Information on the processing of personal data

Informational use of the website

When the use of the website is purely informational, certain information, for example your IP address, is sent to our server by the browser used on your device for technical reasons. We process this information in order to provide the website content requested by you. To ensure the security of the IT infrastructure used to provide the website, this information is also stored temporarily in what is referred to as a so-called “web server log file”.

We use a content management system (WordPress) in order to manage our website. The content management system allows admin users to login to the backend in order to manage the content of our website. For this purpose, a “revision history log file” is stored on our web server. In order to provide the administrative functions of the content management system, data from strictly necessary cookies (à Section C) are temporarily processed on our web server.

You receive more detailed information on this below:

[For a multi-layer presentation of the information (“layered information”), the following information may be hidden at the first layer]

Details on the personal data which are processed

Categories of personal data processed Personal data included in the categories Sources of the data Obligation to provide the data Storage duration
HTTP Data. Protocol data which accrue when visiting the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons.

These include IP address, type and version of your internet browser, operating system used, last site accessed before visiting the site (referrer URL), date and time of visit.

User of the website. Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation to provide the data.

If the data is not provided, we cannot provide the requested website content.

Data are stored in server log files in a form allowing the identification of the data subject for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack).

If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved.

WordPress Data. Data stored in data logs of our content management system (WordPress).

These include information on content management actions of editors or admins logged into the backend of the content management system.

User of the website who is logged into the backend of our content management system (WordPress). Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation to provide the data.

If the data is not provided, we cannot provide the administrative functions of our content management system (WordPress).

WordPress Data are stored in a WordPress “revision history” log file. The log file stores the last 25 changes that have happened to any page or post. The log file itself does not expire over time. Older entries in the log file are deleted automatically when the log file contains 25 entries and new entries are added.
WordPress Cookie Data. Data stored on the user’s device in strictly necessary cookies for administrative functions our content management system (WordPress).

These include IP addresses of the device of the user.

Section C.III. for more detailed information about the contents of the cookies used)

User of the website who is logged into the backend of our content management system (WordPress). Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation to provide the data.

If the data is not provided, we cannot provide the administrative functions of our content management system (WordPress).

We do not store this data on our systems.

Section C.III. for more detailed information about the validity period of the cookies used)

 

Details on the processing of the personal data

Purpose of processing the personal data Categories of personal data processed Automated decision-making Legal basis and, where applicable, legitimate interests Recipient
Provision of the website content requested by the user:

For this purpose, data are temporarily processed on our web server.

HTTP Data. No automated decision-making takes place. Article 6 paragraph 1 point (f) of the General Data Protection Regulation (balancing of interests).

Our legitimate interest is the provision of the website content requested by the user.

Hosting Provider.
Provision of the administrative functions of our content management system (WordPress):

For this purpose, data are temporarily processed on our web server. Furthermore, data are used to track what editors or admins logged into the backend of the content management system are doing to create a content management data log.

For this purpose, data from strictly necessary WordPress cookies are processed temporarily on our web server.

Section C.III. for detailed information about the purposes of the cookies used).

HTTP Data,

WordPress Data,

WordPress Cookie Data.

No automated decision-making takes place. Article 6 paragraph 1 point (f) of the General Data Protection Regulation (balancing of interests).

Our legitimate interest is the provision of the administrative functions of the content management system of the website.

Hosting Provider.
Ensuring the security of the IT infrastructure used for the provision of the website, in particular for the detection, elimination and conclusive documentation of incidents (e.g. DDoS attacks):

For this purpose, data are temporarily stored and evaluated in log files on our web server.

HTTP Data. No automated decision-making takes place. Article 6 paragraph 1 point (f) of the General Data Protection Regulation (balancing of interests).

Our legitimate interest is ensuring the security of the IT infrastructure used for the provision of the website, in particular for the detection, elimination and conclusive documentation of incidents (e.g. DDoS attacks).

Hosting Provider.

 

3.             Details on the recipients of personal data and the transfer of personal data to third countries and/or international organisations

Recipient Recipient’s role Recipient’s location Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations
Hosting Provider

Flywheel

1405 Harney St. #201, Omaha,

NE 68102, USA

Processor. USA. Flywheel is certified under the EU-U.S. Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L18AAAS&status=Active.

An adequacy decision by the EU Commission exists for the EU-U.S. Privacy Shield:
http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016D1250.

Use of web analysis technologies

Upon your consent, we will use web analysis technologies to record and analyse the usage behaviour on our website with the purpose of improving the website and of better achieving the website’s objectives (e.g. increase in number of page visits).

For this purpose we use cookies (à Section C).

You will find more detailed information on this in the following:

[For a multi-layer presentation of the information (“layered information”), the following information may be hidden at the first layer]

Details on personal information which are processed

Categories of personal data processed Personal data included in the categories Sources of data Obligation to provide the data Storage duration
Google Analytics HTTP Data. Protocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the web analysis tool Google Analytics is used.

These include IP address, type and version of your internet browser, operating system used, site accessed before visiting the site (referrer URL), date and time of the visit.

User of the website. Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation to provide the data.

If the data is not provided, we cannot carry out a web analysis by means of Google Analytics.

IP anonymisation is used on this website for the use of the web analysis tool Google Analytics. This means that the IP address transmitted via the browser for technical reasons is anonymised before being stored by shortening the IP address (by deleting the last octet of the IP address).
Google Analytics Cookie Data. Data stored on the user’s device in cookies for the web analysis tool Google Analytics.

These include a unique visitor ID for recognising returning visitors.

Section C.III. for more detailed information about the contents of the cookies used)

User of the website. Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation to provide the data.

If the data is not provided, we cannot carry out a web analysis by means of Google Analytics.

We store this information as part of the Google Analytics Profile Data (see below).

See Section C.III. for information on the validity period of the cookies used.

Google Analytics Profile Data. Data generated by the web analysis tool Google Analytics and stored in pseudonym usage profiles.

These include data about the use of the website, in particular page visits, frequency of visits and time spent on the pages visited under allocation to the unique visitor ID of the respective visitor contained in the Google Analytics Cookie Data.

Generated by us. 26 months.

 

Details on the processing of personal data

Purpose of the processing of personal data Categories of personal data processed Automated decision-making Legal basis and, where applicable, legitimate interests Recipient
Improvement of the website and further achievement of the objectives of the website (e.g. increase in number of page visits).

For this purpose, the behaviour of users on our website is recorded and analysed in pseudonymised form. Users of the website are marked in pseudonymised form so that they can be recognised again on the website. Pseudonymised usage profiles are created from this information. The pseudonymised usage profiles are not combined with data regarding the bearer of the pseudonym.

The objective of this process is to examine where users come from, which areas of the website they visit and how often and how long which subpages and categories are looked at.

For these purposes we use the web analysis tool Google Analytics provided by Google.

For these purposes, cookies of the web analysis tool are used.

Section C.III. for detailed information about the purposes of the cookies used)

Google Analytics HTTP Data, Google Analytics Cookie Data, Google Analytics Profile Data. No automated decision-making takes place. Article 6 paragraph 1 point (a) of the General Data Protection Regulation (Consent). Google.

 

Details on the recipients of personal data and the transfer of personal data to third countries and/or international organisations

Recipient Recipient’s role Recipient’s location Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations
Google:

Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

Processor. USA. Google is certified under the EU-U.S. Privacy Shield:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.An adequacy decision by the EU Commission exists for the EU-U.S. Privacy Shield:
http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016D1250.

 

 

Use of third-party provider plug-ins (e.g. online map service plug-ins)

So-called “third-party provider plug-ins” are embedded in the website, with which you can use functions on the website offered by third-party providers. The plug-ins are embedded in the website by way of a “2-click solution”. With this solution, the relevant plug-in is not activated directly when the website is accessed, but first when you click on the activation button provided for the relevant plug-in.

If you activate a third-party plug-in, you use a function offered by the provider of the respective plug-in under their own responsibility, which is only visually embedded in the presentation of our website. When activating the respective plug-in, the provider of the respective plug-in may receive personal data from you. When activating the respective plug-in, the provider of the respective plug-in may also use cookies. (à Section C).

You receive more detailed information on this below:

[For a multi-layer presentation of the information (“layered information”), the following information may be hidden at the first layer]

Third-party provider plug-ins embedded in the website

The following third-party provider plug-ins are embedded in the website, with which you can use the functions on the website offered by third-party providers:

Plug-in Third-party provider Further information of the provider of the plug-in Adequacy decision or suitable or appropriate safeguards for transfers to third countries and/or international organisations
Google Maps Google:

Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

More detailed information on the function can be found in the provider’s description:

https://developers.google.com/maps/.

Additional information on data processing by the provider can be found in the Data Protection Information of the provider:

https://www.google.com/policies/privacy/

Google is certified under the EU-U.S. Privacy Shield:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.An adequacy decision by the EU Commission exists for the EU-U.S. Privacy Shield:
http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016D1250.

 

Processing of personal data by provider of the third-party provider plug-in

The third-party provider plug-ins are embedded in the website by means of a “2-click solution”. With this solution, the relevant plug-in is not activated directly when the website is accessed, but only when you click on the activation button provided for the relevant plug-in. The activation button contains the designation of the relevant plug-in and, if applicable, a logo of the third-party provider.

It is ensured with the 2-click solution that your internet browser does not initially connect to the servers of the provider of the relevant plug-in when you access the website. When you access the website, the provider of the relevant plug-in therefore initially cannot collect any personal data regarding you via the relevant plug-in. The relevant plug-in is first activated when you click on the button provided for activating the relevant plug-in. Once activated, a connection is made to the servers of the provider of the relevant plug-in. The provider of the relevant plug-in can also receive personal data from you when the relevant plug-in is activated. The activation of the relevant plug-in can be compared technically with clicking on a link to an external website, with the difference that the content requested in the process does not appear in a new window/tab of your internet browser, but visually embedded in our website. The data exchange initiated by you by activating and using the plug-in only takes place between your internet browser and the servers of the provider of the relevant plug-in. If you activate a third-party provider plug-in, you therefore use the function offered by the provider of the relevant plug-in under its responsibility, which is visually embedded in the layout of our website.

When the relevant plug-in is activated, the provider of the relevant plug-in can (comparable to accessing an external website via a link) in particular receive your IP address and the address (URL) of the website, from where you carried out the activation. The provider of the relevant activated plug-in can also receive information from any cookies of the relevant provider stored in your internet browser. The provider of the relevant plug-in can therefore, due to the activation of the relevant plug-in initiated by you, already receive at least the information that our website has been accessed from the IP address allocated to you at the time of access. If you are registered as a user with the relevant third-party provider, the provider of the relevant plug-in can also normally allocate the data received to your user account. We advise you that we do not have any knowledge about the specific purposes of the processing of data collected by the provider of the relevant plug-in or about any further details of the data processing of the relevant provider. In particular, we also do not know whether the relevant provider only processes the data collected to provide the function of the relevant plug-in (e.g. to share certain content or to make a comment) or beyond this for any other purposes (e.g. to create usage profiles or to personalise advertising).