INN.LAW Logo

Services

Academy

Insights

Let's talk

INN.LAW Logo
INN.LAW Logo

Privacy Notices

Introduction

With the following data protection notices, we would like to inform you about the types of your personal data ("data") that we process for what purposes and to what extent. The data protection notices apply to all processing of personal data by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, as well as within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").

The terms used are not gender-specific.

As of: September 29, 2024

Controller

INN.LAW® - Innovative Lawyers
Rechtsanwalt Peter Poleacov
Am Kaldenberg 3A
40489 Düsseldorf
Email address: info@inn.law
Imprint: https://www.inn.law/impressum

Overview of Processing Activities

The following overview summarizes the types of processed data and the purposes of their processing and refers to the affected persons.

Types of Processed Data

  • Inventory data

  • Payment data

  • Contact data

  • Content data

  • Contract data

  • Usage data

  • Meta/communication data

  • Applicant data

Categories of Affected Persons

  • Customers

  • Employees

  • Interested parties

  • Communication partners

  • Users

  • Applicants

  • Business and contract partners

  • Clients

  • Depicted persons

Purposes of Processing

  • Provision of contractual services and customer service

  • Contact inquiries and communication

  • Security measures

  • Direct marketing

  • Reach measurement

  • Office and organizational procedures

  • Management and response to inquiries

  • Recruitment procedures

  • Content Delivery Network (CDN)

  • Feedback

  • Marketing

  • Profiles with user-related information

  • Provision of our online offer and user-friendliness

  • Technical infrastructure

Relevant Legal Basis

The following provides an overview of the legal basis of the EU General Data Protection Regulation ("GDPR") that we rely on for processing personal data. Please note that alongside the provisions of the GDPR, national data protection requirements applicable in your or our country of residence or establishment may apply. Should further specific legal bases be applicable in individual cases, we will inform you of them in the data protection notices.

  • Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given consent to the processing of personal data concerning them for one or more specific purposes.

  • Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into a contract.

  • Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.

  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

  • Recruitment procedures as a pre-contractual or contractual relationship (Art. 6 para. 1 lit. b) GDPR) - To the extent that special categories of personal data in accordance with Art. 9 para. 1 GDPR (e.g., health data, such as disability status or ethnic origin) are requested from applicants as part of the application process, their processing is carried out according to Art. 9 para. 2 lit. b GDPR, or in the event of protection of vital interests of the applicants or other persons in accordance with Art. 9 para. 2 lit. c GDPR or for health care or occupational medicine purposes in accordance with Art. 9 para. 2 lit. h GDPR. In the event of a communication of specific categories of data based on voluntary consent, their processing is based on Art. 9 para. 2 lit. a GDPR.

Alongside the GDPR data protection regulations, national regulations on data protection apply in Germany. This includes, in particular, the Federal Data Protection Act (BDSG), which includes specific regulations regarding the right to access, deletion, objection, processing of special categories of personal data, processing for other purposes, transmission, and individual automated decision-making, including profiling. It also regulates data processing for employment purposes (§ 26 BDSG), especially concerning the initiation, performance, or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of individual federal states may be applied.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of technology, implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the varying probability of occurrence and severity of the threats to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

The measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as the related accesses, entries, transfer, availability safeguards, and their separation. We have also established procedures to ensure the perception of data subject rights, deletion of data, and reactions to data threats. Furthermore, we consider the protection of personal data during the development or selection of hardware, software, and processes in accordance with the principle of data protection through technology design and privacy-friendly default settings.

TLS Encryption (https): To protect your data transmitted through our online offer, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in your browser's address line.

Transfer of Personal Data

As part of our processing of personal data, it may happen that the data is transferred to other parties, companies, legally independent organizational units, or persons, or disclosed to them. Recipients of this data may include service providers tasked with IT tasks or providers of services and content integrated into a website. In such cases, we comply with legal requirements and conclude appropriate contracts or agreements, particularly with the recipients of your data, which serve to protect your data.

Data Transfer within the Corporate Group: We may transfer personal data to other companies within our corporate group or grant them access to this data. When this disclosure is for administrative purposes, it is based on our legitimate entrepreneurial and business interests or is necessary for fulfilling our contractual obligations, or if consent from those affected or a legal permission is present.

Data Processing in Third Countries

Insofar as we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place as part of utilizing services from third parties or the disclosure or transfer of data to other persons, entities, or companies, this occurs only in compliance with legal requirements.

Subject to express consent or contractually or legally required transfer, we process or have the data processed only in third countries with a recognized data protection level, contractual obligations through so-called standard protection clauses issued by the EU Commission, in the presence of certifications, or binding internal data protection regulations (Art. 44 to 49 GDPR, EU Commission information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

Deletion of Data

The data we process will be deleted in accordance with legal requirements when their processing consents are revoked or other permissions cease (e.g., if the purpose of processing such data no longer exists or they are not required for the purpose). If the data is not deleted because it is necessary for other and legally permissible purposes, their processing will be limited to these purposes. This means blocking the data and not processing it for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is required for asserting, exercising, or defending legal claims or protecting the rights of another natural or legal person.

As part of our data protection notices, we can provide users with further information on the deletion and retention of data specifically applicable to the respective processing processes.

Use of Cookies

Cookies are small text files or other markers that store information on end devices and read information from the end devices. For example, to store the login status in a user account, a shopping cart content in an e-shop, the accessed content, or used functions of an online offer. Cookies can also be used for various purposes, such as the functionality, security, and comfort of online offers, as well as the creation of analyses of visitor flows.

Consent Notices: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users unless this is not legally required. Consent is particularly not necessary if storing and accessing information, including cookies, is essential to provide a telemedia service that users have expressly requested (i.e., our online offer). The revocable consent is clearly communicated to users and includes information about the respective cookie use.

Legal Basis for Data Protection: The legal basis on which we process the personal data of users with the help of cookies depends on whether we ask users for consent. If users agree, the legal basis for processing their data is the declared consent. Otherwise, the data processed using cookies is based on our legitimate interests (e.g., in an economic operation of our online offer and improving its usability) or occurs within the framework of fulfilling our contractual obligations when the use of cookies is necessary to fulfill our contractual obligations. We explain the purposes for which we process cookies in these data protection notices or as part of our consent and processing processes.

Storage Duration: Regarding storage duration, the following types of cookies are distinguished:

  • Temporary Cookies (also: Session or Session Cookies): Temporary cookies are deleted at the latest after a user leaves an online offer and closes their end device (e.g., browser or mobile application).

  • Permanent Cookies: Permanent cookies remain stored even after closing the end device. For example, the login status can be saved, or preferred content can be displayed directly when the user visits a website again. The data collected using cookies can also be used for reach measurement. If we do not provide users with explicit information on the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and the storage duration can be up to two years.

General Notes on Revocation and Objection (Opt-Out): Users can revoke their consent at any time and object to processing based on the legal requirements of Art. 21 GDPR. Users can also express their objection through their browser settings, e.g., by disabling the use of cookies (although this may restrict the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be made via the websites https://optout.aboutads.info and https://www.youronlinechoices.com.

Business Services

We process the data of our contractual and business partners, e.g., clients and interested parties (collectively referred to as "contractual partners") within the context of contractual and similar relationships, as well as related measures and within communication with the contractual partners (or pre-contractual), e.g., to respond to inquiries.

We process this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations, and remedies for warranty and other performance disruptions. Furthermore, we process the data to protect our rights and for administrative tasks associated with these obligations as well as business organization. Additionally, we process the data based on our legitimate interests in proper and economic business management, as well as security measures to protect our contractual partners and our business from misuse, threats to their data, secrets, information, and rights (e.g., participation of telecommunications, transport, and other auxiliary services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Within the applicable law, we only disclose the data of contractual partners to third parties as far as this is necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed about further forms of processing, e.g., for marketing purposes, as part of these data protection notices.

We inform the contractual partners of the data required for the aforementioned purposes before or as part of data collection, e.g., in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks or similar), or personally.

We delete the data after the expiration of legal warranty obligations and comparable obligations, i.e., generally after four years, unless the data is stored in a customer account, e.g., as long as they have to be stored for legal archiving reasons. The statutory retention period for tax-relevant documents, as well as commercial books, inventories, opening balances, annual financial statements, necessary instructions and organizational documents, and booking vouchers, is ten years, and for received commercial and business letters and copies of sent commercial and business letters, it is six years. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance, the annual financial statement or the management report was prepared, the commercial or business letter was received or sent, or the booking voucher was created, as well as when the recording was made or the other documents were created.

As far as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

  • Processed Data Types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Contract data (e.g., contract subject, duration, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).

  • Affected Persons: Customers; Interested parties; Business and contract partners; Clients.

  • Purposes of Processing: Provision of contractual services and customer service; Security measures; Contact inquiries and communication; Office and organizational procedures; Management and response to inquiries.

  • Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Notes on Processing Processes, Procedures, and Services:

  • Customer Account: Contractual partners can create an account within our online offer (e.g., customer or user account, briefly "customer account"). If registration of a customer account is necessary, contractual partners are informed accordingly and of the information required for registration. The customer accounts are not public and cannot be indexed by search engines. During registration and subsequent logins and uses of the customer account, we store the IP addresses of the customers along with the access times to prove registration and to prevent misuse of the customer account. When customers terminate their customer account, the data regarding the customer account is deleted, unless retention is required for legal reasons. It is up to the customers to secure their data during account termination; Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

  • Online Courses and Online Training: We process the data of participants in our online courses and online training (collectively referred to as "participants") to provide them with course and training services. The data processed here, the type, extent, purpose, and necessity of processing are determined by the underlying contractual relationship. The data generally includes information on the courses and services used, and as part of our service, any personal requirements and results of the participants. Processing forms also include performance evaluation and the evaluation of our services and those of the course and training leaders; Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

  • Legal Advice: We process the data of our clients and interested parties and other clients or contractual partners (collectively referred to as "clients") to provide them with our contractual or pre-contractual services, in particular advisory services. The processed data, the type, extent, purpose, and necessity of processing are determined by the underlying contract and client relationship. If client consent is available, it is required for contract fulfillment, legally (e.g., in accordance with the information obligations of the money laundering regulations), or necessary for the protection of vital interests. We disclose or transfer client data to third parties or agents, such as authorities and courts, taking into account professional regulations, if based on the client's interests; Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

  • Offer of Software and Platform Services: We process our users' data, registered and potential trial users (collectively referred to as "users"), to perform our contractual services and based on legitimate interests, to ensure and further develop the security of our offer. The required information is indicated in the context of the order, conclusion, or similar contract; comprising details necessary for service provision and billing, as well as contact information for possible consultations; Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

  • Events: We process the data of participants in events, conferences, and similar activities (collectively referred to as "participants" and "events"), to enable their participation and the use of services or actions associated with participation. If we process health data, religious, political, or other special categories of data in this context, this is done transparently and with consent. Required information is indicated within the context of the order or comparable conclusion; comprising necessary information for service provision and billing, as well as contact information for possible consultations. When we access the information of end customers, employees, or other persons, we process it in accordance with legal and contractual requirements; Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Use of Online Platforms for Offer and Sales Purposes

We offer our services on online platforms operated by other providers. In this context, in addition to our data protection notices, the data protection statements of the respective platforms apply. This is especially true concerning the payment process and methods used for reach measurement and interest-based marketing.

  • Processed Data Types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Contract data (e.g., contract subject, duration, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).

  • Affected Persons: Customers.

  • Purposes of Processing: Provision of contractual services and customer service; Marketing.

  • Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Providers and Services Used in the Course of Business Activities

In the course of our business activities, we use additional services, platforms, interfaces, or plug-ins from third-party providers (short "services") in compliance with legal requirements. Their use is based on our interests in a proper, lawful, and economical business operation and internal organization.

  • Processed Data Types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Content data (e.g., inputs in online forms); Contract data (e.g., contract subject, duration, customer category).

  • Affected Persons: Customers; Interested parties; Users (e.g., visitors to websites, users of online services); Business and contractual partners.

  • Purposes of Processing: Provision of contractual services and customer service; Office and organizational procedures.

  • Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Notes on Processing Processes, Procedures, and Services:

Payment Procedures

As part of contractual and other legal relationships or on the basis of our legitimate interests, we provide efficient and secure payment options to the affected persons and use other service providers besides banks and credit institutions (collectively "payment service providers").

The data processed by the payment service providers includes inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract, amount, and recipient-related information. The information is necessary to carry out the transactions. However, only the payment service providers process and store the entered data. We neither receive account nor credit card-related information, rather only information with confirmation or negative indication of payment. Under certain circumstances, the data is transmitted by the payment service providers to credit agencies to conduct identity and credit checks. For this, we refer to the General Terms and Conditions and data protection declarations of the payment service providers.

The business terms and data protection declarations of the respective payment service providers, which are accessible within the respective websites or transaction applications, apply to the payment transactions. We also refer to them for further information and the assertion of revocation, information, and other affected rights.

  • Processed Data Types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contract data (e.g., contract subject, duration, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).

  • Affected Persons: Customers; Interested parties.

  • Purposes of Processing: Provision of contractual services and customer service.

  • Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Further Notes on Processing Processes, Procedures, and Services:

  • PayPal: Payment services (technical connection of online payment methods) (e.g., PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://www.paypal.com/de; Data Protection Declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

  • Stripe: Payment services (technical connection of online payment methods); Service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://stripe.com; Data Protection Declaration: https://stripe.com/de/privacy.

Provision of the Online Offer and Web Hosting

We process user data to provide our online services. For this purpose, we process the user's IP address, which is necessary to transmit the contents and functions of our online services to the user's browser or device.

  • Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses); Content data (e.g., inputs in online forms).

  • Affected Persons: Users (e.g., visitors to websites, users of online services).

  • Purposes of Processing: Provision of our online offer and user-friendliness; Technical infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Security measures; Content Delivery Network (CDN).

  • Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Notes on Processing Processes, Procedures, and Services:

  • Provision of Online Offer on Rented Storage Space: We use rented storage space, computing capacity, and software from an appropriate server provider (also referred to as "web hoster") to provide our online offer; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

  • Collection of Access Data and Log Files: Access to our online offer is logged in the form of so-called "server log files". The server log files can include the address and name of the retrieved web pages and files, the date and time of retrieval, transferred data volumes, reports on successful retrieval, browser type with version, the user's operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, such as to prevent server overload (especially in the case of misuse attacks, so-called DDoS attacks) and on the other hand to ensure server utilization and stability; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Deletion of Data: Log file information is stored for a maximum duration of 30 days and then deleted or anonymized. Data whose further retention is required for evidence purposes is excluded from deletion until final clarification of the respective incident.

  • Email Sending and Hosting: The web hosting services we use also include sending, receiving, and storing emails. For these purposes, the recipient and sender addresses, as well as other information regarding the email dispatch (e.g., the involved providers), and the respective email contents are processed. The aforementioned data can also be processed for SPAM detection purposes. Please note that emails are generally not encrypted on the internet. Although emails are usually encrypted during transport, they are not encrypted on the servers they are sent from and received. Therefore, we cannot take responsibility for the transmission path of emails between the sender and receipt on our server; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

  • Content Delivery Network: We use a "Content Delivery Network" (CDN). A CDN is a service that, with the help of regionally distributed and internet-connected servers, delivers content, especially large media files like graphics or program scripts, faster and more securely; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

  • Cloudflare: Content delivery network (CDN) - Service that significantly delivers an online offer's content, especially large media files like graphics or program scripts, faster and more securely with the help of regionally distributed and internet-connected servers; Service provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.cloudflare.com; Data Protection Declaration: https://www.cloudflare.com/privacypolicy; Order Processing Agreement: https://www.cloudflare.com/cloudflare-customer-dpa; Standard Contractual Clauses (Ensuring Data Protection Level in Third Countries): https://www.cloudflare.com/cloudflare-customer-scc.

  • Ghost: Web hosting and email services; Service provider: Ghost Foundation, 160 Robinson Road, #14-04 SBF Center, Singapore, 068914; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://ghost.org; Data Protection Declaration: https://ghost.org/privacy; Order Processing Agreement: https://ghost.org/dpa/?ref=ghost.org.

Registration, Login, and User Account

Users can create a user account. During registration, the required mandatory information for users is communicated and processed for the provision of the user account based on contract fulfillment. The processed data includes, in particular, login information (username, password, and an email address).

In the context of using our registration and login functions as well as the use of the user account, we store the IP address and time of each user action. Storage is based on our legitimate interests and those of the users for protection against misuse and other unauthorized use. A transfer of this data to third parties does not take place unless it is necessary for pursuing our claims or there is a legal obligation to do so.

Users can be informed via email about processes relevant to their user account, such as technical changes.

  • Processed Data Types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., inputs in online forms); Meta/communication data (e.g., device information, IP addresses).

  • Affected Persons: Users (e.g., visitors to websites, users of online services).

  • Purposes of Processing: Provision of contractual services and customer service; Security measures; Management and response to inquiries; Provision of our online offer and user-friendliness.

  • Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Notes on Processing Processes, Procedures, and Services:

  • Registration with Real Names: Due to the nature of our community, we ask users to use our offer only with real names. Pseudonyms are not allowed; Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

  • Deletion of Data after Termination: When users terminate their user account, the data concerning the user account is deleted unless retention is required or permitted by law, or the user consents; Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

  • No Data Retention Obligation: It is up to the users to back up their data before the contract ends upon termination. We are entitled to irrevocably delete all data stored during the contract period; Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

  • Ghost: Web hosting and email services; Service provider: Ghost Foundation, 160 Robinson Road, #14-04 SBF Center, Singapore, 068914; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://ghost.org; Data Protection Declaration: https://ghost.org/privacy; Order Processing Agreement: https://ghost.org/dpa/?ref=ghost.org.

Blogs and Publication Media

We use blogs or comparable means of online communication and publication (hereinafter "publication medium"). The readers' data is processed only to the extent necessary for the presentation and communication between authors and readers or for security reasons. Otherwise, we refer to the information on processing the visitors of our publication medium in these data protection notices.

  • Processed Data Types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., inputs in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).

  • Affected Persons: Users (e.g., visitors to websites, users of online services).

  • Purposes of Processing: Provision of contractual services and customer service; Feedback (e.g., gathering feedback via online form); Provision of our online offer and user-friendliness; Security measures; Management and response to inquiries.

  • Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Notes on Processing Processes, Procedures, and Services:

  • Comments and Contributions: If users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is done for our security, should someone leave illegal content in comments and contributions (insults, prohibited political propaganda, etc.). In this case, we can be held accountable for the comment or contribution ourselves and are therefore interested in the author's identity. We also reserve the right to process user information for spam detection based on our legitimate interests. We also reserve the right to store the IP addresses of users during surveys and use cookies to prevent multiple votes. The information provided in the context of comments and contributions, any contact and website information as well as the content information will be kept by us until the user objects; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

  • Ghost: Web hosting and email services; Service provider: Ghost Foundation, 160 Robinson Road, #14-04 SBF Center, Singapore, 068914; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://ghost.org; Data Protection Declaration: https://ghost.org/privacy; Order Processing Agreement: https://ghost.org/dpa/?ref=ghost.org.

Contact and Inquiry Management

When contacting us (e.g., via contact form, email, phone, or via social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed as necessary to respond to the contact inquiries and any requested measures.

  • Processed Data Types: Contact data (e.g., email, phone numbers); Content data (e.g., inputs in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).

  • Affected Persons: Communication partners.

  • Purposes of Processing: Contact inquiries and communication; Management and response to inquiries; Feedback (e.g., gathering feedback via online form); Provision of our online offer and user-friendliness.

  • Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Further Notes on Processing Processes, Procedures, and Services:

  • Contact Form: When users contact us via our contact form, email, or other communication channels, we process the data submitted to handle the expressed concern; Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

  • Tally.so: Provision of forms; Service provider: Tally BV, August van Lokerenstraat 71, Gent 9050, Belgium; Legal Basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://tally.so; Data Protection Declaration: https://tally.so/help/privacy-policy.

Video Conferences, Online Meetings, Webinars, and Screen Sharing

We use platforms and applications from other providers (hereinafter referred to as "conference platforms") for video and audio conferences, webinars, and other types of video and audio meetings (collectively referred to as "conference"). When selecting conference platforms and their services, we comply with legal requirements.

Data Processed by Conference Platforms: Within a conference, the conference platforms process the personal data of participants listed below. The scope of processing depends on which data is required within a specific conference (e.g., providing access data or real names) and which optional data is provided by the participants. In addition to processing for conducting the conference, participant data can also be processed by conference platforms for security purposes or service optimization. The processed data includes personal data (first name, last name), contact information (email address, phone number), access data (access codes or passwords), profile pictures, information on professional status/function, the IP address of internet access, information about the participants' devices, their operating system, the browser, and its technical and language settings, information on the content of communication processes, i.e., entries in chats as well as audio and video data, and the use of other available functions (e.g., surveys). Communication content is encrypted to the extent technically available through the conference providers. If users are registered as users on the conference platforms, additional data may be processed following the terms with the respective conference provider.

Logging and Recordings: If text entries, participation results (e.g., from surveys), and video or audio recordings are logged, participants will be transparently informed of this in advance and, if necessary, asked for consent.

Data Protection Measures for Participants: Please refer to the data protection statements of the conference platforms for details on processing your data by the conference platforms and choose the optimal security and data protection settings for you within the conference platforms. Furthermore, ensure data and personal protection in the background of your recording during a video conference (e.g., by informing roommates, locking doors, and using the function to blur the background if technically possible). Links to conference rooms and access data must not be shared with unauthorized third parties.

Legal Basis Notes: If we process user data in addition to the conference platforms and ask users for their consent to use the conference platforms or specific functions (e.g., consent to record conferences), the legal basis for processing is the user consent. Furthermore, our processing may be necessary to fulfill our contractual obligations (e.g., in participant lists, in the case of working out conversation results, etc.). Otherwise, the users' data will be processed based on our legitimate interests in efficient and secure communication with our communication partners.

  • Processed Data Types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., inputs in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).

  • Affected Persons: Communication partners; Users (e.g., visitors to websites, users of online services); Depicted persons.

  • Purposes of Processing: Provision of contractual services and customer service; Contact inquiries and communication; Office and organizational procedures.

  • Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Notes on Processing Processes, Procedures, and Services:

Application Procedures

The application process requires applicants to provide the required data for their assessment and selection. Required information arises from the job description or, in the case of online forms, from the information provided.

As a rule, required information includes personal information, such as name, address, a contact option, and evidence of the qualifications necessary for a position. We can additionally inform you on request about what details are needed.

If provided, applicants can submit their applications to us via an online form. The data is encrypted to a state-of-the-art standard when transmitted to us. Applicants can also send their applications to us via email. In this case, however, we ask that you note that emails generally are not encrypted on the internet. Although emails are usually encrypted during transport, they are not encrypted on the sending and receiving servers. Therefore, we cannot take responsibility for the transfer path of the application between the sender and its receipt on our server.

To search for applicants, submit applications, and select candidates, we can use applicant management, recruitment software, and platforms and services from third parties, in compliance with legal requirements.

Applicants are welcome to contact us about the form of application submission or send the application by mail.

Processing of Special Categories of Data: To the extent that special categories of personal data are requested within the application process in accordance with Art. 9 para. 1 GDPR (e.g., health data, such as disability status or ethnic origin) from applicants, to enable the controller or data subject to exercise the rights arising from labor law and social security and social protection rights, or to comply with these obligations, their processing is carried out according to Art. 9 para. 2 lit. b GDPR, in the event of protection of vital interests of the applicants or other persons according to Art. 9 para. 2 lit. c GDPR or for health care or occupational medicine purposes, for the assessment of employees' ability to work, for medical diagnosis, the supply or treatment in the health area or social care, or for administration of systems and services in the health or social care area according to Art. 9 para. 2 lit. h GDPR. In the event of a communication of specific categories of data based on voluntary consent, their processing is based on Art. 9 para. 2 lit. a GDPR.

Deletion of Data: Applicant data can be processed further by us if the application is successful for employment purposes. Otherwise, if the application for a job offer is unsuccessful, the applicant data will be deleted. Applicant data is also deleted if an application is withdrawn, which applicants are entitled to do at any time. Deletion is subject to a justified withdrawal of the applicants at the latest after six months to respond to potential follow-up queries to the application and to comply with our obligations to provide evidence under the provisions on equal treatment of applicants. Invoices for any travel expenses reimbursements are archived according to tax regulations.

Inclusion in an Applicant Pool: Inclusion in an applicant pool, if offered, is based on consent. Applicants are informed that their inclusion in the talent pool is voluntary, has no impact on the ongoing application process, and that they can withdraw their consent at any time for the future.

  • Processed Data Types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., inputs in online forms); Applicant data (e.g., personal information, postal, and contact addresses, application-related documents, and the information contained therein, such as cover letter, resume, certificates, and other information communicated by applicants regarding a specific position or voluntarily provided about their person or qualifications).

  • Affected Persons: Applicants.

  • Purposes of Processing: Application procedures (initiation and potential subsequent performance and possible future termination of an employment relationship).

  • Legal Basis: Application procedure as a pre-contractual or contractual relationship (Art. 6 para. 1 lit. b) GDPR).

Cloud Services

We use internet-accessible software services (referred to as "cloud services", also known as "Software as a Service") provided by service providers on their servers to store and manage content (e.g., document storage and management, sharing documents, content and information with specific recipients or publishing content and information).

In this context, personal data can be processed and stored on the provider servers, to the extent these are part of communication processes with us or are otherwise processed by us, as outlined in these data protection notices. These data can include users' master and contact data, data on transactions, contracts, other processes, and their content. The cloud service providers also process usage data and metadata used for security purposes and service optimization.

If we provide forms or other documents accessible to other users or public websites using cloud services, the providers may store cookies on the users' devices for web analysis purposes or to remember user settings (e.g., in the case of media control).

  • Processed Data Types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., inputs in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).

  • Affected Persons: Customers; Employees (e.g., employees, applicants, former employees); Interested parties; Communication partners.

  • Purposes of Processing: Office and organizational procedures; Technical infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)).

  • Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Notes on Processing Processes, Procedures, and Services:

Newsletters and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter "newsletter") only with the consent of the recipients or legal permission. If the content of the newsletter is described specifically during registration, it is decisive for the users' consent. Otherwise, our newsletters contain information about our services and us.

Registering for our newsletters generally requires you to provide your email address and name for personal address within the newsletter. We may ask you to provide additional information if necessary for the newsletter's purposes.

Double-Opt-In Procedure: Registration for our newsletter takes place in a so-called double-opt-in procedure. After registration, you receive an email asking you to confirm your registration. This confirmation is necessary so nobody can register with foreign email addresses. Newsletter registrations are logged to prove the registration process's compliance with legal requirements. This includes storing the registration and confirmation timestamp, as well as the IP address. Any changes to your data stored with the dispatch service provider are also logged.

Deletion and Limitation of Processing: We may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to provide proof of prior consent. Processing is limited to the purpose of possible defense against claims. An individual deletion is possible at any time, provided former existence of consent is confirmed. We reserve the right to store email addresses in a blacklist ("blocklist") to respect opposition obligations permanently.

Registering processes are logged based on our legitimate interests to document their proper execution. If we engage a service provider to send emails, this occurs based on our legitimate interests in an efficient and secure dispatch system.

Content: We inform you about contractual topics, as well as us, our services, products, actions, and offers.

  • Processed Data Types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Meta/communication data (e.g., device information, IP addresses); Usage data (e.g., visited websites, interest in content, access times).

  • Affected Persons: Communication partners.

  • Purposes of Processing: Direct marketing (e.g., via email or postal).

  • Legal Basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

  • Objection Option (Opt-Out): You can cancel receiving our newsletter at any time, i.e., revoke your consent or oppose further receipt. A link to cancel the newsletter can be found at the end of every newsletter, or you can otherwise use one of the contact options above, preferably email.

Further Notes on Processing Processes, Procedures, and Services:

  • Measurement of Opening and Click Rates: Newsletters contain a so-called "web-beacon", a pixel-sized file that is retrieved from our server when opening the newsletter, or, if we use a dispatch service provider, their server. As part of this retrieval, technical information such as information on the browser and your system, as well as your IP address and retrieval time, is collected. This information is used to technically improve our newsletter using the technical data or reader's reading behavior based on their retrieval locations (determined from IP address) or access times. The analysis includes determining whether newsletters are opened, when they are opened, and which links are clicked. This information is linked to individual newsletter recipients and stored in their profiles until they are deleted. The evaluations help us identify our users' reading habits and tailor our content to them or send different content according to their interests. Measurement of opening and click rates and storing of measurement results in user profiles, as well as their further processing, is based on the users' consent. Unfortunately, a separate revocation of success measurement is not possible, and the entire newsletter subscription must be canceled or opposed. In this case, the saved profile information is deleted; Legal Basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

  • Ghost: Web hosting and email services; Service provider: Ghost Foundation, 160 Robinson Road, #14-04 SBF Center, Singapore, 068914; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://ghost.org; Data Protection Declaration: https://ghost.org/privacy; Order Processing Agreement: https://ghost.org/dpa/?ref=ghost.org.

Marketing Communication via Email, Mail, Fax, or Phone

We process personal data for marketing communication purposes, which can take place via various channels such as email, phone, mail, or fax, in compliance with legal requirements.

Recipients have the right to revoke given consent at any time or oppose marketing communication at any time.

After revocation or opposition, we store the data necessary to demonstrate the prior authorization to contact or send up to three years after the end of the year in which the revocation or opposition was given based on our legitimate interests. Processing of this data is limited to the purpose of a potential defense against claims. Based on the legitimate interest in permanently respecting users' revocations or opposition, we also store data to prevent renewed contact (e.g., the email address, phone number, or name depending on the communication channel).

  • Processed Data Types: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers).

  • Affected Persons: Communication partners.

  • Purposes of Processing: Direct marketing (e.g., by email or postal).

  • Legal Basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Web Analysis, Monitoring, and Optimization

Web analysis (also referred to as "reach measurement") serves the evaluation of our online offer. It allows us to determine, for example, to what extent our online offer is used. We can also identify which areas require optimization.

In addition to web analysis, we may also use testing procedures to test and optimize different versions of our online offer or its components.

Among others, the web pages visited (page URL), pages from which visitors access our online offer (HTTP referer), the browser used, the computer system used, device type, and information about the country, region, and city from which retrieval occurs are recorded.

  • Processed Data Types: Usage data (e.g., visited websites); Meta/communication data (e.g., browser).

  • Affected Persons: Users (e.g., visitors to websites, users of online services).

  • Purposes of Processing: Reach measurement (e.g., access statistics).

  • Security Measures: See additional information about the service provider below.

  • Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Notes on Processing Processes, Procedures, and Services:

  • plausible.io: Reach measurement and web analytics; does not use cookies or similar persistent online identifiers, recurring visitors are recognized using a pseudonymous identifier which is deleted after a day; no personal data is stored (https://plausible.io/data-policy); no data is passed on to third parties; processing takes place on the server of plausible.io based on an order processing agreement; Service provider: Plausible Insights Oü, Västriku tn 2, 50403, Tartu, Estonia; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://plausible.io/; Data Protection Declaration: https://plausible.io/privacy; Order Processing Agreement: https://plausible.io/dpa.

  • Pitch: Presentations (also in webinars); Service provider: Pitch Software GmbH, Joachimstraße 7, 10119 Berlin, Germany; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://pitch.com/; Data Protection Declaration: https://pitch.com/privacy-policy; Order Processing Agreement: https://pitch.com/dpa.

Presences in Social Networks (Social Media)

We maintain online presences within social networks to communicate with active users or to offer information about us.

We note that user data may be processed outside the European Union. This may involve risks for users, making it harder to enforce users' rights.

Furthermore, user data within social networks are usually processed for market research and advertising purposes. Based on user behavior and the resulting interests, user profiles may be created. Usage profiles can, in turn, be used to display ads inside and outside the networks that are presumed to match users' interests. For these purposes, cookies that record user behavior and interests are typically stored on the users' devices. Also, data can be stored in user profiles across devices, particularly if users are members of these platforms and logged in.

We provide detailed information on the respective processing forms and make use of the objection options (opt-out) on the data protection statements and information of the respective network operators.

For requests for information and the assertion of user rights, we also advise that these are best asserted with the providers themselves. Only providers have access to users' data and can take appropriate actions and provide information directly. If you need help, you are welcome to contact us.

  • Processed Data Types: Contact data (e.g., email, phone numbers); Content data (e.g., inputs in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).

  • Affected Persons: Users (e.g., visitors to websites, users of online services).

  • Purposes of Processing: Contact inquiries and communication; Feedback (e.g., gathering feedback via online form); Marketing.

  • Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Notes on Processing Processes, Procedures, and Services:

Plugins and Embedded Functions as well as Content

We integrate functional and content elements from the servers of their respective providers (hereinafter referred to as "third-party providers") into our online offer. These can include graphics, videos, or city maps (hereinafter referred to as "content").

Integration always requires that the third-party providers of this content process the user's IP address, as they could not send the content to their browser without it. The IP address is therefore necessary for displaying this content or functions. We strive to use only such content whose respective providers use the IP address solely for content delivery. Third-party providers can also use pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate visitor traffic on this website. The pseudonymous information can also be stored in cookies on the user's device and include, among other data, technical information about the browser, the operating system, referring web pages, time of visit, and other information about the use of our online offer, and to be linked with similar information from other sources.

  • Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).

  • Affected Persons: Users (e.g., visitors to websites, users of online services).

  • Purposes of Processing: Provision of our online offer and user-friendliness.

  • Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Notes on Processing Processes, Procedures, and Services:

  • Integration of Third-Party Software, Scripts, or Frameworks (e.g., jQuery): We integrate software from other providers into our online offer, which we retrieve from the servers of other providers (e.g., function libraries used to provide or enhance the user-friendliness of our online offer). The respective providers collect users' IP addresses and can process them for the purposes of transmitting the software to the user's browser, as well as for security purposes, evaluation, and optimization of their offer. Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

  • YouTube Videos: Video content; YouTube videos are embedded via a special domain (recognizable by the "youtube-nocookie" part) in the so-called "extended data protection mode," which does not collect cookies for user activities to personalize video playback. Nevertheless, information about users' interactions with the video (e.g., remembering the last playback position) may be stored; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis:

Join our Community

Als Mitglied erhalten Sie 10% Rabatt auf unsere Webinare.
Zudem bleiben Sie up to date mit unseren Insights.

Wir verarbeiten Ihre E-Mail Adresse ausschließlich für den Versand unseres Newsletters. Sie können Ihre Einwilligung jederzeit mit Wirkung für die Zukunft widerrufen. Weitere Informationen finden Sie in unseren Datenschutzhinweisen.

Join our Community

Als Mitglied erhalten Sie 10% Rabatt auf unsere Webinare.
Zudem bleiben Sie up to date mit unseren Insights.

Wir verarbeiten Ihre E-Mail Adresse ausschließlich für den Versand unseres Newsletters. Sie können Ihre Einwilligung jederzeit mit Wirkung für die Zukunft widerrufen. Weitere Informationen finden Sie in unseren Datenschutzhinweisen.

Join our Community

Als Mitglied erhalten Sie 10% Rabatt auf unsere Webinare.
Zudem bleiben Sie up to date mit unseren Insights.

Wir verarbeiten Ihre E-Mail Adresse ausschließlich für den Versand unseres Newsletters. Sie können Ihre Einwilligung jederzeit mit Wirkung für die Zukunft widerrufen. Weitere Informationen finden Sie in unseren Datenschutzhinweisen.