the “Probbill” is based on the 132 BAO and is 7 years,
If you assert a justified request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted after these reasons no longer apply.

Data Protection Officer
We have appointed a data protection officer for our company.

DPO Consult GmbH
Karl Pusch
Am Eisernen Tor 2/III
A-8010 Graz
Phone: 0800 22 44 88
E-Mail: dpo@dpo.at

If, in the course of our processing, we disclose data to other persons and companies (order processors, jointly responsible persons or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract), users have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using interface providers, accommodation providers, authorities, municipalities,, etc.). Translated with www.DeepL.com/Translator (free version)

If we disclose or transfer data to other companies in our group of companies or otherwise grant them access, this is done in particular for administrative purposes as a legitimate interest and, in addition, on a basis that complies with the legal requirements.

The following organizations, companies, authorities or persons have been commissioned by the operator of this website to process data:
Processors within the EU / EEA:

Accommodation providers, interface providers.

Processors outside the EU / EEA:
Service provider of the web services.

Note on data transfer to the USA and other third countries
Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. When these tools are active, your personal data may be transferred to and processed in these third countries. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, U.S. companies are obligated to release personal data to security authorities without you, the data subject, being able to take legal action against this. It can therefore not be ruled out that U.S. authorities (e.g. intelligence agencies) process, evaluate and permanently store your data located on U.S. servers for surveillance purposes. We have no influence on these processing activities.

Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke an already given consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Every data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR, to object to it. This also applies to profiling based on these provisions.
The controller shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defense of legal claims. If the controller processes personal data for the purposes of direct marketing, the data subject shall have the right to object at any time to processing of personal data for such marketing. This also applies to profiling, insofar as it is associated with such direct advertising. If the data subject objects to the controller to the processing for direct marketing purposes, the controller will no longer process the personal data for these purposes.
In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her which is carried out by the controller for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the Data Protection Act. 1 GDPR, unless such processing is necessary for the performance of a task carried out in the public interest. In order to exercise the right to object, the data subject may contact us at any time via the contact option indicated at the beginning of this privacy policy.
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
Every data subject has the right to receive personal data concerning him or her, which has been provided by the data subject to a controller, in a structured, commonly used and machine-readable format. He/she also has the right to transmit this data to another controller without hindrance by the current controller to whom the personal data was provided, provided that the processing is based on consent in accordance with Art. 6 (2). 1 letter a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1(b) of the GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, when exercising his or her right to data portability pursuant to Art. 20 para. 1 GDPR the right to obtain that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible and insofar as this does not adversely affect the rights and freedoms of other persons. In order to assert the right to data portability, the data subject may at any time contact us using the contact details provided at the beginning of this privacy policy.
Every data subject has the right to demand that our company immediately correct any inaccurate personal data concerning them. Furthermore, the data subject has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data – also by means of a supplementary declaration.

If a data subject wishes to exercise this right of access, he or she may contact us at any time using the contact details provided at the beginning of this privacy policy.

Every data subject has a right of access to the personal data concerning him or her. The right to information extends to all data processed by us. The right can be exercised easily and at regular intervals so that all data subjects are always aware of the processing of their personal data and can verify its lawfulness (see recital 63 GDPR). The right to information includes in particular the following information:
• The purpose of processing
• The data categories
• The recipients / categories of recipients, in particular recipients of international organizations or third countries; if a third country is involved, the data subject shall furthermore have the right to obtain information on the appropriate safeguards in connection with the transfer.
• If possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
• All available information about the origin of the data, if the personal data are not collected from the data subject
• Any available information on the existence of automated decision making including profiling pursuant to Art. 22 para. 1 and 4 GDPR

• The existence of a right to
o Correction or
o erasure of the personal data concerning them, or
o to restriction of processing by the controller or
o a right to object to such processing, and
o the existence of a right of appeal to a supervisory authority
If a data subject wishes to exercise this right of access, he or she may contact us at any time using the contact details provided at the beginning of this privacy policy.
Any data subject has the right to obtain from the controller the restriction of processing if one of the following conditions is met:
• The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
• The processing is unlawful, the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data.
• The controller no longer needs the personal data for the purposes of processing, but the data subject needs it for the assertion, exercise or defense of legal claims.
• The data subject has objected to the processing pursuant to. Art. 21 Abs. 1 GDPR and it is not yet clear whether the legitimate grounds of the controller outweigh those of the data subject.
If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of personal data stored by the controller, he or she may, at any time, contact the controller via the contact details provided at the beginning of this data protection information. The controller will arrange the restriction of the processing.

3. Social Media

Use of LinkedIn plugins

a. Nature and purpose of the processing
Social plugins from LinkedIn are used on our website. You can recognize the plugins by the fact that they are marked with the corresponding logo.
Via these plugins, information, which may also include personal data, may be sent to LinkedIn and possibly used by it. We prevent the unconscious and unintentional collection and transmission of data to LinkedIn through a so-called Shariff solution. Only the click on the plugin also triggers the collection of information and its transmission to LinkedIn. We do not collect any personal data ourselves by means of the social plugins or via their use.
We have no influence on what data an activated plugin collects and how it is used by LinkedIn. Currently, it must be assumed that a direct connection to LinkedIn’s services is established and that at least the IP address and device-related information is collected and used. There is also the possibility that LinkedIn attempts to store cookies on the computer used.

b. Legal basis of the processing
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the functionality of our website.
c. Data categories
Please refer to LinkedIn’s privacy policy to find out which specific data is collected and how it is used:
LinkedIn: https://www.linkedin.com/legal/privacy-policy

d. Receiver

• Employees of the IT department of the own company
• LinkedIn
e. Storage periods
The data collected directly by us via the social media plugins will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions – esp. retention periods – remain unaffected.
We have no influence on the storage period of your data, which is stored by LinkedIn for its own purposes. For details, please check directly with LinkedIn (e.g., in their privacy policy, see above).
f. Legal / contractual requirement
The provision of your personal data is voluntary. Without the provision of your personal data, we cannot grant you access to our offered content and services.
g. Third country transfer
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).

h. Revocation of consent
You can revoke your consent to the storage of your personal data at any time with effect for the future. You can notify us of your revocation at any time using the contact option provided at the beginning of this privacy notice.
i. Automated decision making and profiling
As a responsible company, we do not use automatic decision-making or profiling for this data processing.

4. analysis tools and advertising

Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics allows the website operator to analyze the behavior of website visitors. In this context, the website operator receives various usage data, such as page impressions, duration of visit, operating systems used and origin of the user. This data may be summarized by Google in a profile that is assigned to the respective user or their end device.
Furthermore, we may use Google Analytics to record your mouse and scroll movements and clicks, among other things. Further, Google Analytics uses various modeling approaches to augment the data sets it collects and employs machine learning technologies in its data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its web offering and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
IP anonymization
We have activated the IP anonymization function on this website. As a result, your IP address is shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.
Browser Plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
For more information on how Google Analytics handles user data, please see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Job processing
We have concluded an order processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographic characteristics in Google Analytics
This website uses the “demographic characteristics” function of Google Analytics to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be generated that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item “Objection to data collection”.

Google Analytics E-Commerce-Tracking
This website uses the “e-commerce tracking” function of Google Analytics. E-commerce tracking allows the website operator to analyze the buying behavior of website visitors to improve its online marketing campaigns. Here, information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data can be summarized by Google under a transaction ID, which is assigned to the respective user or his device.
Storage duration
Data stored at Google at user and event level that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized or deleted after 2 months. Details can be found under the following link: https://support.google.com/analytics/answer/7667196?hl=de

WordPress statistics
This website uses “WordPress Statistics” to statistically analyze visitor traffic. Provider is Automattic Inc, 60 29th Street #343, San Francisco, CA 94110-4929, USA.
WordPress Statistics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). WordPress Statistics collects log files for analysis (referrer, IP address, browser, etc.), the origin of website visitors (country, city) and what actions they have taken on the page (e.g. clicks, views, downloads). The information collected in this way about the use of this website is stored on servers in the USA. Your IP address is anonymized after processing and before storage.
The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads allows us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be played on the basis of the user data available at Google (e.g. location data and interests) (target group targeting). As a website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many ads resulted in corresponding clicks.
The use of Google Ads is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in marketing its service products as effectively as possible.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

Google AdSense (not personalized)
This website uses Google AdSense, a service for embedding advertisements. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use Google AdSense in “non-personalized” mode. Unlike the personalized mode, the ads are therefore not based on your previous user behavior and no user profile of you is created. Instead, so-called “contextual information” is used to select advertising. The selected ads are then based, for example, on your location, the content of the website you are on or your current search terms. To learn more about the differences between personalized and non-personalized targeting with Google AdSense, visit: https://support.google.com/adsense/answer/9007336.
Please note that cookies or comparable recognition technologies (e.g. device fingerprinting) may also be used when using Google Adsense in non-personalized mode. These are used to combat fraud and abuse, according to Google.
The use of AdSense is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in marketing his website as effectively as possible. If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in: https://adssettings.google.com/authenticated.
You can find more information about Google’s advertising technologies here: https://policies.google.com/technologies/ads and https://www.google.de/intl/de/policies/privacy/.

LinkedIn Insight Tag
This website uses the Insight tag from LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Data processing by LinkedIn Insight Tag
With the help of the LinkedIn Insight Tag, we receive information about visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyze the key professional data (e.g., career level, company size, country, location, industry, and job title) of our website visitors and thus better tailor our site to the respective target groups. Furthermore, we can use LinkedIn Insight Tags to measure whether visitors to our websites make a purchase or take any other action (conversion measurement). Conversion measurement can also be performed across devices (e.g. from PC to tablet). LinkedIn Insight Tag also provides a retargeting feature that allows us to display targeted off-site advertising to visitors to our website, which LinkedIn states does not identify the ad recipient.
LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser properties and time of access). IP addresses are shortened or (if used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days.
The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the collected personal data of the website visitors on its servers in the USA and use them in the context of its own advertising measures. For details, see LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.
Legal basis
The use of LinkedIn Insight is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in effective advertising measures including social media. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
Objection to the use of LinkedIn Insight Tag
Object to the analysis of usage behavior as well as targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in the account settings. To avoid a link between data collected on our website by LinkedIn and your LinkedIn account, you must log out of your LinkedIn account before visiting our website.
Job processing
We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

5. Newsletter

Newsletter data
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you provide us with for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has expired. We reserve the right to remove e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to delete or block.
After you have unsubscribed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

6. Plugins and Tools

Google Web Fonts (local hosting)This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. A connection to Google servers does not take place.
For more information about Google Web Fonts, please visit https://developers.google.com/fonts/faq and see Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Calendly
On our website you have the possibility to make appointments with us. For booking appointments we use the tool “Calendly”. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter “Calendly”).

For the purpose of booking an appointment, enter the requested data and the desired date in the mask provided. The data entered will be used for the planning, execution and, if necessary, follow-up of the appointment. The appointment data is stored for us on the servers of Calendly, whose privacy policy you can view here: https://calendly.com/de/pages/privacy.

The data you enter will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Mandatory legal provisions – in particular retention periods – remain unaffected.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in making it as uncomplicated as possible to arrange appointments with interested parties and customers. If consent has been requested, Art. 6 para. 1 lit. a GDPR is the legal basis for the data processing; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://calendly.com/pages/dpa.

Job processing
We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Hubspot CRM
We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter Hubspot CRM).

Among other things, Hubspot CRM allows us to manage existing and potential customers as well as customer contacts. With the help of Hubspot CRM, we are able to capture, sort and analyze customer interactions via email, social media or phone across different channels. The personal data collected in this way can be evaluated and used for communication with the potential customer or for marketing measures (e.g. newsletter mailings). With Hubspot CRM, we are also able to record and analyze the user behavior of our contacts on our website.

The use of Hubspot CRM is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the most efficient customer management and customer communication possible. If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

For details, see Hubspot’s privacy policy: https://legal.hubspot.com/de/privacy-policy.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.hubspot.de/data-privacy/privacy-shield.
OneDrive
We have integrated OneDrive. Provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter “OneDrive”).
OneDrive allows us to include an upload area. The use of OneDrive is based on Art. 6 para. 1 lit. f GDPR.

7. eCommerce and payment providers

Processing of data (customer and contract data)
We collect, process and use personal data only to the extent that they are necessary for the establishment, content or modification of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill the user.
The collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.
Data transfer upon conclusion of a contract for services and digital content
We transmit personal data to third parties only if this is necessary for the processing of the contract, for example, to the credit institution entrusted with the processing of payments.
A further transmission of the data does not take place or only if you have expressly agreed to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
The basis for the data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

Payment services
We include third-party payment services on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, account details, credit card number) will be processed by the payment service provider for the purpose of payment processing. The respective contractual and data protection provisions of the respective providers apply to these transactions. The use of payment service providers is based on Art. 6 para. 1 lit. b GDPR (contract processing) and in the interest of a smooth, convenient and secure payment process (Art. 6 para. 1 lit. f GDPR). Insofar as your consent is requested for certain actions, Art. 6 para. 1 lit. a GDPR Legal basis for data processing; consents can be revoked at any time for the future.
We use the following payment services / payment service providers within the scope of this website:
Stripe
The provider for customers within the EU is Stripe Payments Europe, Ltd.,1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter “Stripe”).
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://stripe.com/de/privacy und https://stripe.com/de/guides/general-data-protection-regulation.
You can read details about this in Stripe’s privacy policy at the following link: https://stripe.com/de/privacy.
Klarna
The Provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). Klarna offers various payment options (e.g. installment purchase). If you choose to pay with Klarna (Klarna checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimize the use of the Klarna checkout solution. For details on the use of Klarna cookies, please refer to the following link: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.
You can read details about this in Klarna’s privacy policy at the following link: https://www.klarna.com/de/datenschutz/.
Sofort­überweisung
The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “Sofort GmbH”). With the help of the “Sofortüberweisung” procedure, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin to fulfill our obligations. If you have chosen the payment method “Sofortüberweisung”, you transmit the PIN and a valid TAN to Sofort GmbH, with which they can log into your online banking account. Sofort GmbH automatically checks your account balance after logging in and carries out the transfer to us using the TAN you provided. It then immediately sends us a transaction confirmation. After logging in, your turnover, the credit line of the overdraft facility and the existence of other accounts and their balances are also checked automatically. In addition to the PIN and the TAN, the payment data you enter as well as data about yourself are also transmitted to Sofort GmbH. Your personal data is your first and last name, address, telephone number(s), e-mail address, IP address and, if necessary, other data required for payment processing. The transmission of this data is necessary to establish your identity beyond doubt and to prevent fraud attempts. Details about the payment with Sofortüberweisung can be found in the following links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.

8. audio and video conferencing

Data processing
Among other things, we use online conferencing tools to communicate with our customers. The tools we use in detail are listed below. When you communicate with us via video or audio conferencing over the Internet, your personal data is collected and processed by us and the provider of the respective conferencing tool.
In doing so, the conference tools collect any data you provide/enter to use the tools (email address and/or your phone number). In doing so, the conference tools collect any data you provide/enter to use the tools (email address and/or your phone number).
Furthermore, the provider of the tool processes all technical data required for the handling of online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and connection type.
If content is exchanged, uploaded or otherwise made available within the tool, this is also stored on the servers of the tool providers. Such content specifically includes cloud recordings, chat/instant messages, voicemails uploaded photos and videos, files, whiteboards, and other information shared while using the Service.
Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the corporate policy of the respective provider. For further information on data processing by the conference tools, please refer to the privacy statements of the respective tools used, which we have listed below this text.
Purpose and legal basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Insofar as consent has been requested, the tools in question are used on the basis of this consent; consent can be revoked at any time with effect for the future.
Storage duration
The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory statutory retention periods remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.
Conference tools used
We use the following conferencing tools:
TeamViewer

We use TeamViewer. The provider is TeamViewer Germany GmbH, Jahnstr. 30, 73037 Göppingen. For details on data processing, please refer to TeamViewer’s privacy policy: https://www.teamviewer.com/de/datenschutzerklaerung/.
Job processing
We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
Microsoft Teams

We use Microsoft Teams. Provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. For details on data processing, see the Microsoft Teams privacy policy: https://privacy.microsoft.com/de-de/privacystatement.
Job processing
We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.