Privacy Policy

Any collection, use, storage, deletion, or other processing (hereinafter “processing”) of data is intended solely for the purpose of providing our services. Our services have been designed with the aim of using as little personal data as possible. In this context, “personal data” (hereinafter also referred to as “data”) refers to any information relating to the personal or factual circumstances of an identified or identifiable natural person (the so-called “data subject”).

The following information on data protection describes what types of personal data are processed when you visit our website, what happens to this personal data, and how you can object to the processing of your data if necessary.

1 General Information on Data Processing on This Website

1.1 Data Controller

The controller within the meaning of the EU General Data Protection Regulation (GDPR) is:

Hotel Heidegrund, MOA & Heidegrund Betriebs GmbH & Co. KG

Address: Drei-Brücken-Weg 10, 49681 Garrel

Phone: 04495 890

Email: info@heidegrund.de

Homepage: https://heidegrund.de/

1.2 Data Protection Officer

The Data Protection Officer is:

Alexander Hönsch of WS Datenschutz GmbH

If you have any questions regarding data protection, you can contact WS Datenschutz GmbH at the following email address: moagroup@ws-datenschutz.de

WS Datenschutz, LLC

51 Dircksenstraße

Berlin, D-10178

https://webersohnundscholtz.de

1.3 Protection of Your Data

We have implemented technical and organizational measures to ensure that both we and the third-party service providers working on our behalf comply with the provisions of the GDPR.

When we collaborate with other companies, such as email and server providers, to provide our services, we do so only after a thorough selection process. During this selection process, each individual service provider is carefully evaluated for its suitability in terms of technical and organizational capabilities regarding data protection. This selection process is documented in writing, and a contract pursuant to Article 28(3) of the GDPR regarding the processing of personal data on our behalf (Data Processing Agreement) is concluded only if it meets the requirements of Article 28 of the GDPR.

Your information is stored on specially secured servers. Access to this information is restricted to a small number of specially authorized individuals.

Our website is SSL/TLS-encrypted, as indicated by the “https://” at the beginning of the URL. Whenever personal data is involved in email communication, emails sent from our end are encrypted. We also use the integrated SSL certificate for this purpose.

1.4 Deletion of Personal Data
We process personal data only for as long as necessary. Once the purpose of data processing has been fulfilled, the data is blocked and deleted in accordance with the standards of our deletion policy, unless legal requirements preclude deletion.

2 Data processing on this website and the creation of log files

2.1 Description and Scope of Data Processing

When you visit our website, our web servers temporarily log each visit in a log file. The following personal data is collected and stored until it is automatically deleted:

IP address of the requesting computer
Date and time of access
Name and URL of the retrieved file
Notification indicating whether the retrieval was successful

In addition to this personal data, we and our partners may collect additional personal data; see below for more details.

2.2 Legal Basis for Data Processing

This data is processed on the basis of Article 6(1)(f) of the GDPR. Our legitimate interest is based on making our website available to you.

2.3 Purpose of Data Processing

Data processing is carried out for the purpose of enabling the use of the website (establishing a connection). It serves to ensure system security, facilitate the technical administration of the network infrastructure, and optimize the website. The IP address is analyzed only in the event of attacks on our network infrastructure or that of our internet service provider.

2.4 Duration of Data Storage

Personal data will be deleted as soon as it is no longer needed for the purposes mentioned above. This occurs when you close the website. Our hosting provider may use the data for statistical purposes. However, the data is anonymized for this purpose. Our hosting provider deletes the data after 7 days.

2.5 Option for the data subject to delete the data

The website can only be displayed if the data described is processed. If you wish to object to the continued processing of your data, please contact our data protection officer or the hosting provider.

2.6 Hosting Service Provider hosting.de GmbH

Our website uses hosting.de for web hosting. As with most websites, certain information is automatically collected and stored in log files.

To collect this information, a cookie is placed on your computer or device.

For more information about data protection at hosting.de, please refer to the privacy policy at the following link: https://www.hosting.de/ueber-uns/datenschutz/

Duration of data storage

The data will be deleted unless there are regulatory, contractual, or legal requirements that prevent its deletion.

Option for the data subject to opt out

If you wish to access, correct, update, or request the deletion of your personal data, you can do so at any time by sending an email to datenschutz@hosting.de .

In addition, you may object to the processing of your personal data, request that we restrict the processing of your personal data, or request the portability of your personal data. You can also exercise these rights here by sending an email to datenschutz@hosting.de.

2.7 Information about hellohotel hosting:

Amazon Web Services (AWS) Germany GmbH

38 Krausen Street

10117 Berlin

Germany

The Amazon Web Services servers used to store the data are located in Frankfurt am Main, within the territory of the Federal Republic of Germany, and are subject to the data protection laws of both national and European authorities. Amazon Web Services also handles your data in accordance with the relevant legal provisions. The Amazon Web Services Privacy Policy can be accessed via the following link: https://aws.amazon.com/de/privacy/

3 Use of Cookies

3.1 Description and Scope of Data Processing

Our website uses cookies. These are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and associated with the browser you are using, and through which certain information is transmitted to us or to the entity that sets the cookie. Cookies cannot execute programs or transmit viruses to your computer. We use them to enable you to log in, as well as to analyze the use of our website in an anonymized or pseudonymized form and to present you with interesting offers on this website. In this way, various types of data may be transmitted:

Frequency of website visits
Which features of the website you use
Search terms used
Your cookie settings
Your language setting
Your shopping cart contents

When you visit the website, a cookie banner informs you about the use of cookies and directs you to the privacy policy.

3.2 Legal Basis for Data Processing

The legal basis for the processing of data through cookies that do not serve solely to ensure the functionality of our website is Article 6(1)(a) of the GDPR.

The legal basis for processing data related to cookies that are used solely to ensure the functionality of this website is Article 6(1)(f) of the GDPR.

3.3 Purpose of Data Processing

Our legitimate interest stems from the need to ensure a smooth connection and a user-friendly experience on our website, as well as from the need to assess system security and stability. Data processing also takes place to enable statistical analysis of website usage.

3.4 Duration of Data Storage

There are two types of cookies. Both are used on this website:

Transient cookies (see a)
Persistent cookies (see b)

a) Transient cookies are automatically deleted when you close your browser. These include, in particular, session cookies. These cookies store a so-called session ID, which allows various requests from your browser to be associated with the same session. This enables your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.

b) Persistent cookies, which are automatically deleted after a specified period of time, which may vary depending on the cookie.

3.5 Option for the data subject to delete the data

You may withdraw your consent to the processing of data via cookies—which are not solely used to ensure the website’s functionality—at any time. Furthermore, we do not set cookies until you have consented to their use when you visit the site. This allows you to prevent data processing via cookies on our website.

You can also delete cookies at any time in your browser’s security settings. Please note that you may not be able to use all features of this website. You can also prevent cookies from being set at any time by adjusting the settings in your web browser.

3.6 Borlabs

Borlabs is responsible for the practical implementation of the GDPR and other data protection laws regarding the use of cookies on our website and the integration of analytics tools based on your consent. If you give your consent via the cookie banner, the following data will be processed:

Your IP address
Details of Your Consent
URL of the consent webpage
Date and time of consent
Date and time of the last page view

This data is processed on the basis of Article 6(1)(c) of the GDPR.

Data processing is carried out by: Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany.

For more information about data processing, please visit: https://de.borlabs.io/datenschutz/

3.6.1 Duration of data storage

The data will be stored only for as long as is necessary for the review, unless legal requirements mandate a longer retention period. Borlabs will delete your consent after 365 days.

3.6.2 Options for removal by the affected person

You can revoke the consent you provided via our Borlabs consent banner by deleting the corresponding cookie named "borlabs-cookie."

4 Contact

4.1 Description and Scope of Data Processing

You can contact us via our website by email or through the contact form. To do so, certain information is required to respond to your inquiry, and this information is automatically stored for processing purposes. The following information is collected via the contact form (marked as required fields):

Email address
First and last name (optional)

4.2 Legal Basis for Data Processing

The legal basis used here is Article 6(1)(b) of the GDPR.

4.3 Purpose of Data Processing

We process your data solely for the purpose of handling your contact request.

4.4 Duration of Data Storage

We will delete your data as soon as the purpose of the data processing has been fulfilled, which is usually immediately after we have responded to your inquiry. In rare cases, however, we may retain your data for a longer period of time. This may be required by legal, regulatory, or contractual obligations.

4.5 Option for the data subject to delete the data

You may contact us at any time to object to the further processing of your data. In that case, we will unfortunately be unable to continue communicating with you. All personal data processed by us in connection with your inquiry will be deleted in this instance, unless legal obligations to retain your data prevent such deletion.

4.6 Digital Ocean

Our website uses Digital Ocean as its email provider. For more information about Digital Ocean’s privacy practices, please refer to their privacy policy at the following link: https://www.digitalocean.com/legal/privacy-policy/

Duration of data storage

The data will be deleted unless there are regulatory, contractual, or legal requirements that prevent its deletion.

Option for the data subject to opt out

You may contact us at any time to object to the further processing of your data.

5 Data Processing in Connection with Job Applications

5.1 Description and Scope of Data Processing

Through our website, you can apply via an application portal (Personio) or a contact form (https://heidegrund.de/karriere), and via email (karriere@heidgrund.de, jobs@heidegrund.de). For this purpose, personal data is processed and stored for further processing as part of the respective application process. If an application form is used, we process the following data:

Contact Information
Address information
Information from the resume

5.2 Legal Basis for Data Processing

The legal basis for data processing is Article 88 of the GDPR and Section 26 of the BDSG.

5.3 Purpose of Data Processing

We process your data solely for the purpose of conducting the application process.

5.4 Duration of Data Storage

If the application results in an employment relationship, the personal data will be stored in accordance with applicable legal requirements. If the application is not considered in the selection of a potential candidate, it will be deleted in accordance with the rules of our data retention policy, taking into account the provisions of the General Equal Treatment Act (AGG), in particular the existing burden of proof under Section 22 of the AGG.

This does not apply if legal provisions prevent the deletion of your data or if you have given your consent to its continued storage. In such cases, the continued storage of your personal data is based on Article 6(1)(c) or (a) of the GDPR.

5.5 Option for the data subject to delete the data

You may contact us at any time to object to the further processing of your data. In this case, all personal data processed by us during the application process will be deleted, unless mandatory legal provisions prevent such deletion.

5.6 Personio

We use the HR software Personio, a product of Personio SE & Co. KG, Rundfunkplatz 4, 80335 Munich, to manage job applications. Personio provides the technical platform for the application process.

Duration of data storage

Once the application process is complete, your data will be deleted no later than 6 months after the selection process ends, unless there is a legal obligation to retain it or you have consented to its longer retention.

Option for the data subject to opt out

You have the right to access, rectify, erase, restrict processing, data portability, and object. You also have the right to withdraw your consent at any time with future effect:

6 Newsletter

6.1 Description and Scope of Data Processing

On our website, we offer the option to subscribe to our newsletter. When you subscribe to the newsletter, you will be asked to provide personal data for processing. This refers to the data requested in the newsletter subscription form. Fields marked with an “*” are required fields:

First name
Last name
Email address

These required fields are necessary so that we can send you the newsletter.

The newsletter is sent via email. You will only receive the newsletter after you have subscribed to it. To comply with GDPR requirements, we use the so-called “double opt-in” procedure. If you subscribe to our newsletter, you will receive a confirmation email at the email address you provided in the input field. This email contains a confirmation link that you must click. Once you have completed this process, you will have successfully subscribed to the newsletter. To carry out this process, your IP address, as well as the date and time of your registration, will be stored. This is done to prevent misuse. Under no circumstances will this data be shared with third parties.

6.2 Legal Basis for Data Processing

The legal basis for data processing is your consent pursuant to Article 6(1)(a) of the GDPR. Existing customers who have not given their explicit consent may receive newsletters from us. However, this is done only within the strict limits of Section 7(3) of the German Unfair Competition Act (UWG), which, in light of Article 95 of the GDPR, is to be understood as mirroring Article 6(1)(f) of the GDPR. Our legitimate interest lies in informing our existing customers about our products via promotional emails and thereby maintaining contact with these customers.

6.3 Purpose of Data Processing

The purpose of the newsletter is to keep you informed about our offers and news on a regular basis.

6.4 Duration of Data Storage

We process your data only for as long as is necessary to fulfill the purpose for which it was collected, provided that no legal or regulatory retention requirements prevent its deletion.

6.5 Option for the data subject to delete the data

You may withdraw your consent to the processing of personal data in connection with your newsletter subscription at any time. To do so, you can click the unsubscribe link included in every newsletter or notify us of your withdrawal of consent in another manner.

6.6 Amadeus Shipping Service Provider

We use the HR software Personio, a product of Personio SE & Co. KG, Rundfunkplatz 4, 80335 Munich, to manage job applications. Personio provides the technical platform for the application process.

6.6.1 Description and Scope of Data Processing

The newsletter is sent via “Amadeus,” an online marketing platform. Data processing is carried out by: Amadeus IT Group, Hesse, Germany.

The email addresses of our newsletter subscribers, as well as any other data described in this notice, are stored on Amadeus’s servers in the EU. Amadeus uses this information to send and analyze the newsletters on our behalf. Amadeus does not use the data of our newsletter subscribers and does not share it with third parties. The newsletters contain a so-called “web beacon,” i.e., a pixel-sized file that is retrieved from the Amadeus server when the newsletter is opened. During this retrieval, information such as details about your system, your IP address, and the time of retrieval is collected. The statistical data collected also includes whether the newsletters are opened, how often they are opened, and which links are clicked. For technical reasons, this information can be traced back to individual newsletter recipients. However, it is neither our intention nor that of Amadeus to monitor individual users. We rely on the reliability and IT and data security of Amadeus.

6.6.2 Legal basis for data processing

Amadeus processes your data based on our legitimate interest in the effective and secure delivery of the newsletter to you, in accordance with Article 6(1)(f) of the GDPR.

6.6.3 Purpose of Data Processing

We use Amadeus as our shipping provider to ensure effective address management and to stay in touch with you via our newsletter.

6.6.4 Duration of data storage

According to Amadeus, Amadeus stores your personal data only for as long as we use it to send you the newsletter. Amadeus deletes your data 30 days after we remove you from our mailing list or close your account there.

6.6.5 Option for the data subject to delete the data

You may object to the processing of your data by Amadeus. We will then review your substantiated objection and inform you whether and why we will continue to process your data. In addition, you may at any time use the “opt-out” link at the bottom of every email, which will result in us deleting your email address from our mailing list, meaning that Amadeus will also cease processing your personal data. However, this does not affect mailing lists that Amadeus manages on behalf of other clients.

7 Social media links

We have integrated social media platforms into our services via links, which may result in the social media providers receiving data from you. If you click on a social media link, you will be redirected to the website of the respective social media provider. When you access the website of the respective social media provider through our services, the relevant reference data is transmitted to that provider. This informs the social media provider that you have visited us.

Note regarding data processing in the United States:

If you click on a social media link, your data may be processed by the respective provider in the United States. According to the European Court of Justice, data protection standards in the U.S. are inadequate, and there is a risk that your data may be processed by U.S. authorities for surveillance and monitoring purposes, potentially without any legal recourse. Unless you click on the links provided by social media providers, no data will be transferred.

For more information on data processing by social media providers, please click here:

Meta:

Instagram:

https://help.instagram.com/155833707900388 https://www.instagram.com/about/legal/privacy/

LinkedIn:

https://www.linkedin.com/legal/privacy-policy

8 Social Media Plugins

We have integrated social media platforms into our website using so-called “social plugins,” which may result in the social media providers receiving data from you. We have detailed this information for you below.

8.1 Smash Balloon Instagram

In addition, we use the privacy-secure “Smash Balloon Instagram” buttons on our website. “Smash Balloon Instagram” was developed to enhance privacy on the internet by replacing the standard “Share” buttons of social networks with ones that only begin transmitting the data listed below after a deliberate click. For more information on how “Smash Balloon Instagram” works, please visit:https://smashballoon.com/privacy-policy/

8.2 Instagram

8.2.1 Description and Scope of Data Processing

We have integrated Instagram services into this website. The entity jointly responsible with us for data processing is: Instagram LLC, 1 Hacker Way, Building 14, First Floor, Menlo Park, CA, USA, a product of Meta Platforms Ireland Limited, 1 Hacker Way, Menlo Park, CA 94025, USA.

If you click on the Instagram button, you will be redirected to Instagram’s website. When you access Instagram’s website via our website, we will transmit your relevant user data to Instagram. As a result, Instagram receives the information that you have visited our website. If you are logged into an Instagram account at the same time you visit our website, Instagram receives additional information, such as which pages you visited on our website. Instagram collects this information, so it is theoretically possible to associate this information with your Instagram account. For further information on data protection, please refer to Instagram’s privacy policy below: https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/

8.2.2 Legal basis for data processing

The processing of your data is based on your consent in accordance with Article 6(1)(a) of the GDPR.

8.2.3 Purpose of Data Processing

We use social media to raise awareness of our company. We also want to give you the opportunity to interact with social media through our website.

8.2.4 Duration of data storage

According to Meta, data processed by plugins is deleted after 90 days. Once the 90-day period has expired, the data is anonymized so that it can no longer be linked to you. To the best of our knowledge, this also applies to data processed by Instagram plugins.

8.2.5 Option for the data subject to delete the data

You may withdraw your consent to data processing at any time. To do so, please contact our Data Protection Officer. To prevent Instagram from processing your data, you can log out of Instagram before visiting our website and delete all cookies from your browser history. Additional settings and objections to the use of data for advertising purposes can be configured within your Instagram profile settings or via Instagram’s U.S. or EU websites. These settings apply across all platforms, meaning they are applied to all devices, such as desktop computers or mobile devices.

9 Trackers & Analytics Tools

To continuously improve our website, we use the following analytics tools. Below, you can find out what data is processed in each case and how to contact the respective service providers:

9.1 Google Analytics

9.1.1 Description and Scope of Data Processing

Our website uses Google Analytics 4.0. This is a web analytics service provided by Google LLC (“Google”) that allows us to improve our website. Data processing for the European Economic Area and Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The information collected includes:

IP address
Time of access
Duration of access
Which website did you come to our website from?
Interaction on the website

Demographic characteristics, provided the website visitor is logged into their Google Account

Device categories, browser type, operating system, screen resolution

and are transmitted to a Google server in the United States and stored there. The analysis of your activity on our website is provided to us in the form of reports. Google may disclose the collected information to third parties where required by law or where such third parties process the data on Google’s behalf. IP anonymization is performed by Google by default and cannot be disabled; therefore, IP addresses are only processed in truncated form to prevent any possible direct association with you.

Under https://www.google.de/intl/de/policies/, https://support.google.com/analytics/answer/6004245?hl=de&ref_topic=2919631#zippy=%2Ccookies-und-kennzeichnungen-von-google-analytics, as well as at https://support.google.com/analytics/answer/9019185?hl=de#zippy=%2Cthemen-in-diesem-artikel you can find more detailed information about the terms of use and privacy policy of Google Analytics.

9.1.2 Legal basis for data processing

The legal basis for the processing of personal data is your consent pursuant to Article 6(1)(a) of the GDPR.

9.1.3 Purpose of Data Processing

Processing your personal data allows us to analyze your browsing behavior. By evaluating the data collected, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. By anonymizing IP addresses, we adequately address users’ concerns regarding the protection of their personal data.

9.1.4 Duration of data storage

The data will be deleted 400 days after your last visit to our website.

9.1.5 Option for the data subject to delete the data

You may revoke your consent to data processing at any time. To do so, please contact our Data Protection Officer. You can also prevent Google Analytics cookies from being installed by adjusting your browser settings accordingly. However, in this case, you may not be able to use all features of our website to their full extent. You can also use browser extensions, such as http://tools.google.com/dlpage/gaoptout?hl=de , Google Analytics can be deactivated and controlled.

9.2 Google Tag Manager

9.2.1 Description and Scope of Data Processing

Google Tag Manager is a solution that allows us to manage so-called website tags via a user interface (and thus, for example, integrate Google marketing services into our online offerings). Tag Manager serves as an “administrator” for the implemented tags. This allows us to centrally manage integrated Google products or other analytics tools on our website. The tags integrated into the website are referred to as code snippets that enable the tracking of your activities on our website. When you use our website, Google Tag Manager is downloaded, which automatically results in the user’s IP address being transmitted to Google. With regard to the processing of personal data, please refer to the information provided by Google regarding its services. Data processing for the European Economic Area and Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

You can view the Google Tag Manager Terms of Service here: https://www.google.com/intl/de/tagmanager/use-policy.html

9.2.2 Legal basis for data processing

The legal basis for the processing of personal data is your consent pursuant to Article 6(1)(a) of the GDPR.

9.2.3 Purpose of Data Processing

Google Tag Manager simplifies the management and organization of the analytics tools used on the website. To integrate an analytics tool, JavaScript code must be embedded in the website. By using Google Tag Manager, we can manage this embedded code from a single location.

9.2.4 Duration of Data Storage

Since Google Tag Manager does not store data directly but instead forwards it to the tracking tools, you must check with each individual tracking tool to determine how long the data is retained.

9.2.5 Option for the data subject to delete the data

You may revoke your consent to data processing at any time with future effect. To do so, you must contact the respective data protection officers for the tools in question. For more information regarding the management of your data, please refer to the privacy policies of the tools used.

10 Advertising and Marketing Tools

Our website also incorporates tools that ensure our website appears in your search results—either as a relevant search result or as an advertisement. Below is a breakdown of the programs used in connection with our website:

10.1 Google Ad Manager (formerly DoubleClick)

10.1.1 Description and Scope of Data Processing

Our website uses Google Ad Manager. Data processing for the European Economic Area and Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ad Manager is used to display ads when you visit our website. Google Ad Manager uses information about your visits to this and other websites to display ads for products and services that may interest you. If you would like to learn more about these methods or find out how you can prevent Google Ad Manager from using this information, click here: https://www.google.de/policies/technologies/ads/.

10.1.2 Legal basis for data processing

Data processing is based on your consent in accordance with Article 6(1)(a) of the GDPR.

10.1.3 Purpose of Data Processing

Our goal is to enter into partnerships with other companies in order to benefit financially from these collaborations.

10.1.4 Duration of data storage

The data will be deleted as soon as it is no longer needed for our record-keeping purposes and there are no legal, regulatory, or contractual provisions preventing its deletion.

10.1.5 Option for the data subject to delete the data

You may withdraw your consent to data processing at any time. To do so, please contact our Data Protection Officer.

You can prevent cookies from being set at any time by adjusting the settings in your web browser. Cookies that have already been set can also be deleted in your web browser settings. Please note that preventing cookies from being set may result in some features not being fully available.

10.2 Google Ads and Google Conversion Tracking

10.2.1 Description and Scope of Data Processing

We have integrated Google Ads (formerly Google AdWords) into this website. Google Ads is an online advertising service. Data processing for the European Economic Area and Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

If you arrived at our website via a Google ad, Google will place a so-called conversion cookie on your device. For more information about cookies, please refer to the section on cookies. The conversion cookie is used to compile and analyze visitor statistics. When you visit the website, the conversion cookie stores your IP address. This data is stored in the United States. Google may also share this data with third parties. For further information on Google’s privacy policy, please refer to: https://www.google.de/intl/de/policies/privacy/

10.2.2 Legal basis for data processing

The legal basis for data processing is your consent pursuant to Article 6(1)(a) of the GDPR.

10.2.3 Purpose of Data Processing

We use Google Ads to place targeted ads for our company in Google's search results.

10.2.4 Duration of data storage

The conversion cookie expires 90 days after it is set. This means that you can no longer be identified. During this 90-day period, both we and Google can use the conversion cookie to track which subpages have been visited.

10.2.5 Option for the data subject to delete the data

You may withdraw your consent to data processing at any time. To do so, please contact our Data Protection Officer.

You can use this link http://www.google.com/settings/ads/plugin to permanently disable data processing in your browser. As a result, some features of our website may no longer be fully available.

You can also use your browser settings to opt out of cookies used for conversation tracking and, consequently, user-based advertising by Google. To do so, please click on the following link: www.google.de/settings/ads. Please note that you will need to reconfigure this setting if you delete the cookies in your browser.

You can also click the following link to disable user-targeted ads that are part of the “About Ads” self-regulatory campaign. Please note that you will need to reconfigure these settings if you clear your browser’s cookies.

11 Additional third-party tools

In addition, we use third-party providers who assist us with the layout and functionality of the website. These are listed below:

11.1 Google Web Fonts

11.1.1 Description and Scope of Data Processing

We use web fonts on our website to ensure consistent font display. Data processing for the European Economic Area and Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit a page, your browser loads the necessary web fonts into its cache to display text and fonts correctly. To do this, the browser you are using must connect to Google’s servers. As a result, Google learns that our website has been accessed via your IP address. If your browser does not support web fonts, a default font from your computer will be used.

For more information about Google Web Fonts, visit https://developers.google.com/fonts/faq and in Google’s Privacy Policy: https://www.google.com/policies/privacy/.

11.1.2 Legal basis for data processing

Data processing is based on your consent in accordance with Article 6(1)(a) of the GDPR.

11.1.3 Purpose of Data Processing

The purpose of data processing is to ensure consistent font display on this website. Otherwise, we would not be able to effectively present our online content to you.

11.1.4 Duration of data storage

The data will be deleted as soon as it is no longer needed for the purpose of data processing, unless legal, regulatory, or contractual requirements prevent its deletion.

11.1.5 Option for the data subject to delete the data

You can configure your browser so that fonts are not loaded from Google's servers. If your browser does not support Google Fonts or if you block access to Google's servers, the text will be displayed in the system's default font.

11.2 Google Web Fonts

11.2.1 Description and Scope of Data Processing

This website uses Font Awesome, a product of Fonticons, Inc., to ensure consistent font styling.

For the website, we use fonts and icons provided by Fonticons, Inc. As soon as you visit our site, the necessary web fonts and icons are loaded into your browser cache to ensure that text, fonts, and icons are displayed correctly.

11.2.2 Legal basis for data processing

The legal basis for the use of Font Awesome is Article 6(1)(f) of the GDPR.

11.2.3 Purpose of Data Processing

The purpose of data processing is to ensure consistent display of fonts and icons on our website.

11.2.4 Duration of data storage

No data is stored.

11 Data transfers to a third country

In order to provide our services, we rely on the support of service providers located both within the European Union and in third countries. To ensure the protection of your personal data even when it is transferred to a third country, we enter into specific data processing agreements with each of our carefully selected service providers. All service providers we use have provided sufficient evidence that they ensure data security through appropriate technical and organizational measures. Our service providers from third countries are either located in countries that have an adequate level of data protection recognized by the European Commission (Art. 45 GDPR) or have provided appropriate safeguards (Art. 46 GDPR).

Adequate level of protection: The provider is based in a country whose adequate level of data protection has been recognized by the European Commission. For more information, see: Adequacy decisions (europa.eu)

EU Standard Contractual Clauses: Our provider has adopted the EU Standard Contractual Clauses to ensure secure data transfer. For more information, please visit: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en

Binding Corporate Rules: Article 47 of the GDPR provides for the possibility of ensuring data protection during data transfers to a third country through binding internal data protection rules. These are reviewed and approved by the competent supervisory authorities as part of the consistency procedure under Article 63 of the GDPR.

Consent: Furthermore, data will only be transferred to a third country without an adequate level of protection if you have given us your consent to do so pursuant to Art. 49(1)(a) of the GDPR or if another exception under Art. 49 of the GDPR applies to the data transfer.

13 Your rights

You have the following rights with respect to your personal data:

13.1 Right to withdraw consent (see Art. 7 GDPR)

If you have given your consent to the processing of your data, you may withdraw it at any time. Such a withdrawal will affect the lawfulness of the processing of your personal data going forward, once you have notified us of it. You may do so verbally (in person or over the phone) or in writing by mail or email.

13.2 Right of access (see Art. 15 of the GDPR)

If you submit a request for information, you must provide sufficient details regarding your identity and prove that the information in question belongs to you. The request pertains to the following information:

the purposes for which the personal data is processed;
the categories of personal data that are processed;
the recipients or categories of recipients to whom your personal data has been or will be disclosed;
the planned duration of the storage of your personal data or, if it is not possible to provide specific information in this regard, the criteria used to determine the storage period;
the existence of a right to have personal data concerning you rectified or erased, a right to restrict processing by the controller, or a right to object to such processing;
the existence of a right to lodge a complaint with a supervisory authority;
all available information regarding the source of the data, if the personal data is not collected directly from the data subject;
the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR, and—at least in such cases—meaningful information regarding the logic involved, as well as the scope and intended consequences of such processing for the data subject.

13.3 Right to rectification or erasure (see Articles 16 and 17 of the GDPR)

You have the right to request that we, as the data controller, correct and/or complete your personal data if the personal data we process concerning you is inaccurate or incomplete. The data controller must make the correction without delay.

In addition, you may request the deletion of your personal data if any of the following reasons apply to you:

The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
You withdraw your consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal basis for the processing.
You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
The personal data concerning you has been processed unlawfully.
The erasure of your personal data is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject.
The personal data concerning you was collected in connection with the information society services offered, in accordance with Article 8(1) of the GDPR.

If we have made your personal data public and are required to erase it pursuant to Article 17(1) of the GDPR, we will take all reasonable steps to inform other data controllers that you have requested the removal of all links to such personal data or of copies or replicas of such personal data.

The right to erasure does not apply insofar as the processing is necessary:

to exercise the right to freedom of expression and information;
to comply with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, to the extent that the aforementioned right is likely to render impossible or seriously impair the achievement of the objectives of such processing, or
to assert, exercise, or defend legal claims.

13.4 Right to restriction of processing (see Art. 18 GDPR)

Under the following conditions, you may request that we restrict the processing of your personal data:

if you dispute the accuracy of your personal data for a period of time that allows us to verify the accuracy of your personal data;
the processing is unlawful and you object to the erasure of the personal data and instead request the restriction of its use;
we no longer need the personal data for the purposes of processing, but you need it to assert, exercise, or defend legal claims, or
if you have objected to the processing pursuant to Article 21(1) of the GDPR and it has not yet been determined whether our legitimate grounds override your interests.

If the processing of your personal data has been restricted, such data may—apart from storage—be processed only with your consent, or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of an important public interest of the Union or of a Member State.

If the restriction on processing has been imposed in accordance with the above conditions, we will notify you before the restriction is lifted.

13.5 Right to be informed (see Art. 19 GDPR)
If you have exercised your right to rectification, erasure, or restriction of processing with us, we are obligated to notify all recipients of your personal data of the rectification, erasure, or restriction of processing. This applies only to the extent that such notification does not prove impossible or would involve disproportionate effort.

You have the right to know which recipients have received your data.

13.6 Right to Data Portability (see Art. 20 GDPR)
You have the right to receive your personal data from us in a commonly used, machine-readable format so that you can, if necessary, have it forwarded to another controller, provided that

the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, or on a contract pursuant to Article 6(1)(b) of the GDPR, and
the processing is carried out using automated means.

When exercising your right to data portability, you have the right to request that we transfer your personal data directly to another controller, provided this is technically feasible.

The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

13.7 Right to object to processing (see Art. 21 GDPR)

To the extent that we process your personal data based on a legitimate interest on our part (pursuant to Article 6(1)(f) of the GDPR), you may object to such processing. The same applies if we process your personal data based on Article 6(1)(e) of the GDPR.

If you exercise this right to object, please explain why we should not process your personal data as we currently do. If your objection is justified, we will review the situation and either cease or adjust the data processing, or explain to you the compelling legitimate grounds on which we will continue the processing.

13.8 Right to lodge a complaint with the competent supervisory authority (see Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place where the alleged infringement occurred, if you believe that the processing of your personal data violates the GDPR.

The supervisory authority to which the complaint was submitted will inform you of the status and outcome of the complaint, including the possibility of seeking judicial remedy under Article 78 of the GDPR.