Data Protection at a Glance
General Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. Detailed information on data protection can be found in this privacy policy.

Data Collection on This Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details in the section "Information on the Responsible Party" in this privacy policy.

How do we collect your data?
Your data is collected when you provide it to us, for example via a contact form.
Other data is automatically collected by our IT systems or after your consent when you visit the website. This mainly includes technical data (e.g., internet browser, operating system, or time of the page view). This data is collected automatically when you enter this website.

What do we use your data for?
Some of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze your user behavior.

What rights do you have regarding your data?
You have the right to receive information about the origin, recipient, and purpose of your stored personal data at any time and free of charge. You also have the right to request the correction or deletion of your data. If you have given consent to data processing, you can revoke it at any time in the future. Furthermore, under certain circumstances, you have the right to request the restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time with questions regarding your rights or the topic of data protection.

Hosting
External Hosting
This website is hosted externally. The personal data collected on this website is stored on the servers of the hosting provider(s). This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access, and other data generated via a website.

External hosting is carried out for the purpose of contract fulfillment with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of a secure, fast, and efficient provision of our online offering by a professional provider (Art. 6(1)(f) GDPR). If appropriate consent was obtained, processing is carried out exclusively based on Art. 6(1)(a) GDPR and § 25(1) TDDDG, provided that the consent includes the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

Our hosting provider(s) will only process your data to the extent necessary to fulfill their obligations and follow our instructions.

We use the following hosting provider:
One.com Group AB
VAT no. SE559205240001
Org. no. 559205-2400
Carlsgatan 3
211 20 Malmö
Sweden

Data Processing Agreement
We have entered into a data processing agreement (DPA) for the use of the above-mentioned service. This is a legally required contract ensuring that the provider processes personal data only according to our instructions and in compliance with the GDPR.

General Information and Mandatory Disclosures
Data Protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We point out that data transmission over the Internet (e.g., communication by email) may have security vulnerabilities. A complete protection of data against access by third parties is not possible.

Information on the Responsible Party
The responsible party for data processing on this website is:

Patricia Heller
Dornbreite 9c
23556 Lübeck
Germany

Phone: [Insert responsible party’s phone number]
Email: hello@patricia-heller.de

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

Storage Duration
Unless a more specific storage period has been stated in this privacy policy, your personal data will remain with us until the purpose for the data processing ceases to apply. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, deletion will take place after these reasons cease to apply.

General Information on the Legal Bases of Data Processing
If you have given your consent to data processing, we process your personal data based on Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data are processed according to Art. 9(1) GDPR. If you have explicitly consented to the transfer of personal data to third countries, data processing is also based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing is also based on § 25(1) TDDDG. Consent can be revoked at any time.

If your data is required to fulfill a contract or for pre-contractual measures, we process your data based on Art. 6(1)(b) GDPR. Furthermore, we process your data if it is necessary to fulfill a legal obligation based on Art. 6(1)(c) GDPR. Data processing may also be based on our legitimate interest according to Art. 6(1)(f) GDPR. The relevant legal bases in each individual case are explained in this privacy policy.

Note on Data Transfer to Third Countries and US Tools Not Certified Under DPF
We use tools from companies based in third countries that are not safe under data protection law and US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to these countries and processed there. We point out that these countries may not guarantee a level of data protection comparable to that of the EU.

Data Recipients
In the course of our business activities, we cooperate with various external parties. Sometimes this involves transferring personal data to these parties. We only pass on personal data if it is necessary for the fulfillment of a contract, we are legally obligated, we have a legitimate interest in the data transfer according to Art. 6(1)(f) GDPR, or if another legal basis permits the data transfer. When using processors, we only pass on personal data of our customers based on a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

Withdrawal of Your Consent to Data Processing
Many data processing operations are only possible with your explicit consent. You can revoke your consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS, AND FREEDOMS OR THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS (OBJECTION UNDER ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSES OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS ASSOCIATED WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21(2) GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority
In the event of violations of the GDPR, data subjects have a right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or place of the alleged infringement. The right to lodge a complaint is without prejudice to any other administrative or judicial remedies.

Right to Data Portability
You have the right to receive the data that we process automatically on the basis of your consent or in fulfillment of a contract, in a commonly used, machine-readable format, either to yourself or to a third party. If you request the direct transfer of the data to another controller, this will only be done to the extent technically feasible.

Right to Access, Rectification, and Erasure
You have the right, within the scope of the applicable legal provisions, to free information about your stored personal data, its origin and recipients, and the purpose of the data processing, and, if applicable, a right to rectification or erasure of this data. For this and other questions on the topic of personal data, you can contact us at any time.

Right to Restrict Processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time to exercise this right. The right to restriction applies in the following cases:

If you contest the accuracy of your personal data stored with us, we usually need time to verify this. During the verification period, you have the right to request the restriction of the processing of your personal data.

If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.

If we no longer need your personal data, but you need it to exercise, defend, or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.

If you have lodged an objection under Art. 21(1) GDPR, a balance must be struck between your interests and ours. As long as it is not yet determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may – apart from being stored – only be processed with your consent or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

SSL or TLS Encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the address line of the browser changing from "http://" to "https://" and by the lock icon in your browser line.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Data Collection on This Website

Cookies
Our websites use so-called "cookies." Cookies are small data packages and do not harm your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your device until you delete them or your web browser automatically deletes them.

Cookies may be set by us (first-party cookies) or by third-party companies (third-party cookies). Third-party cookies allow certain third-party services to be integrated into websites (e.g., cookies for handling payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or video display). Other cookies may be used to analyze user behavior or for advertising purposes.

Cookies necessary for the electronic communication process, for providing certain functions you have requested (e.g., for the shopping cart function), or for optimizing the website (e.g., cookies for measuring the web audience) are stored based on Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent for the storage of cookies and similar recognition technologies has been requested, processing is based exclusively on this consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG); consent can be revoked at any time.

You can configure your browser to inform you about the setting of cookies, allow cookies only in individual cases, exclude the acceptance of cookies for specific cases or in general, and enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

You can find out which cookies and services are used on this website in this privacy policy.

Contact Form
If you send us inquiries via the contact form, your information from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in effectively processing inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if it was requested; consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g., after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

Inquiry via Email, Phone, or Fax
If you contact us by email, phone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in effectively handling inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if it was requested; consent can be revoked at any time.

The data sent to us via contact inquiries remains with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions – especially statutory retention periods – remain unaffected.

Data Collection on This Website

[...] (Cookies, Contact Form, Email, Phone unchanged)

Typeform
We have integrated Typeform on this website. The provider is TYPEFORM S.L., Carrer Bac de Roda, 163, 08018 Barcelona, Spain (hereinafter referred to as "Typeform").

Typeform allows us to create and embed online forms on our website. The data you enter into Typeform forms will be stored on Typeform's servers until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g., after we have completed processing your request). Mandatory legal provisions – in particular retention periods – remain unaffected.

The use of Typeform is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in functioning online forms. If appropriate consent was obtained, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, to the extent that the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

Data Processing Agreement
We have concluded a data processing agreement (DPA) with Typeform. This is a contract required by data protection law that ensures Typeform processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Calendly
On our website, you have the option to schedule appointments with us. We use the tool "Calendly" for booking appointments. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter referred to as "Calendly").

To schedule an appointment, you enter the requested data and your preferred date and time into the form provided. The data you enter will be used for planning, conducting, and, if necessary, following up on the appointment. The appointment data will be stored on Calendly’s servers. Calendly's privacy policy can be found at: https://calendly.com/privacy.

The data entered will remain with us until you request deletion, revoke your consent, or the purpose of the data storage no longer applies. Mandatory legal provisions – especially retention periods – remain unaffected.

The legal basis for data processing is Art. 6(1)(f) GDPR. The website operator has a legitimate interest in making the scheduling of appointments with interested parties and customers as easy as possible. If appropriate consent was obtained, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG; consent can be revoked at any time.

The transfer of data to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://calendly.com/pages/dpa.

Data Processing Agreement
We have concluded a data processing agreement (DPA) with Calendly. This legally required contract ensures that Calendly processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Data Collection on This Website

[...] (Cookies, Contact Form, Email, Phone, Typeform, Calendly unchanged)

Social Media

Facebook
Elements of the Facebook social network are integrated on this website. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Facebook, the collected data may also be transferred to the USA and other third countries.

An overview of the Facebook social media elements can be found here: https://developers.facebook.com/docs/plugins/

When the social media element is active, a direct connection between your device and the Facebook server is established. Facebook thereby receives the information that you have visited this website with your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can link the content of this website to your Facebook profile. Facebook can thereby associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. Further information can be found in Facebook’s privacy policy: https://facebook.com/privacy/explanation

The use of this service is based on your consent in accordance with Art. 6(1)(a) GDPR and § 25(1) TDDDG. The consent can be revoked at any time.

Where personal data is collected on our website using the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of data and its transfer to Facebook. The subsequent processing by Facebook is not part of the joint responsibility. The obligations incumbent on us jointly were set out in a joint processing agreement. The wording of the agreement can be found here: https://www.facebook.com/legal/controller_addendum

According to this agreement, we are responsible for providing privacy information when using the Facebook tool and for implementing the tool on our website in a way that is compliant with data protection laws. Facebook is responsible for the data security of Facebook products. Data subject rights (e.g. access requests) regarding the data processed by Facebook can be exercised directly with Facebook. If you assert data subject rights with us, we are obliged to forward them to Facebook.

The data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum
https://de-de.facebook.com/help/566994660333381
https://www.facebook.com/policy.php

Meta is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that ensures compliance with European data protection standards for data processing in the USA. Every DPF-certified company commits to adhering to these data protection standards. Further information can be found here:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

Instagram
Functions of the Instagram service are integrated on this website. These functions are provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When the social media element is active, a direct connection between your device and the Instagram server is established. Instagram thereby receives information about your visit to this website.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. Instagram can thereby associate your visit to this website with your user account. We point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data and its use by Instagram.

The use of this service is based on your consent according to Art. 6(1)(a) GDPR and § 25(1) TDDDG. The consent can be revoked at any time.

Where personal data is collected on our website using the tool described here and forwarded to Facebook/Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection and forwarding of the data to Facebook/Instagram. The subsequent processing by Facebook/Instagram is not part of the joint responsibility. Our joint obligations are specified in a joint processing agreement. The wording of the agreement can be found here:
https://www.facebook.com/legal/controller_addendum

According to this agreement, we are responsible for providing privacy information when using the Facebook/Instagram tool and for implementing the tool on our website in a data protection-compliant manner. Facebook is responsible for the data security of Facebook and Instagram products. Data subject rights (e.g. access requests) regarding the data processed by Facebook/Instagram can be asserted directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

The data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum
https://privacycenter.instagram.com/policy/
https://de-de.facebook.com/help/566994660333381

Further information can be found in Instagram’s privacy policy:
https://privacycenter.instagram.com/policy/

Meta is certified under the EU-US Data Privacy Framework (DPF). More information:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

LinkedIn
This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Each time a page containing LinkedIn elements is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited this website with your IP address. If you click the LinkedIn "Recommend" button and are logged into your LinkedIn account, LinkedIn is able to associate your visit to this website with you and your user account. We point out that we have no knowledge of the content of the transmitted data or its use by LinkedIn.

The use of this service is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TDDDG. The consent can be revoked at any time.

The data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details:
https://www.linkedin.com/help/linkedin/answer/a1343190

Further information can be found in LinkedIn’s privacy policy:
https://www.linkedin.com/legal/privacy-policy

Newsletter

Newsletter Data
If you would like to receive the newsletter offered on the website, we need your email address and information that allows us to verify that you are the owner of the provided email address and agree to receive the newsletter. No further data is collected or only on a voluntary basis. We use newsletter service providers described below to handle the newsletter.

MailerLite
This website uses MailerLite for the dispatch of newsletters. The provider is MailerLite Limited, "MailerLite", 38 Mount Street Upper, Dublin 2, D02PR89, Ireland (hereinafter referred to as "MailerLite").

MailerLite is a service with which, among other things, the sending of newsletters can be organized and analyzed. The data you enter for the purpose of subscribing to the newsletter is stored on MailerLite’s servers.

If you do not want your usage of the newsletter to be analyzed by MailerLite, you must unsubscribe from the newsletter. We provide a corresponding link in every newsletter message for this purpose.

Data Analysis by MailerLite
With the help of MailerLite, we can analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links were clicked. In this way, we can determine, among other things, which links are clicked most often.

We can also recognize whether certain predefined actions were taken after opening/clicking (conversion rate). This allows us to see whether you made a purchase after clicking the newsletter.

MailerLite also allows us to subdivide newsletter recipients based on various categories ("clustering"). This includes division by gender, personal preferences (e.g., vegetarian or non-vegetarian), or customer relationship (e.g., customer or potential customer). This allows the newsletters to be better adapted to the respective target groups.

For detailed information on the functions of MailerLite, see:
https://www.mailerlite.com/features

The privacy policy of MailerLite can be found at:
https://www.mailerlite.com/legal/privacy-policy

Legal Basis
Data processing is based on your consent (Art. 6(1)(a) GDPR). You may revoke your consent at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

Storage Duration
The data provided to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. Data stored by us for other purposes remains unaffected.

After unsubscribing from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider if such storage is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and is not merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is indefinite. You can object to the storage if your interests outweigh our legitimate interest.

Data Processing Agreement
We have concluded a data processing agreement (DPA) with MailerLite. This is a contract required by data protection law that ensures MailerLite processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Plugins and Tools

Zapier
We have integrated Zapier on this website. The provider is Zapier Inc., Market St. #62411, San Francisco, CA 94104-5401, USA (hereinafter referred to as "Zapier").

Zapier allows us to connect various functionalities, databases, and tools with our website and synchronize them. For example, it enables us to automatically post content published on our website to our social media channels or export content from marketing and analytics tools. Depending on functionality, Zapier may also collect various personal data.

The use of Zapier is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the most efficient integration of the tools used. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, provided that the consent includes the storage of cookies or access to information on the user's end device (e.g., device fingerprinting) as defined by the TDDDG. The consent can be revoked at any time.

The data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://zapier.com/tos

Data Processing Agreement
We have concluded a data processing agreement (DPA) with Zapier. This legally required contract ensures that Zapier processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

eCommerce and Payment Providers

Processing of Customer and Contract Data
We collect, process, and use personal customer and contract data for the initiation, content arrangement, and modification of our contractual relationships. We collect, process, and use personal data regarding the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill the user.

The legal basis for this is Art. 6(1)(b) GDPR.

The collected customer data will be deleted after completion of the order or termination of the business relationship and expiration of any existing statutory retention periods. Statutory retention obligations remain unaffected.

Audio and Video Conferencing

Data Processing
For communication with our customers, we use, among other tools, online conferencing platforms. The specific tools we use are listed below. When you communicate with us via video or audio conference over the Internet, your personal data is collected and processed by us and the provider of the respective conferencing tool.

The conferencing tools collect all data that you provide/use to use the tools (email address and/or phone number). Furthermore, the tools process the duration of the conference, start and end (time) of participation, number of participants, and other contextual information related to the communication process (metadata).

Additionally, the tool provider processes all technical data required for handling the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and connection type.

If content is exchanged, uploaded, or otherwise shared within the tool, it is also stored on the tool provider’s servers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared while using the service.

Please note that we do not have complete control over the data processing operations of the tools used. Our capabilities largely depend on the corporate policies of the respective provider. Further information on data processing by the conferencing tools can be found in the privacy policies of the respective tools used, listed below.

Purpose and Legal Basis
The conferencing tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6(1)(b) GDPR). The use of these tools also serves to simplify and expedite communication with us or our company (legitimate interest in accordance with Art. 6(1)(f) GDPR). If consent has been requested, the use of the tools concerned is based on this consent; consent may be revoked at any time with effect for the future.

Storage Duration
The data collected directly by us via the video and conferencing tools will be deleted from our systems as soon as you request deletion, revoke your consent to storage, or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence on the storage duration of your data that is stored by the operators of the conferencing tools for their own purposes. For details, please consult the privacy policies of the respective conferencing tools.

Conferencing Tools Used

Zoom
We use Zoom. The provider is Zoom Communications Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. For details on data processing, please refer to Zoom’s privacy policy:
https://explore.zoom.us/en/privacy/

The data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://explore.zoom.us/en/privacy/

Data Processing Agreement
We have entered into a data processing agreement (DPA) with Zoom. This contract is required by data protection law and ensures that Zoom processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Google Meet
We use Google Meet. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on data processing, please refer to Google’s privacy policy:
https://policies.google.com/privacy?hl=en

Google is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Each DPF-certified company commits to these standards. More info:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Data Processing Agreement
We have entered into a data processing agreement (DPA) with Google. This legally required contract ensures that Google processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

PRIVACY POLICY