Thank you so much for your interest in our company. Data protection is of especially great importance to the executive managers of the company who published this website: Merete GmbH. Merete GmbH web pages can generally be used without providing any personal data. However, should a data subject wish to utilise special services provided by our company via our website, the processing of personal data could become necessary. In cases where the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain the consent of the data subject.

Personal data, such as a data subject’s name, address, e-mail address or telephone number, is always processed in accordance with the General Data Protection Regulation as well as the country-specific data protection provisions applicable to Merete GmbH. Our company uses this data privacy policy to provide the public with information on the nature, scope and purpose of the personal data we collect, use and process. This privacy policy also serves to notify data subjects of their rights in this regard.

As the controller, Merete GmbH has implemented numerous technical and organisational measures to ensure that any personal data processed through this website is as comprehensively protected as possible. Even so, security loopholes are a general possibility with online data transmission, so absolute protection cannot be guaranteed. For this reason, all data subjects are welcome to transmit personal data to us via other channels, such as over the phone.

Definition of terms

Merete GmbH’s privacy policy is based on the terms used by European legislators and regulators when issuing the General Data Protection Regulation (GDPR). We intend for our privacy policy to be easy to read and understand, both for the public and for our customers and business partners. To ensure such clarity, we would like to begin by explaining certain terminology.

We use the following terms, among others, in this privacy policy:

1) Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified directly or indirectly, in particular by referencing an identifying characteristic such as a name, an identification number, location data, an online ID or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2) Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

3) Processing

Processing means any operation or set of operations which is performed with or without automated assistance on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, utilisation, disclosure by transmission, dissemination or any other form of provision, alignment or combination, restriction, erasure or destruction.

4) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.

5) Profiling

Profiling is any form of automated processing of personal data that consists of using such personal data to assess certain personal characteristics relating to a natural person, in particular to analyse or predict characteristics relating to that natural person’s career, financial situation, health, personal preferences, interests, reliability, behaviour, location or movements.

6) Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that it can no longer be attributed to a specific data subject without employing additional information, provided that this additional information is stored separately and is subject to technical and organisational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person.

7) Controller or agent responsible for processing

The controller or agent responsible for processing is the natural person or legal entity, public authority, agency or other body which determines the purposes and means of personal data processing, whether alone or jointly with others. Insofar as the means and purposes of such processing are specified by European Union or Member State law, the controller or the criteria governing the controller’s selection may be specified under European Union or Member State law.

8) Contract processor

A contract processor is a natural or legal entity, public authority, agency or other body which processes personal data on behalf of the controller.

9) Recipient

A recipient is a natural or legal entity, public authority, agency or other body to whom personal data is disclosed, regardless of whether that recipient is a third party or not. However, when public authorities receive personal data in context of a specific investigation under European Union or Member State law, they shall not be considered recipients.

10) Third parties

A third party is a natural or legal entity, public authority, agency or body other than the data subject, controller, processor or person authorised to process the personal data under the direct responsibility of the controller or processor.

11) Consent

Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes in the form of a declaration or a similarly clear confirmatory action through which the data subject communicates their agreement to the processing of their personal data.

Name and address of the controller

The controller, as defined by the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union, and other provisions of a data protection nature, is:

Issued by: Merete GmbH
Address: Alt-Lankwitz 102
DE-12247 Berlin
Tel.: +49 30 77 99 80-0
E-Mail: service@merete.de
Website: www.merete.de

Name and address of the data protection officer

The data protection officer of the controller is:

Data protection officer: Annett Janatsch
Address: Alt-Lankwitz 102
DE-12247 Berlin
Tel.: +49 30 77 99 80-0
E-Mail: datenschutz@merete.de
Website: www.merete.de

Any data subject may contact our Data Protection Officer directly at any time with questions or suggestions regarding data protection.

Cookies

Merete GmbH websites use cookies. Cookies are text files that are stored on a computer system through an Internet browser.

Numerous websites and servers use cookies. Many of those cookies contain a cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a character string through which websites and servers can be linked to the specific Internet browser on which the cookie was stored. This makes it possible for visited websites and servers to distinguish the data subject’s individual browser from other browsers, which contain different cookies. The unique cookie allows recognition and identification of a specific web browser.

Using cookies allows Merete GmbH to provide users of this website with more user-friendly services that would not be possible without such cookies.

Cookies make it possible to tailor information and services offered on our website to user interests. As mentioned, cookies allow us to recognise users of our website when they return. The purpose of such recognition is to facilitate usage of our website. For example, users of websites that use cookies do not need to re-enter their login information each time, because the website and the cookie stored on the user’s computer system handle that. Another example is a shopping-cart cookie in an online shop: the online shop uses a cookie to remember the articles that a customer has placed in the virtual shopping cart.

We also use cookies on our website that enable analysis of user surfing behaviour.

The user data collected in this manner is pseudonymised via technological means. As such, the data can no longer be associated with the accessing user. The data is not stored together with any of the user’s other personal data.

When accessing our website, the user is notified of our use of cookies for analytical purposes, and the user’s consent is obtained for processing of personal data in this context. Reference will be made to this privacy policy in this context as well.

The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6(1)(a) GDPR.

Data subjects may prevent our website from setting cookies (and thereby permanently prevent cookies from being set) at any time by changing the corresponding settings on the web browser they use. Moreover, cookies that have already been set may be deleted at any time via a browser or other software programs. This can be done in all conventional Internet browsers. In some circumstances, deactivating the setting of cookies in the browser being used may prevent the data subject from making full use of all functions of our website.

Collection of general data and information

The Merete GmbH website collects a range of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the server’s log files. The following information may be collected: (1) the browser types and versions used, (2) the operating system used on the accessing system, (3) the website from which an accessing system reaches our website (referrer), (4) the sub-pages on our website accessed by an accessing system, (5) the date and time of website access, (6) the Internet protocol (IP) address, (7) the Internet service provider of the accessing system and (8) other similar data and information which can help us defend against attacks on our information technology systems.

Merete GmbH does not draw any conclusions about the data subject when using this general data and information. Instead, this information is required in order to (1) deliver the content of our website correctly, (2) optimise the content of our website and advertising of it, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack. As such, Merete GmbH evaluates this anonymous data and information statistically, and also with the aim of increasing data protection and security at our company, in order to ensure optimum protection of the personal data we process. Anonymous server log file data is stored separately from any personal data provided by a data subject.

The processing of personal data is based on our legitimate interest in providing our contractually agreed services and optimising our online presence.

You can also visit this website without providing any personal information. However, in order to improve our online presence, we store your (non-personally identifiable) access data on this website. Such access data includes which files you request or the name of your Internet provider. This data is anonymised and therefore cannot be used to draw conclusions about your identity.

SSL encryption

We use state-of-the-art encryption methods (e.g., SSL) over HTTPS to protect the security of your data during transmission.

Newsletter subscription

Users can subscribe to our company’s newsletter on Merete GmbH’s website. The personal data transmitted to the controller when subscribing to the newsletter is determined by the input mask used for this purpose.

Merete GmbH uses a newsletter to provide customers and business partners with regular updates regarding company developments. Data subjects can generally only receive our company newsletter if they (1) have a valid e-mail address and (2) register for the newsletter. For legal reasons, data subjects receive a confirmation e-mail to their registered e-mail address as part of a double opt-in procedure when they first sign up to receive the newsletter. This confirmation e-mail is used to check whether the owner of the e-mail address, as the data subject, has authorised receipt of the newsletter.

When a user registers for the newsletter, we also store the IP address assigned by the Internet service provider (ISP) to the computer system used by the data subject at the time of registration, as well as the date and time of their registration. The collection of this data is necessary in order to be able to trace any (potential) subsequent misuse of the data subject’s e-mail address and thus serves as a legal safeguard for the controller.

The personal data collected in the context of newsletter registration will only be used to send our newsletter. Newsletter subscribers may also receive e-mail notifications if such notifications are necessary for newsletter service operation or if registration becomes necessary in this regard, for example in the event of changes to the newsletter service or the technical conditions of its delivery. The personal data collected as part of the newsletter service is not passed on to third parties. Data subjects may cancel their subscriptions to our newsletter at any time. Data subjects may revoke their consent at any time to the storage of personal data that they have provided us for purposes of sending the newsletter. Each newsletter contains a corresponding link for purposes of revoking said consent. It is also possible to unsubscribe at any time directly on the controller’s website, or by contacting the controller by other means.

Some parts of our newsletter may contain promotional material.

Newsletter tracking

Merete GmbH newsletters contain what are known as tracking pixels. A tracking pixel is a miniature graphic that is embedded in e-mails sent in HTML format to enable log file recording and analysis. This allows statistical evaluation of the success or failure of online marketing campaigns. Merete GmbH can use the embedded tracking pixel to determine whether and when a data subject opened an e-mail and which links in the e-mail the data subject accessed.

The controller stores and evaluates personal data collected via newsletter tracking pixels in order to optimise newsletter dispatch and tailor future newsletter content to data subject interests even more effectively. This personal data will not be passed on to third parties. Data subjects may revoke the declaration of consent they gave specifically in this context at any time using the double opt-in method. Upon revocation of this consent, this personal data will be deleted by the controller. Merete GmbH automatically interprets cancellations of newsletter subscriptions as revocations of consent.

Registration on our website

Data subjects have the option to register on the controller’s website by providing personal data. The specific personal data transmitted to the controller in this context is determined by the input mask used for registration. Any personal data entered by the data subject will be collected and saved by the controller exclusively for its own purposes and for internal use. The controller may arrange for transfer to one or more processors, such as a parcel service provider, which will also use the personal data exclusively for internal purposes attributable to the controller.

Registering on the controller’s website will also result in collection of information on the IP address assigned by the data subject’s Internet service provider (ISP), as well as on the date and time of registration. This data will be stored in order to prevent misuse of our services and, if necessary, to enable the investigation of any criminal offences committed. As such, storage of this data is necessary as a safeguard measure for the controller. As a general rule, such data will not be passed on to third parties unless there is a legal obligation to do so or the transfer serves the purpose of criminal prosecution.

Having data subjects voluntarily provide personal data as part of the registration process allows the controller to offer content or services to the data subject that by nature can only be provided to registered users. Registered persons are free at any time to change the personal data provided at the time of registration, or to have the data completely deleted from the controller’s data records.

The controller shall provide data subjects with information on which of their personal data has been stored upon request at any time. The controller shall also correct or delete personal data at the request of the data subject, unless there are any statutory retention obligations to the contrary. All employees of the controller are available to the data subject as contact persons in this context.

Contact options via the website

In accordance with legal requirements, Merete GmbH’s website contains information that enables users to contact our company quickly and communicate directly with us via electronic means; this also includes a general address for electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject will be saved automatically. Any such personal data that a data subject supplies to the controller voluntarily shall be stored for processing purposes or purposes of contacting the data subject. This personal data will not be passed on to third parties.

Comment function in the website blog

Merete GmbH offers users the opportunity to leave comments on individual posts on a blog found on the controller’s website. A blog is an online, usually publicly accessible portal in which one or more people (called bloggers or web bloggers) can post articles or write thoughts in what are called blog posts. Blog posts can generally be commented on by third parties.

If a data subject leaves a comment on the blog published on this website, information on the time the comment was posted and the user name (pseudonym) chosen by the data subject is stored and published in addition to the comment left by the data subject. The IP address assigned by the data subject’s Internet service provider (ISP) is also logged. Such IP address logging is done for security reasons and in case a comment submitted by the data subject infringes upon third-party rights or contains illegal content. The storage of this personal data is therefore in the data controller’s own interest, in that it potentially allows the controller to exculpate itself in the event of such legal infringements. Personal data collected in this context will not be passed on to third parties unless such transfer is required by law or serves to defend the controller’s legal rights.

Subscribing to comments on the website blog

Third parties can generally subscribed to comments made on Merete GmbH’s blog. In particular, commentators can subscribe to comments that follow their own on a particular blog post.

If a data subject decides to subscribe to comments, the controller responsible for processing sends an automatic confirmation e-mail as a double-opt-in method of verifying that the owner of the given e-mail address actually made this decision. Subscriptions to comments can be cancelled at any time.

Routine deletion and blocking of personal data

The controller only processes and stores personal data of the data subject for the period necessary to achieve the purpose of storage, or insofar as has been provided for under European or other laws or regulations to which the controller is subject.

If the purpose of storage no longer applies, or if a storage period specifies by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

Rights of the data subject

1) Right of confirmation

European legislators and regulators have granted data subjects the right to obtain confirmation from the controller as to whether their personal data is being processed. If a data subject wishes to exercise this right of confirmation, he or she may contact an employee of the controller at any time.

2) Right of access

European legislators and regulators have granted data subjects the right to obtain free information from controllers at any time regarding which of their personal data has been stored, and to receive a copy of that personal data on request. Furthermore, data subjects have access to the following information under European law:

  • the purposes of processing
  • the categories of personal data being processed
  • the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations
  • If possible, the planned length of time for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
  • the existence of a right to rectification or erasure of personal data concerning them, a right to restrict processing by the controller, or a right to object to such processing
  • the existence of a right to lodge a complaint with a supervisory authority
  • if the personal data is not collected from the data subject: All available information about the origin of the data
  • Any usage of automated decision-making, including profiling, in accordance with Article 22(1) and (4) GDPR and – at least in these cases – significant information about the logic involved in such processing, its scope, and the intended effects of such processing for the data subject

Furthermore, the data subject has the right to information as to whether their personal data has been transferred to a third country or to an international organisation. If this is the case, the data subject shall also have the right to obtain information about the applicable safeguards in place in connection with said transfer. If a data subject wishes to exercise this right of access, he or she may contact an employee of the controller at any time.

3) Right to rectification

European legislators and regulators have granted data subjects the right to request the immediate correction of any inaccuracies in their personal data. Furthermore, taking the purposes of such processing into account, the data subject has the right to request completion of any incomplete personal data, including by means of a supplementary declaration. Data subjects who wish to exercise this right to rectification may contact an employee of the controller at any time.

4) Right to erasure (right to be forgotten)

Data subjects have the right under EU law to request that the controller erasure personal data concerning him or her without undue delay, provided that such processing is not necessary and that one of the following grounds applies:

  • The personal data has been collected or otherwise processed for purposes for which it is no longer necessary.
  • The data subject withdraws the consent upon which processing pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR was based, and there is no other legal basis for such processing.
  • The data subject submits an objection in accordance with Article 21(1) GDPR, and there are no overriding legitimate grounds for processing, or the data subject submits an objection pursuant to Art. 21(2) GDPR.
  • The personal data has been unlawfully processed.
  • The erasure of personal data is necessary for compliance with a legal obligation under European Union or Member State law to which the controller is subject.
  • The personal data has been processed in relation to services offered by an information society in accordance with Art. 8(1) GDPR.

If any of the above reasons applies and a data subject wishes to prompt the erasure of personal data stored by Merete GmbH, the data subject may contact an employee of the controller at any time. The Merete GmbH employee shall arrange for prompt compliance with the erasure request. Taking into account the available technology and the implementation costs, if the personal data has been made public by Merete GmbH and our company is the controller pursuant to Art. 17(1) GDPR, Merete GmbH shall take reasonable measures, including technical measures, to notify other data controllers who process the published personal data that the data subject has requested that these other data controllers delete all links to this personal data or copies or replications of this personal data, insofar as such processing is not necessary. The Merete GmbH employee shall arrange for the necessary measures in individual cases.

5) Right to restriction of processing

European legislators and regulators have granted all data subjects the right to request that the controller restrict processing of their personal data if one of the following conditions is met:

The data subject contests the accuracy of the personal data, and does so for a period that enables the controller to check the accuracy of said personal data.

Such processing is unlawful; the data subject refuses erasure of the personal data and requests that its usage be restricted instead.

The controller no longer needs the personal data for the original purpose of its processing, but the data subject requires it for the establishment, exercise or defence of legal claims.

The data subject has objected to the processing pursuant to Art. 21(1) GDPR and it has not yet been determined whether the legitimate reasons of the controller override those of the data subject.

If any of the above prerequisites applies and a data subject wishes to exercise this right to restrict processing of personal data stored by Merete GmbH, the data subject may contact an employee of the controller at any time. The Merete GmbH employee shall arrange for said restriction of processing.

6) Right to data portability

European legislators and regulators have granted data subjects the right to receive any personal data they have provided to a controller in a structured, commonly used and machine-readable format. They also have the right to transfer this data to another controller without hindrance by the controller to whom the personal data was supplied, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and that the processing is carried out by automated means, insofar as such processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, when exercising their right to data portability pursuant to Art. 20(1) GDPR, the data subject has the right to have the personal data transferred directly from one controller to another controller, insofar as this is technically feasible and provided that this does not impair the rights and freedoms of other persons. To assert the right to data portability, the data subject may contact an employee of Merete GmbH at any time.

7) Right to object

European legislators and regulators have granted data subjects the right to object at any time, on grounds relating to their specific situations, to any processing of their personal data performed on the basis of Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions. Merete GmbH shall no longer process the personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for processing that override the interests, rights and freedoms of the data subject, or unless the processing serves the purpose of asserting, exercising or defending legal claims. If Merete GmbH processes personal data for direct marketing purposes, the data subject shall have the right to object to the processing of personal data for the purpose of such advertising at any time. This also applies to profiling insofar as it is associated with such direct advertising. If the data subject objects to processing by Merete GmbH for direct marketing purposes, Merete GmbH will no longer process the personal data for those purposes. In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to the processing of his or her personal data by Merete GmbH for scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) GDPR, unless such processing is necessary for the performance of a task in the public interest. In order to exercise the right to object, the data subject may contact any Merete GmbH employee or another employee directly. In connection with the usage of information society services, data subjects also have the right to exercise their right of objection via automated means using technical specifications, Directive 2002/58/EC notwithstanding.

8) Specific cases involving automated decision-making, including profiling

European legislators have granted all data subjects who are affected by processing of personal data the right not to be subject to decisions based solely on profiling or other automated processing that will affect them legally or cause them significant restrictions in a similar vein, provided that such decisions (1) are not necessary for the conclusion or performance of a contract between the data subject and the controller; or (2) are permitted under European Union or Member State laws to which the controller is subject, and that such laws contain appropriate measures to safeguard the data subject’s rights, freedoms and legitimate interests; or (3) are based on the data subject’s explicit consent. If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is made with the express consent of the data subject, Merete GmbH shall take appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, including (at minimum) the right to secure intervention on the part of a person representing the controller, to state their own position and to contest the decision. If the data subject wishes to exercise their right to withdraw consent, they may contact an employee of the controller at any time.

9) Right to withdraw consent under data protection law

European law has granted any data subject affected by processing of personal data to withdraw his or her consent to the processing such personal data at any time. If the data subject wishes to exercise his or her right to withdraw consent, he or she may contact an employee of the controller at any time.

Data protection on applications and during the application process

The controller collects and processes the personal data of applicants for the purpose of completing the application process. Processing may also be carried out electronically. This is particularly the case if an applicant sends corresponding application documents to the controller via electronic means, such as by e-mail or through an online form on the website. If the applicant enters into an employment agreement with the controller, the transferred data will be stored for the purpose of establishing the employment relationship in compliance with statutory regulations. If the applicant does not enter into an employment agreement with the controller, the application documents will be deleted automatically two months after the rejection notification has been sent, provided that the controller has no other legitimate interests that would oppose its deletion. Other legitimate interests in this sense include, for example, an obligation to provide evidence in proceedings in accordance with the General Equal Treatment Act (AGG).

Use of Google Analytics

This website uses Google Analytics, a web analysis service from Google Inc. (hereinafter: Google). Google Analytics uses “cookies”, i.e. text files that are stored on your computer to allow analysis of your use of the website. In most cases, the information the cookie generates about your use of this website is transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymisation on these websites, Google will first truncate your IP address within Member States of the European Union or in other states party to the European Economic Area Treaty. The full IP address will only be transferred to a Google server in the USA and truncated there in exceptional cases. Google will use this information on behalf of the operator of this website to analyse your website usage, compile reports on website activity, and provide the website operator with other services related to website and Internet usage. The IP address your browser transmits as part of Google Analytics will not be associated with other Google data.

The purposes of data processing consist of evaluating website usage and compiling reports on website activity. Further associated services will then be provided on the basis of the use of the website and the Internet. Such processing is done on the basis of the website operator’s legitimate interests.

You can prevent the storage of cookies by setting your browser software accordingly; however, please be advised that this may prevent you from making full use of all website functionalities. You can also prevent cookie-generated data relating to your website usage (incl. your IP address) from being sent to Google for processing by downloading and installing the browser plugin available through the following link: Browser add-on for deactivating Google Analytics.

Alongside or instead of the browser add-on, you can prevent Google Analytics from tracking you on our pages by clicking this link. This will install an opt-out cookie on your device. The opt-out cookie will prevent Google Analytics from collecting data on this website and this browser in the future for as long as the cookie remains installed on your browser.

Use of libraries (Webfonts)

In order to present our content correctly and in a visually appealing manner across browsers, we use website and font libraries such as Google Webfonts (https://www.google.com/webfonts/). Google Webfonts are transferred to the cache of your browser to eliminate the need for repeated loading. If the browser does not support Google Webfonts or prevents access, the content will be displayed in a standard font.

When libraries or font libraries are accessed, it automatically triggers a connection to the library operator. It is theoretically possible that the operators of such libraries collect data, but it is currently unclear whether or for what purposes this would occur.

The library operator, Google, has made their privacy policy available here: https://www.google.com/policies/privacy/

Use of HubSpot

This website uses the HubSpot CRM and marketing automation system provided by HubSpot Inc (25 1ST St Ste 200, Cambridge, MA 02141, USA) with offices in Ireland (Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland) and Germany (HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin) (hereinafter referred to as HubSpot). The legal basis for the use of HubSpot is our legitimate interest in the efficient and rapid processing of user queries and the optimisation of our online offer in accordance with Art. 6 para. 1 lit. f GDPR.

Among other things, HubSpot allows us to manage existing and potential customers as well as customer contacts. HubSpot can be used to record, organise and analyse customer interactions via email, social media or telephone. The personal data collected can be analysed and used to communicate with prospects or for marketing activities (e.g. newsletters). HubSpot may also be used to track and analyse the user behaviour of contacts on our website. Various personal information may be collected, such as IP address, browser location and type, pages viewed, and length of visit. HubSpot uses “cookies” that are stored on your computer and allow the website to analyse how you use it. The data processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR, provided that you have given your consent via our banner. This consent may be revoked at any time. Please note that if you withdraw your consent, you may not be able to fully use all the features of this website. Information about Hubspot and how it works can be found here: https://legal.hubspot.com/de/privacy-policy.

We have signed a data processing agreement (DPA) with HubSpot for the use of the above-mentioned service. The agreement is required by data protection law and ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR. Details can be found here: https://legal.hubspot.com/dpa

HubSpot has confirmed to us that data processing will only take place on servers within the EU. However, as part of our contractual relationship with HubSpot, data may be transferred to the US. The transfer of data to the U.S. is governed by the standard contractual clauses and the EU-U.S. Privacy Framework (EU-U.S. DPF). Details can be found here: https://legal.hubspot.com/eu-us-dpf

Google Ads

This website uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use conversion tracking in the scope of Google Ads. If you click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the Internet browser places on the user’s computer. These cookies lose their validity after 30 days and are not used for personal identification of users. If the user visits certain pages of this website and the cookie has not yet expired, we and Google will be able to recognise that the user has clicked on the ad and was forwarded to this page.

Each Google Ads customer receives a different cookie. The cookies cannot be tracked via the websites of Google Ads customers. The information collected using the conversion cookie is used to create conversion statistics for Google Ads customers who have elected to use conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to identify users personally. If you do not wish to participate in tracking, you can object to this use by simply opening the user settings on your Internet browser and deactivating the Google conversion tracking cookie. You will then no longer be included in the conversion tracking statistics.

Conversion cookies are stored and this tracking tool is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If corresponding consent has been requested (e.g., consent to the storage of cookies), processing takes place exclusively on the basis of Art. 6(1)(a) GDPR; the consent can be revoked at any time.

You can find more information about Google Ads and Google Conversion Tracking in Google’s data protection policy: https://policies.google.com/privacy?hl=de.

You can set your browser so that you are notified about the setting of cookies and only allow cookies in individual cases, preclude the acceptance of cookies either in general or in certain cases, and/or activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

Google Remarketing

This website uses the Google Inc. Remarketing function. The function is used to present interest-based advertisements to website visitors within the Google advertising network. A “cookie” is stored to the website visitor’s browser that allows the function to recognise visitors when they visit websites within Google’s advertising network. These pages make it possible to show visitors advertisements related to content that the visitor has previously accessed on other websites that use the Google Remarketing function.

According to Google, it does not collect any personal data as part of this process. If you still wish to be excluded from the Google Remarketing function, you can deactivate it by changing the corresponding settings under http://www.google.com/settings/ads. As an alternative, you can deactivate the use of cookies for interest-based advertising through the Advertising Network Initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp.

Legal basis for processing

Art. 6(I)(a) GDPR serves our company as the legal basis for processing operations wherein we obtain consent for a specific processing purpose. In cases where the processing of personal data is necessary for the performance of a contract to which the data subject is party (such as processing operations that are necessary for the supply of goods or the provision of another service or consideration), such processing shall be based on Art. 6(I)(b) GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, such as cases of enquiries about our products or services. If our company is subject to a legal obligation that necessitates the processing of personal data, for example the fulfilment of tax obligations, such processing is based on Art. 6(I)(c) GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a person were injured while visiting our company, thus rendering it necessary to pass that person’s name, age, health insurance data or other vital information on to a doctor, hospital or other third party. In this case, such processing would be carried out on the basis of Art. 6(I)(d) GDPR. Finally, processing could be performed on the basis of Art. 6(I)(f) GDPR. Processing operations that are not covered by any of the aforementioned legal bases are performed on this legal basis if such processing is necessary to safeguard a legitimate interest of our company or a third party, provided that such legitimate interests are not outweighed by the interests, fundamental rights and freedoms of the data subject. In particular, we are permitted to perform such processing on the basis of it having been specifically mentioned under European law. As such, European law takes the perspective that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 GDPR).

Legitimate interests in processing exercised by the controller or a third party

When personal data is processed on the basis of Article 6(I)(f) GDPR, our legitimate interest lies in conducting our business to benefit the well-being of all our employees and shareholders.

Duration for which personal data is stored

The criterion for the duration of the storage of personal data is the corresponding statutory retention period. Once that period has expired, the corresponding data is routinely deleted, provided that it is no longer required for contract initiation or fulfilment.

Statutory or contractual requirements for the provision of personal data; Necessity for the conclusion of the contract; Obligation of the data subject to provide the personal data; Possible consequences of failure to provide the data

Please be advised that the provision of personal data in some cases is required by law (e.g. tax regulations), and may also arise in connection with contractual provisions (e.g. information on the contractual partner). In some cases, conclusion of a contract may require a data subject to provide us with personal data, which we will then need to process. For example, the data subject may be obliged to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data would mean that the contract could not be concluded with the data subject. Before providing personal data, the data subject must contact one of our employees. Our employee will then clarify the data subject’s individual circumstances as regards whether the provision of personal data is contractually or legally required or necessary for conclusion of the contract, whether the data subject is obliged to provide the personal data, and what the potential consequences would be if such data is not provided.

Changes to the data privacy policy

We reserve the right to amend this privacy policy so that it always complies with the current legal requirements or in order to incorporate changes to our services, e.g. when introducing new services. The new data privacy policy will then be in effect the next time you visit.

Existence of automated decision-making

As a conscientious company, we do not use automatic decision-making or profiling.